Gabriele.vivinetto at 10:26, 23 February 2007

2007-02-23T10:26:04Z

New page

Installare Samba su Linux

Creare questo file di configurazione:

<pre>
cat | sudo tee /etc/smb.conf > /dev/null <<EOFile
[global]
# user and group management
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/bin/net groupmap delete ntgroup="%g" ; /usr/sbin/groupdel "%g"
add user to group script = /usr/bin/gpasswd -a "%u" "%g"
delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
#
add user script = /usr/sbin/useradd -m "%u"; mkdir -p "/files/homes/%u"; chown %u: "/files/homes/%u"; chmod go-w "/files/homes/%u"
delete user script = /usr/sbin/userdel -r "%u"
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null "%u"
#username map = /etc/samba/user.map
#
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/bin/passwd "%u"
passwd chat = "*Enter new UNIX password*" %n\n "*Retype new UNIX password*" %n\n "*password updated successfully*" .

# Network role parameter
netbios name = GALSERVER
workgroup = GALIMBERTI
server String = "GALServer"
domain master = no
domain logons = yes
wins support = yes
security = user
local master = yes
os level = 99
time server = yes
encrypt passwords = true
logon home = \%L\%U
logon script = user.cmd
logon path = \%L\Profiles\%U
logon drive = P:

# Administrators users
admin users = administrator
printer admin = administrator

# Logging settings
syslog = 0
syslog only = no
log file = /var/log/samba/smbd
#log level = 3
#debug timestamp = yes

# Network binding
interfaces = eth0
bind interfaces only = Yes

# Printing
printing = cups
printcap name = cups
load printers = yes

[printers]
comment = All Printers
path = /tmp
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No

[print$]
comment = Printer Drivers Share
path = /var/lib/samba/printers
public = yes
guest ok = yes
browseable = yes
# read only = yes
writable=yes
write list = administrator

[tmp]
path = /tmp
public = yes
guest ok = yes
browseable = yes
read only = yes

[dati]
path = /files/dati
browseable = yes
writable = yes

[profiles]
path = /files/profiles
browseable = yes
writable = yes

[netlogon]
path = /files/netlogon
public = yes
guest ok = yes
browseable = yes
read only = yes
writable = yes
write list = administrator

[install]
path = /files/install
#public = yes
#guest ok = yes
browseable = yes
read only = yes
writable = yes
write list = administrator

[homes]
comment = Home Directory
#valid users = %S
read only = no
browseable = no
path = /files/homes/%S

[homes$]
comment = Home Directories
#valid users = administrator
read only = no
browseable = no
path = /files/homes

[files$]
comment = Administrative Files Share
#valid users = administrator
read only = no
browseable = no
path = /files

[cdrom]
comment = Cdrom
read only = yes
path = /media/cdrom
</pre>

Verificare il ruolo di PDC :

<pre>
$ testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[printers]"
...
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC
Press enter to see a dump of your service definitions
</pre>

Verificare di pingare con il nome NETBIOS la macchina NT:

ping SERVER

Stoppare SAMBA

sudo /etc/init.d/samba stop

Azzerare tutti i database degli account:

sudo rm -f /var/lib/sambda/*.tdb

Fare il Join nel dominio della macchina linux:

sudo net rpc join -S SERVER -W GALIMBERTI -UAdministrator%Password

Avviare samba

sudo /etc/init.d/samba start

Creare un utente e cancellarlo per creare un databse vuoto:

sudo smbpasswd -a root
sudo smbpasswd -x root

Importare utenti ed account macchine:

sudo net rpc vampire -S SERVER -UAdministrator%Password

Non deve esserci nessun errore.

Controllare che gli account siano stati importati:

sudo pdbedit -L

Rimuovere tutti i gruppi unix con queti nomi se presenti:
<pre>
sudo groupdel Account Operators
sudo groupdel Administrators
sudo groupdel Backup Operators
sudo groupdel Domain Admins
sudo groupdel Domain Guests
sudo groupdel Domain Users
sudo groupdel Guests
sudo groupdel Power Users
sudo groupdel Print Operators
sudo groupdel Replicators
sudo groupdel System Operators
sudo groupdel Users
</pre>

Controllare che non ci siano altri gruppi standard di NT creati come gruppi unix:

cat /etc/group

Se ci sono altri gruppi personalizzati, lasciarli.

Mappare i gruppi standard di NT ai gruppi unix:

<pre>
sudo net groupmap modify ntgroup="Domain Admins" unixgroup=root type=d
sudo net groupmap modify ntgroup="Domain Users" unixgroup=users type=d
sudo net groupmap modify ntgroup="Domain Guests" unixgroup=nogroup type=d
sudo net groupmap modify ntgroup="Account Operators" unixgroup=staff type=b
sudo net groupmap modify ntgroup="Administrators" unixgroup=root type=b
sudo net groupmap modify ntgroup="Backup Operators" unixgroup=backup type=b
sudo net groupmap modify ntgroup="Guests" unixgroup=nogroup type=b
sudo net groupmap modify ntgroup="Power Users" unixgroup=staff type=b
sudo net groupmap modify ntgroup="Print Operators" unixgroup=lpadmin type=b
sudo net groupmap modify ntgroup="Replicators" unixgroup=staff type=b
sudo net groupmap modify ntgroup="Users" unixgroup=users type=b
</pre>

Eco come deve essere la situazione alla fine:

<pre>
sudo net groupmap list | sort

Account Operators (S-1-5-32-548) -> staff
Administrators (S-1-5-32-544) -> root
Backup Operators (S-1-5-32-551) -> backup
Domain Admins (S-1-5-21-529431811-589378722-923749875-512) -> root
Domain Guests (S-1-5-21-529431811-589378722-923749875-514) -> nogroup
Domain Users (S-1-5-21-529431811-589378722-923749875-513) -> users
Guests (S-1-5-32-546) -> nogroup
Power Users (S-1-5-32-547) -> staff
Print Operators (S-1-5-32-550) -> lpadmin
Replicators (S-1-5-32-552) -> staff
System Operators (S-1-5-32-549) -> staff
Users (S-1-5-32-545) -> users
</pre>

Scollegare il la macchina NT

Cambiare il parametro:

sudoedit /etc/samba/smb.conf
...
domain master = yes

Riavviare samba:
sudo /etc/init.d/samba stop; sudo /etc/init.d/samba start

Verificare il ruolo:

<pre>
testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[printers]"
...
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
</pre>

Molto probabilmente il percorso di rete dei profili e delle home sarà sbagliato, mancherà uno "\" iniziale:

<pre>
sudo pdbedit -Lv Administrator
Unix username: Administrator
NT username: Administrator
Account Flags: [UX ]
User SID: S-1-5-21-529431811-589378722-923749875-500
Primary Group SID: S-1-5-21-529431811-589378722-923749875-512
Full Name: Administrator
Home Directory: \galserver\Administrator
HomeDir Drive: P:
Logon Script:
Profile Path: \galserver\Profiles\Administrator
Domain: GALIMBERTI
Account desc: Login ID for administering the server
Workstations:
Munged dial: bQA6ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABkAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAA
Logon time: Thu, 22 Feb 2007 20:23:51 GMT
Logoff time: Thu, 22 Feb 2007 20:23:51 GMT
Kickoff time: 0
Password last set: Thu, 22 Feb 2007 22:37:09 GMT
Password can change: Thu, 22 Feb 2007 22:37:09 GMT
Password must change: Fri, 06 Apr 2007 22:24:41 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
</pre>

DA una macchina >=Win2k, loggarsi come administrator del dominio, usare User Manager per correggere a tutti (selezionando tuti gli user) questi percorsi come

\\GALServer\Profiles\%USERNAME%
e
\\GALServer\%USERNAME%

(si può fare anche con uno script e pdbedit)

Formattare la macchina NT dopo qualche giorno.

Migrazione da Windows NT4 a Samba 3x - Revision history

Gabriele.vivinetto at 10:26, 23 February 2007