Дано:
Сеть холдинга с большим количеством виндовых и линукс машин. Пользователи храняться в LDAP (там же и эккаунты рабочих станций windows).
Пользовательские домашние каталоги хранятся в /home/company/username
Пользовательские winпрофили хранятся в /home/company/username/.msprofile
Профили перемещаемые.
LDAP сервер находится по адресу 192.168.1.3
Кроме установки серверов Samba, OpenLDAP нужно установить утилиту samba-tools, тогда у winпользователей будет возможность менять пароль по CTRL-ALT-DEL.
Для linux пользователей нужно настроить авторизацию входа через LDAP установив модуль PAM_LDAP (в openSUSE это можно сделать на стадии установки ОС), для монтирования домашнего каталога нужно установить модуль PAM_MOUNT.
# cat /etc/samba/smb.conf
[global]
#log level = 2
workgroup = HOLDING
netbios name = UNIVERS
server string = holding
security = user
admin users = root admin
time server = yes
passdb backend = ldapsam:ldap://192.168.1.3
ldap suffix = dc=holding
ldap user suffix =
ldap group suffix =
ldap machine suffix =
#ldap filter = (uid=%u)
ldap admin dn = "cn=root,dc=holding"
ldap delete dn = no
#ldap ssl = start tls
domain master = yes
domain logons = yes
logon script = start.bat
#logon home = \\%L\%U
logon path = \\%L\%U\.msprofile
#logon path =
logon drive = H:
# Настройка кирилицы
dos charset = CP866
#unix charset = KOI8-R
unix charset = UTF8
display charset = KOI8-R
allow trusted domains = yes
unix extensions = yes
time server = yes
ldap passwd sync = No
unix password sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
browseable = no
guest ok = yes
writable = no
share modes = no
[homes]
read only = no
browsable = no
guest ok = no
nt acl support = yes
#profile acls = yes
acl check permittions = yes
create mask = 0664
force create mode = 0000
security mask = 0777
force security mode = 0000
directory mask = 0775
force directory mode = 0000
directory security mask = 0777
force directory security mode = 0000
strict locking = no
share modes = no
[users]
comment = Holding winusers
path = /home
browseable = no
writeable= yes
guest ok = no
nt acl support = yes
share modes = no
create mask = 0664
force create mode = 0000
security mask = 0777
force security mode = 0000
directory mask = 0775
force directory mode = 0000
directory security mask = 0777
force directory security mode = 0000
[distr]
comment = Software
path = /distr
browseable = yes
writeable= yes
guest ok = no
#nt acl support = yes
share modes = no
acl group control = yes
create mask = 0664
force create mode = 0000
security mask = 0777
force security mode = 0000
directory mask = 0775
force directory mode = 0000
directory security mask = 0777
force directory security mode = 0000
[backup]
comment = BackUp
path = /backup
browseable = yes
writeable= yes
guest ok = no
#nt acl support = yes
share modes = no
acl group control = yes
fstype = Samba
create mask = 0664
force create mode = 0000
security mask = 0777
force security mode = 0000
directory mask = 0775
force directory mode = 0000
directory security mask = 0777
force directory security mode = 0000
[home]
comment = Unix userhome
path = /home
browseable = no
writeable= yes
guest ok = no
#nt acl support = yes
acl check permittions = yes
create mask = 0764
force create mode = 0644
security mask = 0777
force security mode = 0000
directory mask = 0775
force directory mode = 0000
directory security mask = 0777
force directory security mode = 0000
strict locking = no
#share modes = no
[konsul]
comment = Консультант+
path = /var/samba/konsul
browseable = no
writeable= yes
create mask = 0666
directory mask = 0777
strict locking = no
[media]
comment = Общее хранилище мультимедиа-файлов
path = /var/samba/media
browseable = yes
writeable= yes
create mask = 0777
directory mask = 0777
force create mode = 0777
force directory mode = 0777
strict locking = no
