Name : BETA-TESTERS
Project name : ZW3B-API-BETA-TESTERS
Authorized. - 200 - Client API Name and Origin Wildcard OK
Configurer le daemon Samba en mode PDC (Primary Domain Controler).
Samba est ici configuré en temps que PDC (Primary Domain Controler) ou Active Directory.
On édite le fichier samsba : vim /etc/samba/smb.conf
Script avec 147 lignes
001[global] 002 # Domain name .. 003 workgroup = ZW3B 004# realm = ZW3B.FR 005 # Server name - as seen by Windows PCs .. 006 netbios name = ZW3B-PDC 007 server string = PDC Samba-LDAP Server 008 009 # Be a PDC .. 010 ; On contrôle les logons, on est DC 011 domain logons = Yes 012 ; Master browser, browser pour le domaine (un seul par domaine) 013 domain master = Yes 014 ; Force élections en tant que master browser + donne un avantage 015 preferred master = Yes 016 ; Poids lors des élections de master browser 017 os level = 99 018 ; Local master browser (browser pour le sous réseau) 019 local master = Yes 020 # Be a WINS server .. 021 ; Serveur Wins actif (un seul par reseau) 022 wins support = Yes 023 024 # obey pam restrictions = Yes 025 dns proxy = No 026 027 log file = /var/log/samba/log.%m 028 max log size = 1000 029 syslog = 0 030 panic action = /usr/share/samba/panic-action %d 031 032# security = ADS 033 pam password change = Yes 034 035 # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del 036 unix password sync = no 037 ldap passwd sync = yes 038 039 # Printing from PCs will go via CUPS .. 040 load printers = yes 041 printing = cups 042 printcap name = cups 043 044 # Use LDAP for Samba user accounts and groups .. 045 passdb backend = ldapsam:ldap://127.0.0.1/ 046 047 ; LDAP 048 # Samba and LDAP server are on the same server in this example. 049 ldap ssl = no 050 # This must match init.ldif .. 051 ldap suffix = dc=zw3b,dc=fr 052 # The password for cn=admin MUST be stored in /etc/samba/secrets.tdb 053 # This is done by running 'sudo smbpasswd -w'. 054 ldap admin dn = cn=admin,dc=zw3b,dc=fr 055# ldap delete dn = Yes 056 057 # 4 OUs that Samba uses when creating user accounts, computer accounts, etc. 058 # (Because we are using smbldap-tools, call them 'Users', 'Computers', etc.) 059 ldap machine suffix = ou=Computers 060 ldap user suffix = ou=Users 061 ldap group suffix = ou=Groups 062 063 # Scripts for Samba to use if it creates users, groups, etc. 064 add user script = /usr/sbin/smbldap-useradd -m '%u' 065 delete user script = /usr/sbin/smbldap-userdel %u 066 add group script = /usr/sbin/smbldap-groupadd -p '%g' 067 delete group script = /usr/sbin/smbldap-groupdel '%g' 068 add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' 069 delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' 070 set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' 071 072 # Script that Samba users when a PC joins the domain .. 073 # (when changing 'Computer Properties' on the PC) 074 add machine script = /usr/sbin/smbldap-useradd -w '%u' 075 076 # Values used when a new user is created .. 077 # (Note: '%L' does not work properly with smbldap-tools 0.9.4-1) 078 logon drive = Z: 079 logon home = %L%U 080 logon path = %Lprofile%U 081 logon script = allusers.bat 082 083 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 084 case sensitive = No 085 default case = lower 086 preserve case = yes 087 short preserve case = Yes 088 089 # This is required for Windows XP client .. 090 server signing = auto 091 server schannel = auto 092 093 winbind use default domain = Yes 094 inherit permissions = Yes 095 inherit acls = Yes 096 inherit owner = Yes 097 nt acl support = Yes 098 msdfs root = Yes 099 hide files = /desktop.ini/ntuser.ini/NTUSER.*/ 100 101 # Liens symboliques 102 unix extensions = no 103 follow symlinks = yes 104 wide links = yes 105 106 # performance 107 read raw = yes 108 write raw = yes 109 kernel oplocks = yes 110 max xmit = 65535 111 getwd cache=yes 112 use sendfile = Yes 113 strict sync = no 114 strict allocate = yes 115 large readwrite = yes 116 case sensitive = true 117 118[homes] 119 comment = Home Directories 120 valid users = %S 121 read only = No 122 browseable = No 123 create mask = 0644 124 directory mask = 0755 125 126[netlogon] 127 comment = Network Logon Service 128 path = /var/lib/samba/netlogon 129 admin users = root kss.0s 130 guest ok = Yes 131 browseable = No 132 logon script = allusers.bat 133 134[Profiles] 135 comment = Roaming Profile Share 136 # would probably change this to elsewhere in a production system .. 137 path = /var/lib/samba/profiles 138 read only = No 139 profile acls = Yes 140 browsable = No 141 142[Alibaba] 143 comment = Caverne d'Alibaba 144 path = /var/alibaba 145 browseable = Yes 146 writeable = Yes 147 public = No
Vous trouverez sûrement l'option que vous chercher ci-dessus ;) Faire un tuto "PDC : LDAP + SAMBA" serait envisageable.. :)
Paquet à installer sur les clients : cifs anciennement smbfs ;)
Commande pour monter un partage depuis un système Linux
Script avec 2 lignes
001mount -t smbfs //IP_MACHINE/SHARE_FOLDER /mnt/samba/mon_dossier/ -uid 1000 -gid 1000 -o username=mon_user 002mount -t cifs //IP_MACHINE/SHARE_FOLDER /mnt/samba/mon_dossier/ -o uid=1000 -o gid=1000 -o username=mon_user
Et dans /etc/fstab soit on monte sur le nom NetBIOS soit sur l'adresse IP, par exemple :
Le fichier /home/user/.smbcredentials doit être accessible que pour notre utilisateur. Pour une question de sécurité (au lieu d'écrire le mot de passe en clair dans notre fichier fstab lisible à tous) on attribue les droits : chmod 600 ~/.smbcredentials.
Script avec 1 ligne
001//IP_MACHINE/SHARE_FOLDER /mnt/samba/mon_dossier cifs user, noauto, rw, iocharset=utf8, sec=ntlm, gid=1000, uid=1000, credentials=/home/user/.smbcredentials 0 0
Le fichier .smbcredentials ressemble à cela :
Script avec 2 lignes
001username=mon_user_samba/windows 002password=mon_password_samba/windows