Informations :
Dates
- Publish : : Saturdy 30 july 2011
- Modification : Tuesday 23 october 2012
- 2035 views
Share :
Serveur
Samba est ici configuré en temps que PDC (Primary Domain Controler) ou Active Directory.
On édite le fichier samsba : vim /etc/samba/smb.conf
Script avec 147 lignes
001[global]
002# Domain name ..
003workgroup = ZW3B
004# realm = ZW3B.FR
005# Server name - as seen by Windows PCs ..
006netbios name = ZW3B-PDC
007server string = PDC Samba-LDAP Server
008 009# Be a PDC ..
010; On contrôle les logons, on est DC
011domain logons = Yes
012; Master browser, browser pour le domaine (un seul par domaine)
013domain master = Yes
014; Force élections en tant que master browser + donne un avantage
015preferred master = Yes
016; Poids lors des élections de master browser
017os level = 99
018; Local master browser (browser pour le sous réseau)
019local master = Yes
020# Be a WINS server ..
021; Serveur Wins actif (un seul par reseau)
022wins support = Yes
023 024# obey pam restrictions = Yes
025dns proxy = No
026 027log file = /var/log/samba/log.%m
028max log size = 1000
029syslog = 0
030panic action = /usr/share/samba/panic-action %d
031 032# security = ADS
033pam password change = Yes
034 035# Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del
036unix password sync = no
037ldap passwd sync = yes
038 039# Printing from PCs will go via CUPS ..
040load printers = yes
041printing = cups
042printcap name = cups
043 044# Use LDAP for Samba user accounts and groups ..
045passdb backend = ldapsam:ldap://127.0.0.1/
046 047; LDAP
048# Samba and LDAP server are on the same server in this example.
049ldap ssl = no
050# This must match init.ldif ..
051ldap suffix = dc=zw3b,dc=fr
052# The password for cn=admin MUST be stored in /etc/samba/secrets.tdb
053# This is done by running 'sudo smbpasswd -w'.
054ldap admin dn = cn=admin,dc=zw3b,dc=fr
055# ldap delete dn = Yes
056 057# 4 OUs that Samba uses when creating user accounts, computer accounts, etc.
058# (Because we are using smbldap-tools, call them 'Users', 'Computers', etc.)
059ldap machine suffix = ou=Computers
060ldap user suffix = ou=Users
061ldap group suffix = ou=Groups
062 063# Scripts for Samba to use if it creates users, groups, etc.
064add user script = /usr/sbin/smbldap-useradd -m '%u'
065delete user script = /usr/sbin/smbldap-userdel %u
066add group script = /usr/sbin/smbldap-groupadd -p '%g'
067delete group script = /usr/sbin/smbldap-groupdel '%g'
068add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
069delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
070set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
071 072# Script that Samba users when a PC joins the domain ..
073# (when changing 'Computer Properties' on the PC)
074add machine script = /usr/sbin/smbldap-useradd -w '%u'
075 076# Values used when a new user is created ..
077# (Note: '%L' does not work properly with smbldap-tools 0.9.4-1)
078logon drive = Z:
079logon home = %L%U
080logon path = %Lprofile%U
081logon script = allusers.bat
082 083socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
084case sensitive = No
085default case = lower
086preserve case = yes
087short preserve case = Yes
088 089# This is required for Windows XP client ..
090server signing = auto
091server schannel = auto
092 093winbind use default domain = Yes
094inherit permissions = Yes
095inherit acls = Yes
096inherit owner = Yes
097nt acl support = Yes
098msdfs root = Yes
099hide files = /desktop.ini/ntuser.ini/NTUSER.*/
100 101# Liens symboliques
102unix extensions = no
103follow symlinks = yes
104wide links = yes
105 106# performance
107read raw = yes
108write raw = yes
109kernel oplocks = yes
110max xmit = 65535
111getwd cache=yes
112use sendfile = Yes
113strict sync = no
114strict allocate = yes
115large readwrite = yes
116case sensitive = true
117 118[homes]
119comment = Home Directories
120valid users = %S
121read only = No
122browseable = No
123create mask = 0644
124directory mask = 0755
125 126[netlogon]
127comment = Network Logon Service
128path = /var/lib/samba/netlogon
129admin users = root kss.0s
130guest ok = Yes
131browseable = No
132logon script = allusers.bat
133 134[Profiles]
135comment = Roaming Profile Share
136# would probably change this to elsewhere in a production system ..
137path = /var/lib/samba/profiles
138read only = No
139profile acls = Yes
140browsable = No
141 142[Alibaba]
143comment = Caverne d'Alibaba
144path = /var/alibaba
145browseable = Yes
146writeable = Yes
147public = No
Vous trouverez sûrement l'option que vous chercher ci-dessus ;) Faire un tuto "PDC : LDAP + SAMBA" serait envisageable.. :)
Client :
Paquet à installer sur les clients : cifs
anciennement smbfs
;)
Commande pour monter un partage depuis un système Linux
Script avec 2 lignes
001mount -t smbfs //IP_MACHINE/SHARE_FOLDER /mnt/samba/mon_dossier/ -uid 1000 -gid 1000 -o username=mon_user
002mount -t cifs //IP_MACHINE/SHARE_FOLDER /mnt/samba/mon_dossier/ -o uid=1000 -o gid=1000 -o username=mon_user
Et dans /etc/fstab
soit on monte sur le nom NetBIOS soit sur l'adresse IP, par exemple :
Le fichier /home/user/.smbcredentials
doit être accessible que pour notre utilisateur. Pour une question de sécurité (au lieu d'écrire le mot de passe en clair dans notre fichier fstab lisible à tous) on attribue les droits : chmod 600 ~/.smbcredentials
.
Script avec 1 ligne
001//IP_MACHINE/SHARE_FOLDER /mnt/samba/mon_dossier cifs user, noauto, rw, iocharset=utf8, sec=ntlm, gid=1000, uid=1000, credentials=/home/user/.smbcredentials 0 0
Le fichier .smbcredentials
ressemble à cela :
Script avec 2 lignes
001username=mon_user_samba/windows
002password=mon_password_samba/windows
Liens :
- Guim.info - Samba avec LDAP
- Antiseches.net : Installation de Samba avec authentification LDAP sous Linux Debian Lenny
- Doc fedora-fr.org : Configuration d'un serveur d'authentification Openldap Samba
- Samba and LDAP - Official Ubuntu Documentation