Linux

從單個 LDAP 伺服器跨多個伺服器創建 Samba 共享

  • July 23, 2013

我們有一個執行 LDAP 的 Fedora Directory Server,其中有幾百個使用者。我們需要一種方法,可以根據項目創建 samba 共享,並限制跨多個 Linux 伺服器對這些共享的訪問。

在這裡,我們有 15-20 台伺服器,每台伺服器都執行不同版本的 CentOS。想法是根據組創建文件夾,其中讀/寫訪問權限僅限於該組或特定組的使用者子集。

我們如何在同一子網中的另一台伺服器上驗證使用者並創建 Samba 共享。使用者使用 Windows Professional,他們應該訪問特定的 samba 共享以備份特定伺服器的文件。

我需要創建一個表單,管理員可以通過選擇伺服器來創建一個文件夾,並相應地分配使用者。歡迎提出有關如何解決此問題的想法。

應該完全沒有問題。我在生產環境中使用了以下配置

[global]

   workgroup = SYSADM
   server string = File server
   netbios name = FS1
   security = domain

   load printers = no
   show add printer wizard = no
   printcap name = /dev/null
   disable spoolss = yes

   encrypt passwords = yes

   winbind enum groups = yes
   winbind enum users = yes

   idmap backend = ldap:"ldap://pdc.example.net/"
   ldap idmap suffix = ou=idmap

   idmap uid = 1000-500000
   idmap gid = 1000-500000

   idmap config SYSADM : backend  = nss
   idmap config SYSADM : range = 1000-500000

   ldapsam:trusted = yes
   ldapsam:editposix = yes

   ldap suffix = dc=example,dc=net
   ldap user suffix = ou=users
   ldap group suffix = ou=groups
   ldap machine suffix = ou=computers

   ldap admin dn = "uid=ldap_reader,ou=users,dc=example,dc=net"

   enable privileges = yes

   os level = 3
   local master = no
   domain master = no
   preferred master = no
   domain logons = no

   client ntlmv2 auth = yes
   client plaintext auth = no

   lanman auth = no
   lm announce = no

   display charset = utf8
   unix charset = utf8
   dos charset = cp866

   log level  = 3
   host msdfs  = no

[Department1]
   comment = Department1
   path = /samba/department1/
   public=yes
   guest ok = no
   write list = user1, @"SYSADM\department1"
   valid users = @"SYSADM\department1"
   browseable = yes
   force create mode = 0770
   create mode = 0770
   force directory mode = 0770
   directory mode = 0770
   vfs objects = full_audit
   full_audit:prefix = [Department1]:%u|%I
   full_audit:success = write rmdir rename mkdir unlink open read pread write pwrite
   full_audit:failure = none
   full_audit:facility = LOCAL1
   full_audit:priority = ALERT

引用自:https://serverfault.com/questions/525657