Mandriva Directory Server (MDS) + VMware Server 2 + Debian lenny Часть 4

SAMBA

# /etc/init.d/samba stop
Stopping Samba daemons: nmbd smbd.

Копируем конфиги от MMC:
# cp /usr/share/doc/python-mmc-base/contrib/samba/smb.conf /etc/samba/

Редактируем:
# vim /etc/samba/smb.conf
==============
[global]
workgroup = IT
netbiosname = PDC-IT
preferred master = yes
os level = 65
wins support = yes
enable privileges = yes
timeserver = yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
log level = 3
null passwords = yes
security = user
# unix charset = ISO8859-1
name resolve order = bcast host
domain logons = yes
domain master = yes
printing = cups
printcap name = cups
logon path = \\%N\profiles\%U
logon script = logon.bat
logon drive = H:
map acl inherit = yes
nt acl support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
obey pam restrictions = no
ldap admin dn = cn=admin,dc=lxf,dc=su
ldap suffix = dc=lxf,dc=su
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = yes
# ldap delete dn = yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n
add user script = /usr/sbin/smbldap-useradd -m "%u"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add machine script = /usr/lib/mmc/add_machine_script '%u'
delete user script = /usr/sbin/smbldap-userdel "%u"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
acl group control = yes


[homes]
comment = Home directories
browseable = no
writeable = yes
create mask = 0700
directory mask = 0700
hide files = /Maildir/

[public]
comment = Public share
path = /home/samba/shares/public
browseable = yes
public = yes
writeable = yes

[archives]
comment = Backup share
path = /home/samba/archives
browseable = yes
public = no
writeable = no

[printers]
comment = Printers
path = /tmp
browseable = no
public = yes
guest ok = yes
writeable = no
printable = yes

[print$]
comment = Drivers
path = /var/lib/samba/printers
browseable = yes
guest ok = yes
read only = yes
write list = Administrator,root,@lpadmin

[netlogon]
path = /home/samba/netlogon
public = yes
writeable = yes
browseable = no

[profiles]
path = /home/samba/profiles
writeable = yes
create mask = 0700
directory mask = 0700
browseable = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/

[partage]
comment = aucun
path = /home/samba/partage
browseable = yes
public = no
writeable = yes

[www]
path = /usr/share/mmc
writeable = yes
admin users = Administrator, ADSL\Administrator
create mask = 0777
directory mask = 0777
browseable = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
==============

Тестируем:
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[public]"
Processing section "[archives]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[partage]"
Processing section "[www]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

Все ок.

Даем самбе права на чтение ldap.
# smbpasswd -w example
Setting stored password for "cn=admin,dc=lxf,dc=su" in secrets.tdb

Получаем SID:
# net getlocalsid IT
SID for domain ADSL is: S-1-2-51-6367416939-3848486559-4512677050

Проверим регистрацию SID в ldap:
# slapcat | grep sambaDomainName
dn: sambaDomainName=IT,dc=lxf,dc=su
sambaDomainName: IT

# /etc/init.d/samba start
Starting Samba daemons: nmbd smbd.

C самбой - все!