====== Konfiguracija Samba Servera ======

Članak podrazumeva da je samba server već instaliran na računaru, i odgovarajući portovi propušteni kroz firewall.

===== Centos 7 =====

==== Bez pridruživanja AD domenu ====

  - Dobro je formirati linux grupe korisnika i operisati pravima na njima
  - Otvoriti korisnike bez mogućnosti logovanja na server (opcija ''useradd testuser -s=/sbin/nologin''). Korisnicima ne treba ni /home direktorijum što se postiže dodavanjem -M opcije u komandu
  - **Važno !**  Korisnike koji će imati pristup deljenim direktorijumima preko smb: protokola treba dodati i u Samba naloge komandom ''smbpasswd -a <korisnički_nalog>''
  - Urediti ''/etc/samba/smb.conf''  tako da se odrede deljeni folderi
  - **Važno !**  Ako se koristi SELinux sloj neophodno je registrovati deljeni direktorijum komandom ''chcon -t samba_share_t <put_do_deljenog_direktorijuma>''
  - Restartovati smb.service i nmb.service (''systemctl restart smb.service'',  ''systemctl restart nmb.service'')

==== Sa pridruživanjem AD domenu ====

Izvori: \\
[[https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member|Setting up Samba as Domain Member]] \\ 
[[https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED|Troubleshooting Samba Domain Members]] \\ 
[[https://wiki.samba.org/index.php/Idmap_config_rid|Idmap config rid]] \\ 

  - Ugasiti sve servise vezane za Sambu. Spisak pokrenutih servisa dobija se komandom: \\ <code># ps ax | egrep "samba|smbd|nmbd|winbindd"</code>
  - Lokacija ''smb.conf'' fajla otkriva se komandom: <code># smbd -b | grep "CONFIGFILE"
    CONFIGFILE: /usr/local/samba/etc/samba/smb.conf</code> Preporuka je pre izmena ''smb.conf'' fajla napraviti bekap istog.
  - Ukoliko je Samba prethodno bila u funkciji preporuka je da se obrišu eventualni zapisi o korisnicima da ne bi došlo do preklapanja. \\ Spisak lokacija sa ''*.tdb'' odnosno ''*.ldb'' fajlovima koje treba obrisati dobija se komandom: \\ <code># smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
  LOCKDIR: /usr/local/samba/var/lock/
  STATEDIR: /usr/local/samba/var/locks/
  CACHEDIR: /usr/local/samba/var/cache/
  PRIVATE_DIR: /usr/local/samba/private/</code>
  - Pre svega treba testirati dostupnost domena (HOME.LOCAL) samba serveru. To se radi ''nslookup'' komandom. \\ \\ **Forward Lookup** \\ <code># nslookup ASRV.home.local
Server:         192.168.0.6
Address:        192.168.0.6#53

Name:   ASRV.home.local
Address: 192.168.0.6</code> \\ **Reverse Lookup** \\ <code># nslookup 192.168.0.6
Server:        192.168.0.6
Address:	192.168.0.6#53

6.0.168.192.in-addr.arpa	name = ASRV.home.local.</code> \\ **Resolving SRV Records** <code># nslookup
Default Server:  192.168.0.6
Address:  192.168.0.6

> set type=SRV
> _ldap._tcp.home.local.
Server:  192.168.0.6
Address:  192.168.0.6

_ldap._tcp.home.local   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = asrv.home.local
home.local      nameserver = asrv.home.local
asrv.home.local  internet address = 192.168.0.6</code>
  - Konfiguracija ''smb.conf'' \\ \\ <code>[global]
workgroup = HOME
server string = %h server

# Milano, ovo sam podašavao po uputstvima sa samba Wiki stranice  
# https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member   workgroup = HOME
security = ADS
realm = HOME.LOCAL
server string = %h server
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab

# Za potrebe testuranja
winbind enum users = yes
winbind enum groups = yes

# Ne treba nam deljenje printera
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes</code>
  - Pridruživanje domenu (HOME.local) \\ \\ <code># net ads join -U administrator
Enter administrator's password: Passw0rd
Using short domain name -- HOME
Joined 'SAMBASRV' to dns domain 'home.local'</code>
  - Konfiguracija "Name Service Switch" \\ Potrebno je dodati ''winbind'' u konfiguracioni fajl ''/etc/nsswitch.conf'', obavezno iza ''files'' sekcije: <code>passwd: files winbind
group:  files winbind</code>Dodaje se samo u ''passwd'' i ''group'' sekcije, nikako u ''shadow'' sekciju.
  - Pokrenuti SAMBA servise <code>systemctl start smbd
systemctl start nmbd
systemctl start winbindd</code>

=== Testiranje Winbindd veze ===

  - Slanje ''winbindd'' ping-a <code># wbinfo --ping-dc
checking the NETLOGON for domain[HOME] dc connection to "ASRV.HOME.LOCAL" succeeded</code>
  - Pregled domenskih korisnika i grupa <code># getent passwd HOME\\milano
HOME\milano:*:10000:10000:milano:/home/milano:/bin/bash</code>
  - Primena prava pristupa na linux fajl sistem: <code># chown "HOME\\milano:HOME\\domain users" file.txt</code>