Samba: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 45: | Line 45: | ||
unix charset = UTF-8 | unix charset = UTF-8 | ||
log level = 3 | log level = 3 | ||
min protocol = SMB2 | |||
client max protocol = SMB3 | client max protocol = SMB3 | ||
rpc_server:epmapper = daemon | rpc_server:epmapper = daemon | ||
| Line 66: | Line 67: | ||
</pre> | </pre> | ||
}} | }} | ||
You only need this when not using [[SSSD]]. | You only need this when not using [[SSSD]]. | ||
| Line 116: | Line 98: | ||
List domain groups. | List domain groups. | ||
{{Root|wbinfo -g}} | {{Root|wbinfo -g}} | ||
== Creating a share == | |||
{{File|/etc/samba/shares.conf| | |||
<pre> | |||
[testshare] | |||
comment = Testshare | |||
path = /mnt/storage/testshare | |||
valid users = YOURDOMAIN\username, @YOURDOMAIN\groupname | |||
write list = @YOURDOMAIN\groupname | |||
writeable = No | |||
guest ok = Yes | |||
browseable = Yes | |||
force create mode = 0775 | |||
force directory mode = 0775 | |||
</pre> | |||
}} | |||
{{Root|cd /mnt/storage/}} | |||
{{Root|chown root:domain-users testshare}} | |||
{{Root|chmod chmod 0775 testshare}} | |||
== Further Reading == | == Further Reading == | ||
| Line 121: | Line 123: | ||
*[[kerberos]] - Kerberos configuration for authenticating users against ADS | *[[kerberos]] - Kerberos configuration for authenticating users against ADS | ||
*[[SSSD]] - Authenticate system users against ADS | *[[SSSD]] - Authenticate system users against ADS | ||
Latest revision as of 11:49, 29 June 2017
Description
This is a short howto about connecting a Linux machine via Samba to an Windows ADS Domain.
Dependencies
USE-Flags
File: /etc/portage/package.use
net-nds/openldap kerberos samba net-fs/samba -cups addns ads ldap winbind
Installation
# emerge samba
Configuration
See kerberos for the required kerberos configuration.
File: /etc/conf.d/samba
Only needed when not using systemd (e.g. Gentoo sysvinit/baselayout)
daemon_list="smbd nmbd winbind"
File: /etc/samba/smb.conf
[global]
workgroup = YOURDOMAIN
netbios name = HOSTNAME
server string = HOSTNAME
realm = YOURDOMAIN.LOCAL
security = ADS
encrypt passwords = yes
client use spnego = yes
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config YOURDOMAIN : backend = rid
idmap config YOURDOMAIN : range = 15000 - 49999
winbind use default domain = yes
wins server = xxx.xxx.xxx.xxx
dos charset = 850
unix charset = UTF-8
log level = 3
min protocol = SMB2
client max protocol = SMB3
rpc_server:epmapper = daemon
domain master = no
local master = no
preferred master = no
os level = 0
# printing disabled
load printers = no
printcap name = /dev/null
disable spoolss = yes
# printing enabled
load printers = yes
printing = cups
printcap name = cups
disable spoolss = no
include = /etc/samba/shares.conf
You only need this when not using SSSD.
File: /etc/nsswitch.conf
passwd: compat winbind shadow: compat winbind group: compat winbind
Join the ADS Domain
# net ads join -U Administrator
and enter the domain-administrator password.
Finalize
# /etc/init.d/samba start
# rc-update add samba default
Testing
Show information about the domain.
# net ads info
Show online status of the domain.
# wbinfo --online-status
Show current DC.
# wbinfo --getdcname YOURDOMAIN.LOCAL
Verify that the workstation trust account is working.
# wbinfo -t
List domain users.
# wbinfo -u
List domain groups.
# wbinfo -g
File: /etc/samba/shares.conf
[testshare]
comment = Testshare
path = /mnt/storage/testshare
valid users = YOURDOMAIN\username, @YOURDOMAIN\groupname
write list = @YOURDOMAIN\groupname
writeable = No
guest ok = Yes
browseable = Yes
force create mode = 0775
force directory mode = 0775
# cd /mnt/storage/
# chown root:domain-users testshare
# chmod chmod 0775 testshare