настройка_samba_в

<pre> dnf install samba samba-client samba-winbind samba-winbind-clients krb5-workstation -y </pre>

<pre> systemctl enable –now {smb,nmb} firewall-cmd –permanent –zone=public –add-service=samba firewall-cmd –reload </pre>

<pre> cat « EOF » /etc/hosts 10.1.0.20 fs1.augin.ru fs1 EOF

</pre> <pre> cat « EOF > /etc/krb5.conf.d/augin.ru [libdefaults] default_realm = DC1.AUGIN.RU

[realms] DC1.AUGIN.RU = {

kdc = dc1.augin.ru
admin_server = dc1.augin.ru

}

AUGIN.RU = {

kdc = dc1.augin.ru

}

[domain_realm] dc1.augin.ru = DC1.AUGIN.RU .dc1.augin.ru = DC1.AUGIN.RU EOF

</pre>

<pre> cat « EOF > /etc/samba/smb.conf [global]

 workgroup = AUGIN
 security = ads

 kerberos method = secrets and keytab
 realm = AUGIN.RU
 winbind use default domain = true
 winbind enum groups = Yes
 winbind enum users = Yes
 password server = dc1.augin.ru
 idmap config * : range = 16777216-33554431
 idmap config * : backend = autorid
 template homedir = /home/%U
 template shell = /sbin/nologin
 winbind offline logon = false

 vfs objects = acl_xattr
 map acl inherit = Yes
 store dos attributes = Yes

[homes] comment = %U Home dir path = /home/%U browseable = no writable = yes inherit acls = yes map acl inherit = yes root preexec = /etc/samba/makedir.sh %U veto files = /*.vault/*.code/*.neitrino/*.mp3/

[disk1$] comment = disk1 path = /home public = yes writable = yes #корзина recycle:repository = .recycle/%U recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:maxsize = 0 recycle:exclude = *.tmp, ~\$* recycle:exclude_dir = /tmp

EOF

</pre>

<pre> net ads join -U Administrator </pre> <pre> authselect select winbind –force systemctl enable winbind –now </pre> <pre> net ads info wbinfo -u systemctl restart smb nmb winbind </pre>

<pre> cat « EOF > /etc/samba/makedir.sh #!/bin/bash

if [ ! -d /home/\$1 ]; then

      mkdir /home/\$1
      chmod g+s /home/\$1
      chown "\$1" /home/\$1
      chmod 770 /home/\$1
      setfacl -m g:"domain admins":rwx /home/\$1
      setfacl -d -m g:"domain admins":rwx /home/\$1
      setfacl -m u:"\$1":rwx /home/\$1
      setfacl -d -m u:"\$1":rwx /home/\$1

fi exit 0 EOF chmod +x /etc/samba/makedir.sh

</pre>

<pre> setfacl -R -m g:«domain admins»:rwx /home setfacl -R -d -m g:«domain admins»:rwx /home </pre>

nano acl_users.sh <pre> #!/bin/bash

for D in *; do if [ -d «${D}» ]; then echo «${D}» # your processing here setfacl -R -d -m u:«${D}»:rwx /home/disk1/users/${D} setfacl -R -m u:«${D}»:rwx /home/disk1/users/${D}

</pre>