User Tools
файловые_сервисы_unix_для_пользователей_windows
This is an old revision of the document!
Table of Contents
Файловые сервисы UNIX для пользователей Windows
Установка
FreeBSD
[gate:~] # pkg_add -r samba3 [gate:~] # cat /etc/rc.conf … nmbd_enable="YES" smbd_enable="YES" winbindd_enable="NO" … [gate:~] # rehash [gate:~] # сd /usr/local/etc/
Ubuntu
root@gate:~# apt-get install samba root@gate:~# cd /etc/samba/
Публичный каталог доступный на чтение
FreeBSD/Ubuntu
gate# cat smb.conf
[global] workgroup = CORPX security = share [share] path = /usr/share guest ok = yes
или
[global] workgroup = CORPX security = user map to guest = Bad User [share] path = /usr/share guest ok = Yes
gate# testparm
Публичный каталог доступный на запись
FreeBSD/Ubuntu
gate# mkdir /var/samba gate# cat smb.conf
[global] workgroup = CORPX security = share hosts allow = 192.168.X. [share] path = /var/samba guest ok = yes read only = no
gate# chmod 777 /var/samba
или
[global] workgroup = CORPX security = user hosts allow = 192.168.X. map to guest = Bad User [share] path = /var/samba guest ok = yes read only = no force user = nobody
gate# chmod -R nobody:nobody /var/samba
gate# testparm
Идентификация доступа к файловому серверу на основе копии базы данных учетных записей (smbd должен быть запущен)
gate# adduser user1 ... gate# adduser userN gate# smbpasswd -a user1 ... gate# smbpasswd -a userN gate# cat smb.conf
[global]
workgroup = CORPX
security = user
[user]
path = /var/samba
valid users = user1, ... ,userN
# valid users = @groupsamba
# force user = nobody #if need all files owned by single user
read only = No
gate# mkdir /var/samba gate# chown -r nobody /var/samba
Или для всех пользователей с домашними каталогами
[global]
workgroup = CORPX
security = user
[homes]
read only = no
Идентификация доступа к файловому серверу на основе регистрации в AD
WINBIND синхронизация пользователей с Microsoft AD
gate# cat smb.conf
...
[user_write]
path = /tmp
valid users = CORPX\user1, CORPX\Administrator
read only = no
[group_write]
path = /tmp
valid users = "@CORPX\domain users"
read only = no
force user = nobody
GSSAPI
add -r cifs/gate.corp13.un
add -r cifs/gate.CORP13.UN
ext -k gatecifs.keytab cifs/gate.corp13.un
ext -k gatecifs.keytab cifs/gate.CORP13.UN
kadmin.local: addprinc -randkey cifs/gate.corp13.un
kadmin.local: addprinc -e rc4-hmac:normal -randkey cifs/gate.CORP13.UN
kadmin.local: ktadd -k gatecifs.keytab cifs/gate.corp13.un
kadmin.local: ktadd -k gatecifs.keytab cifs/gate.CORP13.UN
[gate.corp13.un:~] # cat /usr/local/etc/smb.conf
[global]
# CHOOSE ONE FROM
# kerberos method = system keytab
# use kerberos keytab = yes
realm = CORP13.UN
security = ads
[homes]
read only = no
[group_write]
path = /tmp
valid users = @group1
read only = no
force user = nobody
user2@client2:~$ smbclient -k //gate.corp13.un/homes
root@client2.corp13.un:~# chmod +s /sbin/mount.cifs
root@client2.corp13.un:~# chmod +s /sbin/umount.cifs
user2@client2:~$ mkdir mnt/
user2@client2:~$ mount.cifs //gate.corp13.un/homes mnt --verbose -o sec=krb5
user2@client2:~$ umount.cifs mnt/
root@client2.corp13.un:~# cat /etc/fstab
...
//gate.corp13.un/homes mnt cifs rw,user,noauto,sec=krb5 0 0
user2@client2:~$ mount mnt
user2@client2:~$ umount mnt
файловые_сервисы_unix_для_пользователей_windows.1285838950.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
