Samba c доменной авторизацией и правкой пермишенов через галочки автора lissyara/
# yum install samba-winbind krb5-workstation samba
Указываем использовать winbind в /etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
hosts: files dns
Правим конфиг самбы:
[global]
workgroup = BITZA
realm = BITZA.LAN
server string = Samba Server Version %v
interfaces = lo, eth0
security = ADS
password server = fs.bitza.lan dc.bitza.lan
log file = /var/log/samba/log.%m
max log size = 50
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = Yes
admin users = "@BITZA\Domain Admins", BITZA\admin
hosts allow = 172.16.1., 127.
cups options = raw
[SVN_conf]
comment = SVN configuration
path = /var/svn/conf
admin users = "@BITZA\Domain Admins"
read only = No
vfs objects = recycle, full_audit
full_audit:priority = INFO
full_audit:facility = local1
full_audit:failure = unlink rmdir mkdir write rename write aio_write pwrite
full_audit:success = unlink rmdir mkdir write rename write aio_write pwrite
full_audit:prefix = share=%S; id=%U; ip=%I -->
recycle:minsize = 1
recycle:versions = Yes
recycle:directory_mode = 0770
recycle:exclude = *.TMP *.tmp
recycle:maxsize = 0
recycle:version = Yes
recycle:touch_mtime = Yes
recycle:touch = Yes
recycle:keeptree = Yes
recycle:repository = /shares/trash/%S
[TRAC_conf]
comment = SVN configuration
path = /var/trac-projects
admin users = "@BITZA\Domain Admins"
read only = No
vfs objects = recycle, full_audit
full_audit:priority = INFO
full_audit:facility = local1
full_audit:failure = unlink rmdir mkdir write rename write aio_write pwrite
full_audit:success = unlink rmdir mkdir write rename write aio_write pwrite
full_audit:prefix = share=%S; id=%U; ip=%I -->
recycle:minsize = 1
recycle:versions = Yes
recycle:directory_mode = 0770
recycle:exclude = *.TMP *.tmp
recycle:maxsize = 0
recycle:version = Yes
recycle:touch_mtime = Yes
recycle:touch = Yes
recycle:keeptree = Yes
recycle:repository = /shares/trash/%S
Ну и на всякий случай как ввести машину в домен:
# more /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = BITZA.LAN
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
BITZA.LAN = {
kdc = fs.bitza.lan
admin_server = fs.bitza.lan
}
[domain_realm]
.example.com = BITZA.LAN
example.com = BITZA.LAN
Получаем тикет:
# kinit -p adminВводим машину в домен:
Password for admin@BITZA.LAN: # Вводим пароль администратора домена
net ads join -U admin
