Re: [sisyphus] Самба и гости

ALT Linux Sisyphus discussions
 help / color / mirror / Atom feed

From: Alex Gorbachenko <agent_007@immo.ru>
To: sisyphus@lists.altlinux.org
Subject: Re: [sisyphus] Самба и гости
Date: Wed, 30 May 2007 15:56:21 +0400
Message-ID: <20070530155621.79fdd05b@satellite> (raw)
In-Reply-To: <465D419D.30903@reutman.ru>

[-- Attachment #1: Type: text/plain, Size: 2408 bytes --]

On Wed, 30 May 2007 13:19:25 +0400
Alexey wrote:

>хорошо, тогда подскажите как это сделать?
>Потому-что при том раскладе который у меня без "запроса паролей и
>прочей чепухи" заходят только те, для которых есть одноимённые
>локальные юзеры

считаем что начальная настройка kerberos и join в домен не составляют
трудности. но, на всякий случай приведу пример своего krb5.conf:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = REALM
 dns_lookup_realm = true
 dns_lookup_kdc = true

[realms]
 REALM = {
  kdc = pserver1:88
  admin_server = pserver1:749
  default_domain = realm
 }

[domain_realm]
 .realm = REALM
 realm = REALM

[kdc]
 profile = /var/lib/kerberos/krb5kdc/kdc.conf

[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false

smb.conf:

[global]
   workgroup = REALM
   netbios name = myhost
   server string =  Samba server on %h (v. %v)
   printcap name = cups
   load printers = yes
   printing = cups
   log file = /var/log/samba/log.%m
   max log size = 50
   security = ADS
        realm = REALM
        auth methods = winbind
        password server = PSERVER
        local master = No
        domain master = No
        inherit acls = Yes
        map acl inherit = Yes
        case sensitive = No
        nt acl support = yes
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  winbind uid = 10000-20000
  winbind gid = 10000-20000
  winbind use default domain = true
  template homedir = /home/%D/%U
  template shell = /bin/bash
  socket options = TCP_NODELAY
  dns proxy = no
  use sendfile = yes

[homes]
   comment = Home Directory for '%u'
   browseable = no
   writable = yes
[ftp]
        comment = ftp piblic area
        path = /var/ftp
        guest ok = yes
        writable = no

в /etc/nsswitch.conf :

passwd:     files winbind nisplus nis
shadow:     tcb files winbind nisplus nis
group:      files winbind nisplus nis


после правки конфигов необходимо сделать kinit и net ads join.

service smb start;
service winbind start;

если всё сделано правильно, wbinfo -u покажет всех доменных
пользователей, а wbinfo -g - доменные группы.

-- 
np: Radakka - Night Crawler

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2007-05-30 11:56 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-30  8:09 Alexey Sidorov
2007-05-30  9:10 ` Alex Gorbachenko
2007-05-30  9:19   ` Alexey Sidorov
2007-05-30 11:56     ` Alex Gorbachenko [this message]
2007-05-30 12:52       ` Alex Gorbachenko
2007-05-30 13:00         ` Alexey Sidorov
2007-05-30 13:15           ` Alex Gorbachenko
2007-05-30 13:36             ` Alexey Sidorov
2007-05-30 13:53               ` Eugene Ostapets
2007-05-31  7:13             ` Michael Shigorin
2007-08-03 12:41               ` Alexey Shabalin
2007-08-05 19:33                 ` Michael Shigorin
2007-08-06 11:02                   ` Alexey Shabalin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070530155621.79fdd05b@satellite \
    --to=agent_007@immo.ru \
    --cc=sisyphus@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Sisyphus discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
		sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
	public-inbox-index sisyphus

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sisyphus


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git