naos 2017/10/26 01:17

SAMBA

# nano /etc/samba/smb.conf

[global]
workgroup = GROUP
domain = DOMAIN.TLD
security = user
netbios name = USER
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw

[Anonymous]
path = /samba/anonymous
browsable =yes
writable = yes
guest ok = yes
read only = no

# mkdir -p /samba/anonymous

# systemctl enable smb.service

# systemctl enable nmb.service

# systemctl restart smb.service

# systemctl restart nmb.service

# cd /samba

# chmod -R 0755 anonymous/

# chown -R nobody:nobody anonymous/

# nano /etc/samba/smb.conf

[secured]
path = /samba/secured
valid users = @securedgroup
guest ok = no
writable = yes
browsable = yes

# mkdir -p /samba/secured

# groupadd securedgroup

# useradd USER -G securedgroup

# cd /samba

# chmod -R 0750 secured/

# chown -R USER:securedgroup /samba/secured/

# smbpasswd -a USER

# systemctl restart smb.service

# systemctl restart nmb.service

SAMBA avec LDAP

# yum install smbldap-tools

# nano /etc/samba/smb.conf

[global]
server string = USER
workgroup = GROUP
netbios name = USER
security = user
hosts allow = 192.168.20.
max log size = 5000
domain master = yes
domain logons = yes
preferred master = yes
wide links = yes
unix extensions = no
lanman auth = yes
local master = no

[ldap]
ldap ssl = off
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://192.168.0.15/
ldap admin dn = cn=MANAGER,dc=DOMAIN,dc=TLD
ldap suffix = dc=DOMAIN,dc=TLD
ldap user suffix = ou=USERS
ldap group suffix = ou=GROUPS

[Anonymous]
path = /samba/anonymous
browsable =yes
writable = yes
guest ok = yes
read only = no

[secured]
path = /samba/secured
valid users = @securedgroup, john
guest ok = no
writable = yes
browsable = yes

[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775

# ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/doc/samba-4.6.2/LDAP/samba.ldif

# net getlocalsid

CODE_SAMBA

Récupérer le code précédent pour l'ajouter dans http://127.0.0.1/phpldapadmin,

* add new value d'un utilisateur: sambaSamAccount

CODE_SAMBA + un chiffre unique ou le UID de l'utilisateur

* new attribu sambaLMPassword : attribuer un mot de passe

* new attribu sambaNTPassword : attribuer un mot de passe

* new attribu sambaPwdLastSet : mettre à 1

  • samba_ldap.txt
  • Dernière modification: 2017/10/26 23:56
  • par naos