Samba: Difference between revisions

From Q
Jump to navigation Jump to search
← Older editNewer edit →
Tgurr (talk | contribs)
1,619 edits
Tgurr (talk | contribs)
1,619 edits
No edit summary
Line 5: Line 5:


== USE-Flags ==
== USE-Flags ==
{{Box File|/etc/portage/package.use|
{{File|/etc/portage/package.use|
<pre>
<pre>
net-nds/openldap kerberos samba
net-nds/openldap kerberos samba
Line 13: Line 13:


== Packages ==
== Packages ==
{{Box Code|emerge samba -pv|
{{Code|emerge samba -pv|
<pre>
<pre>
[ebuild  N    ] dev-libs/iniparser-3.0b-r2  USE="-examples -static-libs" 26 kB
[ebuild  N    ] dev-libs/iniparser-3.0b-r2  USE="-examples -static-libs" 26 kB
Line 32: Line 32:


== Installation ==
== Installation ==
{{Codeline|# emerge samba}}
{{Root|emerge samba}}


== Configuration ==
== Configuration ==
{{Box File|/etc/krb5.conf|
{{File|/etc/krb5.conf|
<pre>
<pre>
[libdefaults]
[libdefaults]
Line 61: Line 61:
}}
}}


{{Box File|/etc/conf.d/samba|
{{File|/etc/conf.d/samba|
<pre>
<pre>
daemon_list="smbd nmbd winbind"
daemon_list="smbd nmbd winbind"
Line 67: Line 67:
}}
}}


{{Box File|/etc/samba/smb.conf|
{{File|/etc/samba/smb.conf|
<pre>
<pre>
[global]
[global]
Line 89: Line 89:
}}
}}


{{Box File|/etc/samba/shares.conf|
{{File|/etc/samba/shares.conf|
<pre>
<pre>
[testshare]
[testshare]
Line 101: Line 101:
}}
}}


{{Box File|/etc/nsswitch.conf|
{{File|/etc/nsswitch.conf|
<pre>
<pre>
passwd:      compat winbind
passwd:      compat winbind
Line 110: Line 110:


== Join the ADS Domain ==
== Join the ADS Domain ==
{{Codeline|# net ads join -U Administrator}} and enter the domain-administrator password.
{{Root|net ads join -U Administrator}} and enter the domain-administrator password.


== Finalize ==
== Finalize ==
{{Codeline|# /etc/init.d/samba start}}
{{Root|/etc/init.d/samba start}}


{{Codeline|# rc-update add samba default}}
{{Root|rc-update add samba default}}


== Further Reading ==
== Further Reading ==

Revision as of 15:16, 27 July 2011

Description

This is a short howto about connecting a Linux machine via Samba to an Windows ADS Domain.

Dependencies

USE-Flags

File: /etc/portage/package.use
net-nds/openldap kerberos samba
net-fs/samba -cups addns ads ldap winbind

Packages

Code: emerge samba -pv 
[ebuild  N     ] dev-libs/iniparser-3.0b-r2  USE="-examples -static-libs" 26 kB
[ebuild  N     ] sys-apps/keyutils-1.4-r1  39 kB
[ebuild  N     ] dev-libs/libgpg-error-1.10  USE="nls -common-lisp -static-libs" 429 kB
[ebuild  N     ] app-text/build-docbook-catalog-1.6  4 kB
[ebuild  N     ] dev-libs/libgcrypt-1.5.0_beta1-r2  USE="-static-libs" 1,146 kB
[ebuild  N     ] app-text/docbook-xsl-stylesheets-1.76.1  3,597 kB
[ebuild  N     ] app-crypt/mit-krb5-1.9-r4  USE="keyutils pkinit threads -doc -openldap -test -xinetd" 11,610 kB
[ebuild  N     ] dev-libs/libxslt-1.1.26-r1  USE="crypt python -debug" 3,322 kB
[ebuild  N     ] virtual/krb5-0  0 kB
[ebuild  N     ] sys-libs/tdb-1.2.7-r1  USE="python -static-libs -tdbtest -tools" 443 kB
[ebuild  N     ] sys-libs/talloc-2.0.5  USE="python -compat" 357 kB
[ebuild  N     ] net-nds/openldap-2.4.24  USE="berkdb crypt ipv6 kerberos perl samba ssl tcpd -cxx -debug -experimental -gnutls -icu -iodbc -minimal -odbc -overlays -sasl (-selinux) -slp -smbkrb5passwd -syslog" 5,118 kB
[ebuild  N     ] net-fs/samba-3.5.8-r1  USE="acl addns ads aio client ldap netapi pam readline server smbclient winbind -avahi -caps -cluster -cups -debug -doc -examples -fam -ldb -quota -smbsharemodes -smbtav2 -swat -syslog" 30,014 kB

Installation

# emerge samba

Configuration

File: /etc/krb5.conf
[libdefaults]
        ticket_lifetime = 600
        default_realm = YOURDOMAIN.LOCAL

[realms]
        YOURDOMAIN.LOCAL = {
        kdc = domaincontroller.yourdomain.local:88
        admin_server = domaincontroller.yourdomain.local:464
        }

[domain_realm]
        .yourdomain.local = YOURDOMAIN.LOCAL

[kdc]
        profile = /etc/krb5kdc/kdc.conf

[logging]
        default = SYSLOG:NOTICE:DAEMON
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log
File: /etc/conf.d/samba
daemon_list="smbd nmbd winbind"
File: /etc/samba/smb.conf
[global]
        workgroup = YOURDOMAIN
        netbios name = HOSTNAME
        server string = HOSTNAME
        realm = YOURDOMAIN.LOCAL
        security = ADS
        encrypt passwords = yes
        password server = domaincontroller.yourdomain.local
        client use spnego = yes
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        winbind use default domain = yes
        wins server = xxx.xxx.xxx.xxx
        dos charset = 850
        unix charset = UTF-8

include = /etc/samba/shares.conf
File: /etc/samba/shares.conf
[testshare]
        comment = Testshare
        path = /mnt/testshare
        valid users = YOURDOMAIN\username, @YOURDOMAIN\groupname
        writeable = No
        guest ok = Yes
        browseable = Yes
File: /etc/nsswitch.conf
passwd:      compat winbind
shadow:      compat winbind
group:       compat winbind

Join the ADS Domain

# net ads join -U Administrator

and enter the domain-administrator password.

Finalize

# /etc/init.d/samba start
# rc-update add samba default

Further Reading

  • Squid - Authentificate Squid users against ADS
  • pam_krb5 - Authentificate System users against ADS
  • not available yet - Manage your Samba shares in a MySQL database and administer them via a webinterface
Retrieved from "https://q-old.deltaquadrant.org/index.php?title=Samba&oldid=3358"