Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Konfiguracija Samba Servera ====== Članak podrazumeva da je samba server već instaliran na računaru, i odgovarajući portovi propušteni kroz firewall. ===== Centos 7 ===== ==== Bez pridruživanja AD domenu ==== - Dobro je formirati linux grupe korisnika i operisati pravima na njima - Otvoriti korisnike bez mogućnosti logovanja na server (opcija ''useradd testuser -s=/sbin/nologin''). Korisnicima ne treba ni /home direktorijum što se postiže dodavanjem -M opcije u komandu - **Važno !** Korisnike koji će imati pristup deljenim direktorijumima preko smb: protokola treba dodati i u Samba naloge komandom ''smbpasswd -a <korisnički_nalog>'' - Urediti ''/etc/samba/smb.conf'' tako da se odrede deljeni folderi - **Važno !** Ako se koristi SELinux sloj neophodno je registrovati deljeni direktorijum komandom ''chcon -t samba_share_t <put_do_deljenog_direktorijuma>'' - Restartovati smb.service i nmb.service (''systemctl restart smb.service'', ''systemctl restart nmb.service'') ==== Sa pridruživanjem AD domenu ==== Izvori: \\ [[https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member|Setting up Samba as Domain Member]] \\ [[https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED|Troubleshooting Samba Domain Members]] \\ [[https://wiki.samba.org/index.php/Idmap_config_rid|Idmap config rid]] \\ - Ugasiti sve servise vezane za Sambu. Spisak pokrenutih servisa dobija se komandom: \\ <code># ps ax | egrep "samba|smbd|nmbd|winbindd"</code> - Lokacija ''smb.conf'' fajla otkriva se komandom: <code># smbd -b | grep "CONFIGFILE" CONFIGFILE: /usr/local/samba/etc/samba/smb.conf</code> Preporuka je pre izmena ''smb.conf'' fajla napraviti bekap istog. - Ukoliko je Samba prethodno bila u funkciji preporuka je da se obrišu eventualni zapisi o korisnicima da ne bi došlo do preklapanja. \\ Spisak lokacija sa ''*.tdb'' odnosno ''*.ldb'' fajlovima koje treba obrisati dobija se komandom: \\ <code># smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR" LOCKDIR: /usr/local/samba/var/lock/ STATEDIR: /usr/local/samba/var/locks/ CACHEDIR: /usr/local/samba/var/cache/ PRIVATE_DIR: /usr/local/samba/private/</code> - Pre svega treba testirati dostupnost domena (HOME.LOCAL) samba serveru. To se radi ''nslookup'' komandom. \\ \\ **Forward Lookup** \\ <code># nslookup ASRV.home.local Server: 192.168.0.6 Address: 192.168.0.6#53 Name: ASRV.home.local Address: 192.168.0.6</code> \\ **Reverse Lookup** \\ <code># nslookup 192.168.0.6 Server: 192.168.0.6 Address: 192.168.0.6#53 6.0.168.192.in-addr.arpa name = ASRV.home.local.</code> \\ **Resolving SRV Records** <code># nslookup Default Server: 192.168.0.6 Address: 192.168.0.6 > set type=SRV > _ldap._tcp.home.local. Server: 192.168.0.6 Address: 192.168.0.6 _ldap._tcp.home.local SRV service location: priority = 0 weight = 100 port = 389 svr hostname = asrv.home.local home.local nameserver = asrv.home.local asrv.home.local internet address = 192.168.0.6</code> - Konfiguracija ''smb.conf'' \\ \\ <code>[global] workgroup = HOME server string = %h server # Milano, ovo sam podašavao po uputstvima sa samba Wiki stranice # https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member workgroup = HOME security = ADS realm = HOME.LOCAL server string = %h server winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab # Za potrebe testuranja winbind enum users = yes winbind enum groups = yes # Ne treba nam deljenje printera load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes</code> - Pridruživanje domenu (HOME.local) \\ \\ <code># net ads join -U administrator Enter administrator's password: Passw0rd Using short domain name -- HOME Joined 'SAMBASRV' to dns domain 'home.local'</code> - Konfiguracija "Name Service Switch" \\ Potrebno je dodati ''winbind'' u konfiguracioni fajl ''/etc/nsswitch.conf'', obavezno iza ''files'' sekcije: <code>passwd: files winbind group: files winbind</code>Dodaje se samo u ''passwd'' i ''group'' sekcije, nikako u ''shadow'' sekciju. - Pokrenuti SAMBA servise <code>systemctl start smbd systemctl start nmbd systemctl start winbindd</code> === Testiranje Winbindd veze === - Slanje ''winbindd'' ping-a <code># wbinfo --ping-dc checking the NETLOGON for domain[HOME] dc connection to "ASRV.HOME.LOCAL" succeeded</code> - Pregled domenskih korisnika i grupa <code># getent passwd HOME\\milano HOME\milano:*:10000:10000:milano:/home/milano:/bin/bash</code> - Primena prava pristupa na linux fajl sistem: <code># chown "HOME\\milano:HOME\\domain users" file.txt</code> CKG Edit kb/konfiguracija_samba_servera.txt Last modified: 2020/12/28 19:53by milano