中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

ldap+samba

發布時間:2020-06-14 20:18:54 來源:網絡 閱讀:10380 作者:krven1983 欄目:系統運維

Ldap+smb

Ldap安裝就不說了,

安裝smb

Yum install samba* -y

yum install nscd* -y

yum install nss-pam-ldapd –y

yum install epel* -y

yum install smbldap* -y

以上安裝各種匹配包

Copy 一個支持ldapsmb包到/etc/openldap/scheme

cp/usr/share/doc/samba-3.6.23/LDAP/samba.schema /etc/openldap/schema/

chown ldap:ldap /etc/openldap/schema/ -R

setup

ldap+samba

ldap+samba

Vim /etc/openldap/slapd.conf

添加一行

 

include        /etc/openldap/schema/samba.schema

修改index

index objectClass,uidNumber,gidNumber eq

index cn,sn,uid,displayName pres,sub,eq

index memberUid,mail,givenname eq,subinitial

index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq

access toattrs=userPassword,sambaLMPassword,sambaNTPassword

        by selfwrite

        byanonymous auth

        by *none

access to *

        by *read

更改ldap.conf文件

vim ldap.conf

 

#

# LDAP Defaults

#

 

# See ldap.conf(5) for details

# This file should be world readable but not worldwritable.

 

BASE dc=cxth,dc=com

#URI    ldap://ldap.example.comldap://ldap-master.example.com:666

 

#SIZELIMIT     12

#TIMELIMIT     15

#DEREF         never

 

#TLS_CACERTDIR /etc/openldap/cacerts

URI ldap://127.0.0.1/

#TLS_CACERTDIR /etc/openldap/cacerts

nss_base_passwd ou=Users,dc=cxth,dc=com?one

nss_base_passwd ou=Computers,dc=cxth,dc=com?one

nss_base_shadow ou=Users,dc=cxth,dc=com?one

nss_base_group ou=Groups,dc=cxth,dc=com?one

ldap配置文件完成重啟服務并查看端口

service slapd restart

 netstat-an|grep 389

下面開始配置smb

備份老文件

cp /etc/samba/smb.conf /etc/samba/backup_smb.conf

拷貝smbldap-tools下的smb.confsamba

cp /usr/share/doc/smbldap-tools-0.9.6/smb.conf/etc/samba/

cd /etc/samba

vim smb.conf

[global]

workgroup = cxth-pdc

netbios name = PDC

server string = Samba Server %v

log file = /var/log/samba/log.%m

security = user

encrypt passwords = Yes

obey pam restrictions = No

ldap passwd sync = Yes

log level = 3

syslog = 0

max log size = 100000

time server = Yes

socket options = TCP_NODELAY SO_RCVBUF=8192SO_SNDBUF=8192

mangling method = hash3

Dos charset = UTF-8

Unix charset = UTF-8

logon script = %U.bat

logon drive = H:

domain logons = Yes

os level = 65

preferred master = Yes

domain master = Yes

 

passdb backend = ldapsam:ldap://127.0.0.1/

ldap admin dn = cn=Manager,dc=cxth,dc=com

ldap suffix = dc=cxth,dc=com

ldap group suffix = ou=Groups

ldap user suffix = ou=Users

ldap machine suffix = ou=Computers

ldap ssl = off

ldap delete dn = Yes

add user script = /sbin/smbldap-useradd -m"%u"

add machine script = /sbin/smbldap-useradd -t 0 -w"%u"

add group script = /sbin/smbldap-groupadd -p"%g"

add user to group script = /sbin/smbldap-groupmod -m"%u" "%g"

delete user from group script = /sbin/smbldap-groupmod-x "%u" "%g"

set primary group script = /sbin/smbldap-usermod -g'%g' '%u'

############################## Homes parameters############################

[homes]

comment = repertoire de %U, %u

browseable = no

writeable = yes

read only = no

force create mode = 0700

create mode = 0700

force directory mode = 0700

directory mode = 700

############################# Netlogone parameters##########################

[netlogon]

path = /home/netlogon/

browseable = No

read only = yes

############################# Public parameters##########################

[public]

comment = Public Directory

path = /home/public/

browseable = No

writable = yes

guest ok = yes

create mask = 0777

以上是我自己的機器配置下面是網上文檔的內容

############################## Globalparameters############################

[global]

workgroup = easy-pdc

netbios name = PDC

server string = Samba Server %v

log file = /var/log/samba/log.%m

security = user

encrypt passwords = Yes

obey pam restrictions = No

ldap passwd sync = Yes

log level = 3

syslog = 0

max log size = 100000

time server = Yes

socket options = TCP_NODELAY SO_RCVBUF=8192SO_SNDBUF=8192

mangling method = hash3

Dos charset = UTF-8

Unix charset = UTF-8

logon script = %U.bat

logon drive = H:

domain logons = Yes

os level = 65

preferred master = Yes

domain master = Yes

繼續smb.conf文件內容:

詳細配置內容:

passdb backend = ldapsam:ldap://127.0.0.1/

ldap admin dn = cn=Manager,dc=easy,dc=com

ldap suffix = dc=easy,dc=com

ldap group suffix = ou=Groups

ldap user suffix = ou=Users

ldap machine suffix = ou=Computers

ldap ssl = off

ldap delete dn = Yes

add user script = /sbin/smbldap-useradd -m"%u"

add machine script = /sbin/smbldap-useradd -t 0 -w"%u"

add group script = /sbin/smbldap-groupadd -p"%g"

add user to group script = /sbin/smbldap-groupmod -m"%u" "%g"

delete user from group script = /sbin/smbldap-groupmod-x "%u" "%g"

set primary group script = /sbin/smbldap-usermod -g'%g' '%u'

############################## Homes parameters############################

[homes]

comment = repertoire de %U, %u

browseable = no

writeable = yes

read only = no

force create mode = 0700

create mode = 0700

force directory mode = 0700

directory mode = 700

############################# Netlogone parameters##########################

[netlogon]

path = /home/netlogon/

browseable = No

read only = yes

############################# Public parameters##########################

[public]

comment = Public Directory

path = /home/public/

browseable = No

writable = yes

guest ok = yes

create mask = 0777

 

創建2個目錄

# mkdir /home/netlogon

# mkdir /home/public

# service smb start

啟動 SMB 服務: [ 確定 ]

啟動 NMB 服務: [ 確定 ]

# smbpasswd -w jinbiao (這個jinbiao是在sldap.conf里配置的root密碼)

Setting stored password for"cn=Manager,dc=easy,dc=com" in secrets.tdb

使用testparm命令來測試Samba服務器是否正常啟動:

詳細操作:

# testparm

Load smb config files from /etc/samba/smb.conf

Processing section "[homes]"

Processing section "[netlogon]"

Processing section "[public]"

Loaded services file OK.

Server role: ROLE_DOMAIN_PDC

Press enter to see a dump of your service definitions

Sambldap的配置使用過程

cd /usr/share/doc/smbldap-tools-0.9.6/

chomd 777 /usr/share/doc/smbldap-tools-0.9.6/ -R

./configure.pl

運行這個命令時有2個地方需要輸入密碼就是上面的sldap.conf里的root密碼

一直運行完成

初始化smbldap

smbldap-populate

smbldap-populate

Populating LDAPdirectory for domain cxth-pdc (S-1-5-21-3536009721-1653818412-2151149546)

(using builtindirectory structure)

 

entrydc=cxth,dc=com already exist.

adding new entry: ou=Users,dc=cxth,dc=com

adding new entry:ou=Groups,dc=cxth,dc=com

adding new entry:ou=Computers,dc=cxth,dc=com

adding new entry:ou=Idmap,dc=cxth,dc=com

adding new entry:uid=root,ou=Users,dc=cxth,dc=com

adding new entry:uid=nobody,ou=Users,dc=cxth,dc=com

adding new entry:cn=Domain Admins,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Domain Users,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Domain Guests,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Domain Computers,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Administrators,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Account Operators,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Print Operators,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Backup Operators,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Replicators,ou=Groups,dc=cxth,dc=com

adding new entry:sambaDomainName=cxth-pdc,dc=cxth,dc=com

 

Please provide apassword for the domain root:

Changing UNIX andsamba passwords for root

New password:

Retype newpassword:

New passwordsdon't match!

會提醒你輸入新的密碼重復即可

smbldap-usershowuser1 查看用戶

[root@localhostopenldap]# smbclient -L 192.168.6.59 -U user2

ERROR: invalid DOScharset: 'dos charset' must not be UTF8, using (default value) CP850 instead.

Enter user2'spassword:

session setupfailed: NT_STATUS_LOGON_FAILURE

提示以上錯誤是因為user1的密碼不能是系統的密碼

需要使用

smbpasswd-a user1

smbldap_search_domain_info:Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=CXTH-PDC))]

smbldap_open_connection:connection opened

ldap_connect_system:successful connection to the LDAP server

New SMB password:

Retype new SMBpassword:

smbldap_search_domain_info:Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=CXTH-PDC))]

ldapsam_add_sam_account:User exists without samba attributes: adding them

init_ldap_from_sam:Setting entry for user: user1

ldapsam_add_sam_account:added: uid == user1 in the LDAP database

init_sam_from_ldap:Entry found for user: user1

Forcing PrimaryGroup to 'Domain Users' for user1

init_ldap_from_sam:Setting entry for user: user1

ldapsam_modify_entry:LDAP Password changed for user user1

ldapsam_update_sam_account:successfully modified uid = user1 in the LDAP database

Added user user1.

輸入一個user1smb登錄密碼

測試成功與否

smbclient -L192.168.6.59 -U user1

ERROR: invalid DOScharset: 'dos charset' must not be UTF8, using (default value) CP850 instead.

Enter user1'spassword:

Domain=[CXTH-PDC]OS=[Unix] Server=[Samba 3.6.23-25.el6_7]

 

       Sharename       Type     Comment

       ---------       ----     -------

       IPC$            IPC       IPC Service (Samba Server 3.6.23-25.el6_7)

       user1           Disk      repertoire de user1, user1

Domain=[CXTH-PDC]OS=[Unix] Server=[Samba 3.6.23-25.el6_7]

 

       Server               Comment

       ---------            -------

 

       Workgroup            Master

       ---------            -------


向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

兖州市| 临颍县| 莱西市| 土默特左旗| 石城县| 登封市| 吉安市| 武山县| 禹城市| 久治县| 柳林县| 阳春市| 贵阳市| 涿州市| 双峰县| 庄浪县| 瑞昌市| 安福县| 新干县| 辉南县| 通化市| 新平| 平陆县| 望江县| 洪江市| 余江县| 松潘县| 渝北区| 东台市| 闵行区| 吴忠市| 贡嘎县| 利津县| 抚州市| 辽阳市| 都匀市| 云霄县| 瑞丽市| 南康市| 金阳县| 南京市|