This is an old revision of the document!
[gate:~] # pkg_add -r samba3 [gate:~] # cat /etc/rc.conf … nmbd_enable="YES" smbd_enable="YES" winbindd_enable="NO" … [gate:~] # rehash [gate:~] # сd /usr/local/etc/
root@gate:~# apt-get install samba root@gate:~# cd /etc/samba/
server# cat smb.conf
[global] unix charset = UTF-8 dos charset = cp866 workgroup = CORPX security = user map to guest = Bad User [share] path = /usr/share guest ok = Yes
server# testparm
server# mkdir /var/samba server# cat smb.conf
[global] workgroup = CORPX security = user hosts allow = 192.168.X. map to guest = Bad User [share] path = /var/samba guest ok = yes read only = no force user = nobody
server# chown -R nobody /var/samba
server# testparm
gate# adduser user1 ... gate# adduser userN gate# smbpasswd -a user1 ... gate# smbpasswd -a userN gate# pdbedit -w -L gate# cat smb.conf
[global] workgroup = CORPX security = user [share] path = /var/samba # valid users = user1, ... ,userN valid users = @wheel force user = nobody read only = No
gate# mkdir /var/samba gate# chown -R nobody /var/samba
Или для всех пользователей с домашними каталогами
[global] workgroup = CORPX security = user [homes] read only = no
!!! В FreeBSD samba должна быть скомпилирована с поддержкой ADS !!!
server# kadmin -l kadmin> add -r cifs/gate.corpX.un kadmin> add -r cifs/gate.CORPX.UN kadmin> ext -k gatecifs.keytab cifs/gate.corpX.un kadmin> ext -k gatecifs.keytab cifs/gate.CORPX.UN
server# kadmin.local kadmin.local: addprinc -randkey cifs/gate.corpX.un kadmin.local: addprinc -e rc4-hmac:normal -randkey cifs/gate.CORPX.UN kadmin.local: ktadd -k gatecifs.keytab cifs/gate.corpX.un kadmin.local: ktadd -k gatecifs.keytab cifs/gate.CORPX.UN
server# scp gatecifs.keytab student@gate:
Login: gatecifs Password: Pa$$w0rd
Пароль не меняется и не устаревает
Устанавливаем Microsoft Windows Support Tools
Название сервиса HTTP обязательно заглавными буквами
C:\>ktpass -princ cifs/gate.corpX.un@CORPX.UN -mapuser gatecifs -pass 'Pa$$w0rd' -out gatecifs.keytab
C:\>pscp gatecifs.keytab student@gate:
gate# ktutil copy ~student/gatecifs.keytab /etc/krb5.keytab gate# ktutil list
root@gate:~# ktutil ktutil: rkt /usr/student/gatecifs.keytab ktutil: list ktutil: wkt /etc/krb5.keytab ktutil: quit root@gate:~# klist -k /etc/krb5.keytab
[gate.corpX.un:~] # cat /usr/local/etc/smb.conf [global] # CHOOSE ONE FROM # kerberos method = system keytab #Ubuntu # use kerberos keytab = yes #FreeBSD realm = CORPX.UN security = ads [homes] read only = no [share] path = /var/samba valid users = @group1 read only = no force user = nobody
NTLM авторизация в Microsoft AD
gate# cat smb.conf ... [homes] read only = no [share] path = /var/samba # valid users = CORPX\user1, CORPX\Administrator valid users = "@CORPX\domain users" read only = no force user = nobody