Samba: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 42: | Line 42: | ||
dos charset = 850 | dos charset = 850 | ||
unix charset = UTF-8 | unix charset = UTF-8 | ||
log level = 3 | log level = 3 | ||
max protocol = SMB2 | max protocol = SMB2 | ||
| Line 52: | Line 49: | ||
preferred master = no | preferred master = no | ||
os level = 0 | os level = 0 | ||
client signing = yes | |||
kerberos method = secrets and keytab | |||
password server = yourdc.yourdomain.local | |||
# printing disabled | |||
load printers = no | |||
printcap name = /dev/null | |||
disable spoolss = yes | |||
# printing enabled | |||
load printers = yes | |||
printing = cups | |||
printcap name = cups | |||
disable spoolss = no | |||
include = /etc/samba/shares.conf | include = /etc/samba/shares.conf | ||
| Line 69: | Line 82: | ||
}} | }} | ||
You only need this when not using [[sssd]]. | |||
{{File|/etc/nsswitch.conf| | {{File|/etc/nsswitch.conf| | ||
<pre> | <pre> | ||
| Line 88: | Line 102: | ||
*[[Squid]] - Authentificate Squid users against ADS | *[[Squid]] - Authentificate Squid users against ADS | ||
*[[kerberos]] - Kerberos configuration for authentificating users against ADS | *[[kerberos]] - Kerberos configuration for authentificating users against ADS | ||
*[[ | *[[sssd]] - Authentificate System users against ADS | ||
*[[not available yet]] - Manage your Samba shares in a MySQL database and administer them via a webinterface | *[[not available yet]] - Manage your Samba shares in a MySQL database and administer them via a webinterface | ||
Revision as of 12:07, 13 May 2013
Description
This is a short howto about connecting a Linux machine via Samba to an Windows ADS Domain.
Dependencies
USE-Flags
File: /etc/portage/package.use
net-nds/openldap kerberos samba net-fs/samba -cups addns ads ldap winbind
Installation
# emerge samba
Configuration
See kerberos for the required kerberos configuration.
File: /etc/conf.d/samba
daemon_list="smbd nmbd winbind"
File: /etc/samba/smb.conf
[global]
workgroup = YOURDOMAIN
netbios name = HOSTNAME
server string = HOSTNAME
realm = YOURDOMAIN.LOCAL
security = ADS
encrypt passwords = yes
client use spnego = yes
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config YOURDOMAIN : backend = rid
idmap config YOURDOMAIN : range = 15000 - 49999
winbind use default domain = yes
wins server = xxx.xxx.xxx.xxx
dos charset = 850
unix charset = UTF-8
log level = 3
max protocol = SMB2
rpc_server:epmapper = daemon
domain master = no
local master = no
preferred master = no
os level = 0
client signing = yes
kerberos method = secrets and keytab
password server = yourdc.yourdomain.local
# printing disabled
load printers = no
printcap name = /dev/null
disable spoolss = yes
# printing enabled
load printers = yes
printing = cups
printcap name = cups
disable spoolss = no
include = /etc/samba/shares.conf
File: /etc/samba/shares.conf
[testshare]
comment = Testshare
path = /mnt/testshare
valid users = YOURDOMAIN\username, @YOURDOMAIN\groupname
writeable = No
guest ok = Yes
browseable = Yes
You only need this when not using sssd.
File: /etc/nsswitch.conf
passwd: compat winbind shadow: compat winbind group: compat winbind
Join the ADS Domain
# net ads join -U Administrator
and enter the domain-administrator password.
Finalize
# /etc/init.d/samba start
# rc-update add samba default
Further Reading
- Squid - Authentificate Squid users against ADS
- kerberos - Kerberos configuration for authentificating users against ADS
- sssd - Authentificate System users against ADS
- not available yet - Manage your Samba shares in a MySQL database and administer them via a webinterface