Полезное:


Главная / How-To / SysAdmin / Контроллер домена сети Windows и Linux машин
Контроллер домена сети Windows и Linux машин

Дано:
Сеть холдинга с большим количеством виндовых и линукс машин. Пользователи храняться в LDAP (там же и эккаунты рабочих станций windows).
Пользовательские домашние каталоги хранятся в /home/company/username
Пользовательские winпрофили хранятся в /home/company/username/.msprofile
Профили перемещаемые.
LDAP сервер находится по адресу 192.168.1.3

Кроме установки серверов Samba, OpenLDAP нужно установить утилиту samba-tools, тогда у winпользователей будет возможность менять пароль по CTRL-ALT-DEL.

Для linux пользователей нужно настроить авторизацию входа через LDAP установив модуль PAM_LDAP (в openSUSE это можно сделать на стадии установки ОС), для монтирования домашнего каталога нужно установить модуль PAM_MOUNT.
# cat /etc/samba/smb.conf
[global]
        #log level = 2
        workgroup = HOLDING
        netbios name = UNIVERS
        server string = holding
        security = user
        admin users = root admin
        time server = yes
        passdb backend = ldapsam:ldap://192.168.1.3
        ldap suffix = dc=holding
        ldap user suffix =
        ldap group suffix =
        ldap machine suffix =
        #ldap filter = (uid=%u)
        ldap admin dn = "cn=root,dc=holding"
        ldap delete dn = no
        #ldap ssl = start tls
        domain master = yes
        domain logons = yes
        logon script = start.bat

        #logon home = \\%L\%U
        logon path = \\%L\%U\.msprofile
        #logon path =

        logon drive = H:
        # Настройка кирилицы
        dos charset = CP866
        #unix charset = KOI8-R
        unix charset = UTF8
        display charset = KOI8-R

        allow trusted domains = yes
        unix extensions = yes

        time server = yes

        ldap passwd sync = No
        unix password sync = Yes
        passwd program = /usr/sbin/smbldap-passwd -u %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        browseable = no
        guest ok = yes
        writable = no
        share modes = no

[homes]
        read only = no
        browsable = no
        guest ok = no
        nt acl support = yes
        #profile acls = yes
        acl check permittions = yes

        create mask = 0664
        force create mode = 0000
        security mask = 0777
        force security mode = 0000
        directory mask = 0775
        force directory mode = 0000
        directory security mask = 0777
        force directory security mode = 0000

        strict locking = no
        share modes = no

[users]
        comment = Holding winusers
        path = /home
        browseable = no
        writeable= yes
        guest ok = no
        nt acl support = yes
        share modes = no

        create mask = 0664
        force create mode = 0000
        security mask = 0777
        force security mode = 0000
        directory mask = 0775
        force directory mode = 0000
        directory security mask = 0777
        force directory security mode = 0000

[distr]
        comment = Software
        path = /distr
        browseable = yes
        writeable= yes
        guest ok = no
        #nt acl support = yes
        share modes = no

        acl group control = yes

        create mask = 0664
        force create mode = 0000
        security mask = 0777
        force security mode = 0000
        directory mask = 0775
        force directory mode = 0000
        directory security mask = 0777
        force directory security mode = 0000

[backup]
        comment = BackUp
        path = /backup
        browseable = yes
        writeable= yes
        guest ok = no
        #nt acl support = yes
        share modes = no

        acl group control = yes
        fstype = Samba

        create mask = 0664
        force create mode = 0000
        security mask = 0777
        force security mode = 0000
        directory mask = 0775
        force directory mode = 0000
        directory security mask = 0777
        force directory security mode = 0000


[home]
        comment = Unix userhome
        path = /home
        browseable = no
        writeable= yes
        guest ok = no
        #nt acl support = yes
        acl check permittions = yes

        create mask = 0764
        force create mode = 0644
        security mask = 0777
        force security mode = 0000
        directory mask = 0775
        force directory mode = 0000
        directory security mask = 0777
        force directory security mode = 0000

        strict locking = no
        #share modes = no

[konsul]
        comment = Консультант+
        path = /var/samba/konsul
        browseable = no
        writeable= yes

        create mask = 0666
        directory mask = 0777

        strict locking = no

[media]
        comment = Общее хранилище мультимедиа-файлов
        path = /var/samba/media
        browseable = yes
        writeable= yes

        create mask = 0777
        directory mask = 0777
        force create mode = 0777
        force directory mode = 0777

        strict locking = no

Добавлено: 2008/07/12
Обновлено: 2008/08/09

Навигация
Обо мне | Портфолио | How-To | Мои ссылки | Фотоальбом | Смешно! | Контакты Адрес: Россия, Владивосток
Тел.: +7 (4232) 51-84-81