LINUX.ORG.RU
ФорумAdmin

Samba und domain


0

1

Настроил samba-server под федорой. Все работает нормально, кроме того, что на систему не могут попасть компьютеры, что в домене. Сам я не член домена. С компьютерамы вне домена УМВР. Как поправить?

/etc/samba/smb.conf


[global]
	workgroup = tcurkan
	server string = Samba Server Version %v

;	netbios name = MYSERVER

;	interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;	hosts allow = 127. 192.168.12. 192.168.13.
	log file = /var/log/samba/log.%m
	max log size = 50

# ----------------------- Standalone Server Options ------------------------
#
# security = the mode Samba runs in. This can be set to user, share
# (deprecated), or server (deprecated).
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configuration
# is required for tdbsam. The "smbpasswd" utility is available for backwards
# compatibility.
#

	security = share
;	passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# security = must be set to domain or ads.
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configuration
# is required for tdbsam. The "smbpasswd" utility is available for backwards
# compatibility.
#
# realm = only use the realm option when the "security = ads" option is set.
# The realm option specifies the Active Directory realm the host is a part of.
#
# password server = only use this option when the "security = server"
# option is set, or if you cannot use DNS to locate a Domain Controller. The
# argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Name]:
#
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
#
# Use "password server = *" to automatically locate Domain Controllers.

;	realm = MY_REALM

;	password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# security = must be set to user for domain controllers.
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configuration
# is required for tdbsam. The "smbpasswd" utility is available for backwards
# compatibility.
#
# domain master = specifies Samba to be the Domain Master Browser, allowing
# Samba to collate browse lists between subnets. Do not use the "domain master"
# option if you already have a Windows NT domain controller performing this task.
#
# domain logons = allows Samba to provide a network logon service for Windows
# workstations.
#
# logon script = specifies a script to run at login time on the client. These
# scripts must be provided in a share named NETLOGON.
#
# logon path = specifies (with a UNC path) where user profiles are stored.
#
#

;	domain master = yes
;	domain logons = yes

	# the following login script name is determined by the machine name
	# (%m):
;	logon script = %m.bat
	# the following login script name is determined by the UNIX user used:
;	logon script = %u.bat
;	logon path = \\%L\Profiles\%u
	# use an empty path to disable profile support:
;	logon path =

	# various scripts can be used on a domain controller or a stand-alone
	# machine to add or delete corresponding UNIX accounts:

;	add user script = /usr/sbin/useradd "%u" -n -g users
;	add group script = /usr/sbin/groupadd "%g"
;	add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;	delete user script = /usr/sbin/userdel "%u"
;	delete user from group script = /usr/sbin/userdel "%u" "%g"
;	delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options ----------------------------
#
# local master = when set to no, Samba does not become the master browser on
# your network. When set to yes, normal election rules apply.
#
# os level = determines the precedence the server has in master browser
# elections. The default value should be reasonable.
#
# preferred master = when set to yes, Samba forces a local browser election at
# start up (and gives itself a slightly higher chance of winning the election).
#
;	local master = no
;	os level = 33
;	preferred master = yes

#----------------------------- Name Resolution -------------------------------
#
# This section details the support for the Windows Internet Name Service (WINS).
#
# Note: Samba can be either a WINS server or a WINS client, but not both.
#
# wins support = when set to yes, the NMBD component of Samba enables its WINS
# server.
#
# wins server = tells the NMBD component of Samba to be a WINS client.
#
# wins proxy = when set to yes, Samba answers name resolution queries on behalf
# of a non WINS capable client. For this to work, there must be at least one
# WINS server on the network. The default is no.
#
# dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via DNS
# nslookups.

;	wins support = yes
;	wins server = w.x.y.z
;	wins proxy = yes

;	dns proxy = yes

# --------------------------- Printing Options -----------------------------
#
# The options in this section allow you to configure a non-default printing
# system.
#
# load printers = when set you yes, the list of printers is automatically
# loaded, rather than setting them up individually.
#
# cups options = allows you to pass options to the CUPS library. Setting this
# option to raw, for example, allows you to use drivers on your Windows clients.
#
# printcap name = used to specify an alternative printcap file.
#

;	load printers = yes
	cups options = raw

;	printcap name = /etc/printcap
	# obtain a list of printers automatically on UNIX System V systems:
;	printcap name = lpstat
;	printing = cups

# --------------------------- File System Options ---------------------------
#
# The options in this section can be un-commented if the file system supports
# extended attributes, and those attributes are enabled (usually via the
# "user_xattr" mount option). These options allow the administrator to specify
# that DOS attributes are stored in extended attributes and also make sure that
# Samba does not change the permission bits.
#
# Note: These options can be used on a per-share basis. Setting them globally
# (in the [global] section) makes them the default for all shares.

;	map archive = no
;	map hidden = no
;	map read only = no
;	map system = no
;	encrypt passwords = yes
	guest ok = yes
;	guest account = nobody
;	store dos attributes = yes


#============================ Share Definitions ==============================

[homes]
	comment = Home Directories
	browseable = no
	writable = yes
;	valid users = %S
;	valid users = MYDOMAIN\%S

[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
;	guest ok = no
;	writable = No
	printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons:
;	[netlogon]
;	comment = Network Logon Service
;	path = /var/lib/samba/netlogon
;	guest ok = yes
;	writable = no
;	share modes = no

# Un-comment the following to provide a specific roving profile share.
# The default is to use the user's home directory:
;	[Profiles]
;	path = /var/lib/samba/profiles
;	browseable = no
;	guest ok = yes

# A publicly accessible directory that is read only, except for users in the
# "staff" group (which have write permissions):
;	[public]
;	comment = Public Stuff
;	path = /home/samba
;	public = yes
;	writable = yes
;	printable = no
;	write list = +staff

[iso]
	comment = OS Images
	path = /home/keed/iso
	read only = no
;	browseable = yes
	guest ok = yes


[Завантаження]
	comment = Усі усе кидаємо сюди
	path = /home/keed/Завантаження
	read only = no
;	browseable = yes
	guest ok = yes

Опять ты?
Все ещё не прочитал man smb.conf? :3

Пожалуйста, прогоняй в следующий раз свой конфиг через что-то вроде

# grep --invert-match ^# smb.conf | grep --invert-match ^\; | grep --invert-match ^$ > paste_smb.conf
От него осталось бы не более 30-ти строчек вместо такого полотна.

Поменять security = share на security = user, завести учётную запись(записи) на тачке с самбой (хочешь-с пустым паролем) и пускать в шару всех под ней(ними). У кого логин текстово совпадает, тех даже спрашивать ничё не будет.

adriano32 ★★★ ()

security = share - это плохая идея. ЕМНИП ее создатели samba обещали выпилить(хз, может с чем другим перепутал). Если так нужно пускать всех - используй map to guest = bad user

Pinkbyte ★★★★★ ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.