ot run-time(2-11-2007)
reiting (32)
[ dobre ]
[ zle ]
Variant za otpechatvane
SAMBA kato purvichen domein kontroler - instalatsiia, nastroika, upravlenie
1. Vuvedenie
2. Instalatsiia
3. Nastroika
4. Suzdavane na grupi
5. Vhod v domeina
6. Dobaviane na potrebiteli
7. Proverka
8. Spisuk na komandi za upravlenie na domeina
8.1. Upravlenie
8.2. Informatsiia
1. Vuvedenie
V statiiata se razglezhda suzdavaneto i nastroikata na purvichen domein kontroler s niakolko spodeleni resursi. Administriraneto na domeina shte mozhe da se izvurshva i otdalecheno s pomoshtta na instrumenta net.
Testvano e na slackware 12, no v statiiata shte oburnem vnimanie i ako instalirame ot izhodni failove
Spisuk na spodelenite resursi koito shte polzvame v statiiata:
home – lichnata direktoriia na potrebitelia
joint – obshta direktoriia
Vseki potrebitel shte mozhe da chete i zapisva v lichnata si i obshtata direktoriia,no niama da vizhda lichni direktorii na ostanalite potrebiteli.
2. Instalatsiia
Svaliame samba ot www.slackware.org
ili izhodnite failove ot www.samba.org
Instalirame paketa
# installpkg samba-3.0.23c-i486-1.tgz
ili za izhodnite failove:
# tar xzvf samba-latest.tar.gz
# cd samba-3.0.26a/
# cd source
# ./configure --with-smbmount --prefix=/usr/local/samba --bindir=/usr/sbin
# make
# su make install
Za slackware:
Zadavame startirashtiiat skript da e izpulnim
# chmod a+x /etc/rc.d/rc.samba
Ako sme instalirali ot izhodni failove.. ili si suzdavame takuv skript ili startirame s:
# /usr/sbin/smbd -D && /usr/sbin/nmbd -D
Suzdavame konfiguratsionniia fail na samba.Za slackware v
# pico /etc/samba/smb.conf za izhodnite failove:
/usr/local/samba/lib/smb.conf
I dobaviame sledniiat:
Primeren kod |
workgroup = DOMAIN
netbios name = PDCSERVER
server string = DOMAIN SERVER
passdb backend = tdbsam
log level = 1
log file = /var/log/samba/workstations/%m.log
max log size = 50
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/bin/gpasswd -a %u %g
delete user from group script = /usr/bin/gpasswd -d %u %g
add machine script = /usr/sbin/useradd -g nt_workstations -s /bin/false -d /dev/null %u
set primary group script = /usr/sbin/usermod -g %g %u
logon path =
logon drive =
logon home =
logon script = login.bat
domain logons = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
hosts allow = 192.168. 127.
time server = yes
preferred master = yes
domain master = yes
local master = yes
os level = 255
unix charset = utf8
dos charset = cp1251
display charset = cp1251
load printers = yes
printing = cups
printcap name = cups
wins support = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
[netlogon
path = /srv/samba/netlogon
read only = yes
browseable = no
[joint]
path = /srv/samba/joint
writable = yes
create mask = 0775
directory mask = 0775
force group = users |
Suzdavane na direktoriite:
# mkdir -p /srv/samba/{netlogon,joint }
3. Nastroika
Vsichki potrebiteli v domeina triabva da imat prava za chetne/zapis v direktoriiata joint. Smeniame grupata na tazi direktoriia s users i i davame prava za zapis.
# chgrp -R users /srv/samba/joint
# chmod -R g+w /srv/samba/joint
Suzdavame samba potrebitel root s parola 123
# smbpasswd -a root
Proveriavame konfiguratsionniia fail za greshki
# testparm
Puskame samba - za slackware
# /etc/rc.d/rc.samba start
za drugi distributsii bazirani na Debian
# /etc/init.d/samba start ili ruchno:
# /usr/sbin/smbd -D && /usr/sbin/nmbd -D
Proveriavame dali samba uspeshno e startirala
# ps ax | grep mbd
29724 ? Ss 0:00 /usr/sbin/smbd -D
29726 ? Ss 0:00 /usr/sbin/nmbd -D
29727 ? S 0:00 /usr/sbin/nmbd -D
29728 ? S 0:00 /usr/sbin/smbd -D
29748 pts/3 R+ 0:00 grep mbd
Probvame da se zavurzhem i da vidim mrezhovite resursi
# smbclient -L localhost -U root%123
4. Suzdavane na grupi
Suzdavame neobhodimite linux grupi za da mozhe posle da gi supostavim s analogichnite Windows grupi. V Windows po podrazbirane sushtestvuvat slednite grupi:
1. Guests
2. Users
3. Administrators
Suotvetstvashti grupi Windows / Linux
Guests – nobody
Users – users
Administrators – nt_admins
Suzdavame grupite:
# groupadd nt_workstations
# groupadd nt_admins
Vsiaka Windows grupa triabva da bude supostavena sus suotvetnata Linux grupa. Purvonachalno niama nikakvo supostaviane.
Supostaviame grupite:
• Gosti:
# net groupmap add rid=514 ntgroup="Domain Guests" unixgroup=nobody
• Potrebiteli:
# net groupmap add rid=513 ntgroup="Domain Users" unixgroup=users
• Windows mashini - kompyutri:
# net groupmap add rid=515 ntgroup="Domain Computers" unixgroup=nt_workstations
• Administratori:
# net groupmap add rid=512 ntgroup="Domain Admins" unixgroup=nt_admins
CHisloto sled rid= - e identifikator na osnovnite Windows grupi.
Tablitsata na RID za osnovnite Windows grupi
Domain Admins - 512
Domain Users - 513
Domain Guests - 514
Domain Computers - 515
Suzdavame potrebitel "fanta", koito shte ni e administrator na domeina (purvichna grupa - nt_admins)
# useradd -m -c "Admin" -G nt_admins -g users fanta
Dobaviame administratora kum BD na SAMBA
#smbpasswd -a fanta
Sled kato suzdadohme potrebitel - administrator, ot tuk natatuk shte polzvame net za upravlenie na domeina. S negova pomosht shte izvurshvame administratorskite deistviia.
Proveriavame dali e dobaven kum grupata na "Domain Admins"
# net rpc group members "Domain Admins" -U fanta%123 DOMAIN\fanta
Po podrazbirane v grupata na Domain Admins niama nikakvi prava za tova gi suzdavame.
# net rpc rights grant "Domain Admins" SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -Ufanta%123
5. Vhod v domeina
Sega mozhem da vkarame nashiia survur v domeina :)
# net rpc join -U fanta%123
Joined domain DOMAIN.
Proveriavame dali e minala uspeshno protsedurata
# net rpc testjoin
Join to 'DOMAIN' is OK
Sega mozhem da vidim obshtite danni za domeina
# net rpc info -U fanta%123
Domain Name: DOMAIN
Domain SID: S-1-5-21-1896400801-767198480-4227753087
Sequence number: 1171055599
Num users: 1
Num domain groups: 5
Num local groups: 0
Na teoriia veche triabva da e vuzmozhno edin Windows koito e registriran v Domain da mozhe da se svurzhe s nego, zatova sega otivame v Properties->My Computer->Computer Name->Change… I promeniame stoinostta na Domain: da bude Domain (kakto se kazva nashiiat Domain) Sled kato napravi kompyutura vruzka s Domain-a pita za administratorskiiat akaunt,
koito suzdadohme po – gore. Sled kato go vuvedete “bi triabvalo” da izkara “Welcome to DOMAIN”.
6. Dobaviane na potrebiteli
Dobaviane na vsichki rabotni stantsii kum BD SAMBA. Po podrazbirane te shte prinadlezhat kum grupata "Domain Computers".
# net rpc user add comp1$ -U fanta%123
# net rpc user add comp2$ -U fanta%123
# net rpc user add comp3$ -U fanta%123
Dobaviame kum BD na SAMBA potrebitelite. Po podrazbirane te shte prinadlezhat kum grupata na "Domain Users".
# net rpc user add user1 -U fanta%123
# net rpc user add user2 -U fanta%123
# net rpc user add user3 -U fanta%123
Zadavame parolite za vsichki potrebiteli:
# smbpasswd user1
# smbpasswd user2
# smbpasswd user3
7. Proverka
Spisukut s vsichki grupi na domeina
# net rpc group -U fanta%123
Domain Users
Domain Computers
Domain Admins
Domain Guests
Managers
Spisuka s vsichki potrebiteli na domeina
# net rpc user -U fanta%123
fanta
user1
user2
user3
comp1$
comp2$
comp3$
Spisuka s administratorite (grupa "Domain Admins")
# net rpc group members "Domain Admins" -U fanta%123 DOMAIN\fanta
Spisuka na kompyutrite v domeina (grupa "Domain Computers")
# net rpc group members "Domain Computers" -U fanta%123
DOMAIN\comp1$
DOMAIN\comp2$
DOMAIN\comp3$
Ako iskate da polzvate niakoi “login script” - Skript koito da se zarezhda pri startirane na Windows mashinite mozhe da go suzdadete kato login.bat i da go vkarate v /srv/samba/netlogon
Naprimer az sum napravil login.bat i sum vkaral slednite 2 reda v nego:
net use w: \\PDCSERVER\joint
net use z: \\PDCSERVER\%username%
kato purviia map-va obshtata papka kato “w”, a vtoriiat lichnata direktoriia kato “z”.
E sega veche mozhe da probvate da vurzhete i Windows rabotna stantsiia kum domeina
No ne vinagi e taka.
Ako Vi izpishe niakoi ot tezi greshki to:
“A domain controller for the domain DOMAIN could not be contacted.” – Proverede dali
uslugata Samba e pusnata ili dali ste zadali pravilno IP adresite.
“Username or password incorrect” – ako ste sigurni, che administratorskiiat akaunt e pravilen togava ne ste suzdali mashinata vuv Domain. Tova e obiasneno po – gore kak da ia suzdadete.
Sega naistina triabva da mozhe da se Log-ne v Domain.
8. Spisuk s komandi za upravlenie i informatsiia na domeina
8.1 Upravlenie
1. Dobaviane/iztrivane na potrebitel:
# net rpc user {add,delete} user1 -U fanta%123
2. Dobaviane/iztrivane na kompyutur:
# net rpc user {add,delete} comp1$ -U fanta%123
3. Smiana na osnovnata grupa na potrebitel:
# usermod -g nt_managers user3
4. Zadavane na parola za potrebitel:
# smbpasswd user1
5. Vkarvane na survura v domeina:
# net rpc join -U fanta%123
6. Proverka dali e vliazul:
# net rpc testjoin
7. Dobaviane na prava za opredelena grupa:
# net rpc rights grant "Domain Admins" SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -U fanta%123
8.2. Informatsiia
1. Spisuk na supostavianeto:
# net groupmap list
2. Spisuk s vsichki potrebiteli:
# net rpc user -U fanta%123
3. Spisuk s vsichki grupi:
# net rpc group -U fanta%123
4. Spisuk na potrebiteli, prinadlezhashti kum opredelena grupa:
# net rpc group members "nt_admins" -U fanta%123
5. Spisuk na kompyutrite (grupa "Domain Computers"):
# net rpc group members "Domain Computers" -U fanta%123
6. Grupa kum koiato prinadlezhat opredeleni potrebiteli:
# net rpc user info user3 -U fanta%123
7. Obshta informatsiia za domeina:
# net rpc info -U fanta%123
Informatsiia i tsitati sa vzemani ot:
http://www.bg-freebsd.org/
www.samba.org
CHast 2 >>
<< SAMBA PDC - instalatsiia, nastroika, upravlenie - CHast 2 | Vuzmozhnosti za pravna zashtita v Bulgariia na softuer posta >>
|