Samba Compartilhamento

Samba Compartilhamento - Standalone Mode

- Versões utilizada: Debian 8.5(Jessie)

* Verificar o date/time que deve estar sincronizado com o servidor do Active Directory

* Configure o arquivo hosts com os endereços do Active Directory

# vi /etc/hosts

10.0.0.40 ad1.dominio.com ad1

10.0.0.48 ad2.dominio.com ad2

* configure o arquivo resolv.conf

# vi /etc/resolv.conf

search dominio.com

domain dominio.com

nameserver 10.0.0.40

nameserver 10.0.0.48

* Instalar os pacotes

# apt-get install samba samba-doc samba-testsuite smbclient cifs-utils winbind libnss-winbind acl krb5-user libldap2-dev (libpam-winbind)

* Acesse e ajuste a configuração do smb.conf

[global]

workgroup = DOMINIO

realm = DOMINIO.COM

netbios name = NOMESERVER <- Ajustar

security = ADS

encrypt passwords = yes

#password server = 10.0.0.40,10.0.0.48

interfaces = eth0

bind interfaces only = yes

idmap config *:backend = tdb

idmap config *:range = 1000-90000

idmap config DOMINIO:backend = rid <- Ou ad ????

idmap config DOMINIO:schema_mode = rfc2307

idmap config DOMINIO:range = 1000-90000

winbind nss info = rfc2307

winbind trusted domains only = no

winbind use default domain = yes

winbind enum users = yes

winbind enum groups = yes

vfs objects = acl_xattr

map acl inherit = Yes

store dos attributes = Yes

disable spoolss = yes

#socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072

#server string =

max log size = 50

log level = 0

log file = /var/log/samba/samba.log

restrict anonymous = 2

#client use spnego = yes

#client ntlmv2 auth = yes

map to guest = Bad User

[download]

path = /home/download

read only = no

[webapps]

path = /home/webapps

read only = no

admin users = @"%D\gg_suportetecnico_" @"%D\GG_Desenvolvimento" "%D\storage"

valid users = @"%D\gg_suportetecnico_" @"%D\GG_Desenvolvimento" "%D\storage"

#write list= @"DOMINIO\GG_suportetecnico"

force create mode = 0664

force directory mode = 0775

force user = www-data

force group = www-data

* Crie os diretorios de compartilhamento e defina as permissões

# mkdir /home/DOMINIO <- opcional

# mkdir /home/download

# mkdir /home/webapps

# chmod 777 /home/download && chmod 777 /home/webapps

* Revise as configurações do Samba e pare

# testparm

# /etc/init.d/samba stop

* configure nsswitch.conf

# vi /etc/nsswitch.conf

passwd: compat winbind

group: compat winbind

* Reinicie os serviços

# /etc/init.d/winbind restart

# /etc/init.d/samba start

* Conectar o Samba no dominio do Active Directory

# net [rpc|ads] join -U administrator@DOMINIO.COM

Using short domain name -- DOMINIO

Joined 'NOMESERVER' to dns domain 'dominio.com'

# net ads testjoin

Join is OK

# net ads info

Realm: DOMINIO.COM

Bind Path: dc=DOMINIO,dc=COM

LDAP port: 389

Server time: Wed, 18 Feb 2015 15:05:09 BRST

KDC server: 10.0.0.40

Server time offset: -11

# net rpc rights grant 'DOMINIO\Domain Admins' SeDiskOperatorPrivilege -Uadministrator

* Testar o winbind

# wbinfo -p

# wbinfo -g

# wbinfo -u

# wbinfo -r DomainUser

# id DomainUser

# getent passwd

# getent group

# chgrp "DOMINIO\gg_suportetecnico_" webapps

# chgrp "gg_suportetecnico_" webapps

* Comandos

# net groupmap list

# net groupmap delete sid="S-1-5-21-26...."

Montagem

# mkdir /mnt/share

# mount -t cifs //<IP>/<server share> /mnt/share -o username=<user>,password=<pass>,domain=<dominio>,vers=1.0 <- (1.0, 2.0 ou 3.0)

Ou

# mount.cifs /<IP>/<server share> /mnt/share -o username=<USER>,password=<SENHA>,domain=<DOMAIN>,vers=3.0 <- (1.0, 2.0 ou 3.0)

/# vi /etc/fstab

//<IP>/<server share> /mnt/share cifs rw,username=<user>,password=<pass>,domain=<dominio> 0 0

ou

//<IP>/<server share> /mnt/share cifs rw,sec=ntlmv2,username=<user>,password=<pass>,domain=<dominio> 0 0

ou para montar com nome e grupo

//<IP>/<server share> /mnt/share cifs rw,sec=ntlmv2,username=<user>,password=<pass>,domain=<dominio>,uid=1005,gid=1005 0 0

//path/storage001 /home/STORAGE001 cifs auto,rw,user,noperm,dir_mode=0770,file_mode=0770,username=USER,password=SENHA,domain=DOMAIN 0 0

Compartilhamento Guest

* Para montar de maneira automatica o compartilhamento guest ajuste o arquivo fstab

# mkdir /media/media

# vi /etc/fstab

//<IP_SERVER>/MEDIA /media/media/ cifs rw,guest,noperm,iocharset=utf8 0 0

Versão do protocolo de conexão

* Com as novas versões do Samba o parametro server max protocol = SMB3 é informado por padrao no servidor, portanto para o cliente realizar conexão é preciso ajustar no cliente o parametro de conexão:

# vi /etc/samba/smb.conf

[global]

...

client max protocol = SMB3 <- (CORE,COREPLUS,LANMAN1,LANMAN2,NT1,SMB2,SMB3)

...

[share] (TESTANDO - protocol e somente para global?)

...

min protocol = NT1

max protocol = SMB3

...

* Com esta configuração os linux conseguem realizar a conexao ao compartilhamento

* Referencia client max protocol