Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
— |
admin_grundlagen:samba-member [2014/02/20 19:28] (aktuell) |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== PDC ====== | ||
+ | Vorraussetzung: weiterer Rechner ist [[samba-pdc]] oder [[samba-ldap-pdc]] | ||
+ | ====== Domänen-Mitglied ohne Winbind ====== | ||
+ | (nicht empfohlen) | ||
+ | ===== Pakete ===== | ||
+ | samba | ||
+ | |||
+ | ===== Konfiguration ===== | ||
+ | ''/etc/samba/smb.conf'' : | ||
+ | <file> | ||
+ | [global] | ||
+ | workgroup = kurs | ||
+ | security = domain | ||
+ | add user script = /usr/sbin/useradd -d /tmp %u | ||
+ | |||
+ | [freigabe] | ||
+ | path = /tmp | ||
+ | writable = yes | ||
+ | </file> | ||
+ | |||
+ | ====== Domänen-Mitglied mit Winbind====== | ||
+ | ===== Benötigte Pakete ===== | ||
+ | Debian: samba winbind | ||
+ | |||
+ | CentOS: samba samba-common | ||
+ | |||
+ | openSuSE ab 11.4: samba-winbind | ||
+ | ===== Winbind tdb Konfiguration ===== | ||
+ | ''/etc/samba/smb.conf'' : | ||
+ | <file> | ||
+ | [global] | ||
+ | workgroup = kurs | ||
+ | security = domain | ||
+ | idmap uid = 20000 - 30000 | ||
+ | idmap gid = 20000 - 30000 | ||
+ | template shell = /bin/bash | ||
+ | winbind use default domain = Yes | ||
+ | |||
+ | # ab samba 3.4 notwendig: ( gibts da noch ne andere Lösung? ) | ||
+ | map untrusted to domain = yes | ||
+ | |||
+ | [freigabe] | ||
+ | path = /tmp | ||
+ | writable = yes | ||
+ | </file> | ||
+ | |||
+ | openSuSE ab 11.4: | ||
+ | /etc/init.d/smb stop | ||
+ | /etc/init.d/nmb stop | ||
+ | CentOS 5: | ||
+ | /etc/init.d/smb stop | ||
+ | Debian 5: | ||
+ | /etc/init.d/samba stop | ||
+ | |||
+ | |||
+ | ====== Rechner in die Domäne aufnehmen ====== | ||
+ | Bug in openSuSE 13.1 (PDC): AppArmor verhindert, dass auf dem PDC ein Benutzer angelegt werden kann. Lösung: auf dem PDC | ||
+ | systemctl stop apparmor.service | ||
+ | |||
+ | |||
+ | net rpc join -U smbadmin | ||
+ | |||
+ | openSuSE ab 11.4: | ||
+ | /etc/init.d/winbind restart | ||
+ | /etc/init.d/smb start | ||
+ | /etc/init.d/nmb start | ||
+ | CentOS 5: | ||
+ | /etc/init.d/smb start | ||
+ | Debian 5: | ||
+ | /etc/init.d/winbind restart | ||
+ | /etc/init.d/samba start | ||
+ | |||
+ | ===== Domänenaufname testen ===== | ||
+ | wbinfo --own-domain | ||
+ | wbinfo -t | ||
+ | wbinfo -u | ||
+ | wbinfo -a kurs\\iw%villa | ||
+ | |||
+ | ====== Linux Benutzer über winbind beziehen ====== | ||
+ | ''/etc/nsswitch.conf'' : | ||
+ | <file> | ||
+ | passwd: files winbind | ||
+ | group: files winbind | ||
+ | shadow: files winbind | ||
+ | </file> | ||
+ | |||
+ | oder | ||
+ | |||
+ | ''/etc/nsswitch.conf'' : | ||
+ | <file> | ||
+ | passwd: compat | ||
+ | group: compat | ||
+ | shadow: compat | ||
+ | passwd_compat: winbind | ||
+ | group_compat: winbind | ||
+ | shadow_compat: winbind | ||
+ | </file> | ||
+ | |||
+ | echo '+::::Samba User::' >> /etc/passwd | ||
+ | echo '+:::' >> /etc/group | ||
+ | echo '+::::::::' >> /etc/shadow | ||
+ | |||
+ | |||
+ | ===== testen ===== | ||
+ | getent passwd iw | ||
+ | |||
+ | |||
+ | ====== Checkliste ====== | ||
+ | ===== Ist Samba Domänenmitglied? ===== | ||
+ | net rpc testjoin -U smbadmin |