Linux
從單個 LDAP 伺服器跨多個伺服器創建 Samba 共享
我們有一個執行 LDAP 的 Fedora Directory Server,其中有幾百個使用者。我們需要一種方法,可以根據項目創建 samba 共享,並限制跨多個 Linux 伺服器對這些共享的訪問。
在這裡,我們有 15-20 台伺服器,每台伺服器都執行不同版本的 CentOS。想法是根據組創建文件夾,其中讀/寫訪問權限僅限於該組或特定組的使用者子集。
我們如何在同一子網中的另一台伺服器上驗證使用者並創建 Samba 共享。使用者使用 Windows Professional,他們應該訪問特定的 samba 共享以備份特定伺服器的文件。
我需要創建一個表單,管理員可以通過選擇伺服器來創建一個文件夾,並相應地分配使用者。歡迎提出有關如何解決此問題的想法。
應該完全沒有問題。我在生產環境中使用了以下配置
[global] workgroup = SYSADM server string = File server netbios name = FS1 security = domain load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes encrypt passwords = yes winbind enum groups = yes winbind enum users = yes idmap backend = ldap:"ldap://pdc.example.net/" ldap idmap suffix = ou=idmap idmap uid = 1000-500000 idmap gid = 1000-500000 idmap config SYSADM : backend = nss idmap config SYSADM : range = 1000-500000 ldapsam:trusted = yes ldapsam:editposix = yes ldap suffix = dc=example,dc=net ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap admin dn = "uid=ldap_reader,ou=users,dc=example,dc=net" enable privileges = yes os level = 3 local master = no domain master = no preferred master = no domain logons = no client ntlmv2 auth = yes client plaintext auth = no lanman auth = no lm announce = no display charset = utf8 unix charset = utf8 dos charset = cp866 log level = 3 host msdfs = no [Department1] comment = Department1 path = /samba/department1/ public=yes guest ok = no write list = user1, @"SYSADM\department1" valid users = @"SYSADM\department1" browseable = yes force create mode = 0770 create mode = 0770 force directory mode = 0770 directory mode = 0770 vfs objects = full_audit full_audit:prefix = [Department1]:%u|%I full_audit:success = write rmdir rename mkdir unlink open read pread write pwrite full_audit:failure = none full_audit:facility = LOCAL1 full_audit:priority = ALERT