从单个 LDAP 服务器在多个服务器之间创建 Samba 共享

从单个 LDAP 服务器在多个服务器之间创建 Samba 共享

我们有一个运行 LDAP 的 Fedora 目录服务器,其中有几百个用户。我们需要一种方法来根据项目创建 Samba 共享,并限制多个 Linux 服务器上对这些共享的访问。

这里有 15-20 台服务器,每台都运行不同版本的 CentOS。想法是根据组创建文件夹,其中读/写访问权限仅限于该组或特定组的一组用户。

我们如何验证用户身份并在同一子网中的另一台服务器中创建 Samba 共享。用户使用 Windows Professional,他们应该访问特定的 Samba 共享来备份特定服务器的文件。

我需要创建一个表单,管理员可以通过选择服务器来创建文件夹,并相应地分配用户。欢迎提出有关如何实现此操作的想法。

答案1

应该没有问题。我在生产环境中使用了以下配置

[global]

    workgroup = SYSADM
    server string = File server
    netbios name = FS1
    security = domain

    load printers = no
    show add printer wizard = no
    printcap name = /dev/null
    disable spoolss = yes

    encrypt passwords = yes

    winbind enum groups = yes
    winbind enum users = yes

    idmap backend = ldap:"ldap://pdc.example.net/"
    ldap idmap suffix = ou=idmap

    idmap uid = 1000-500000
    idmap gid = 1000-500000

    idmap config SYSADM : backend  = nss
    idmap config SYSADM : range = 1000-500000

    ldapsam:trusted = yes
    ldapsam:editposix = yes

    ldap suffix = dc=example,dc=net
    ldap user suffix = ou=users
    ldap group suffix = ou=groups
    ldap machine suffix = ou=computers

    ldap admin dn = "uid=ldap_reader,ou=users,dc=example,dc=net"

    enable privileges = yes

    os level = 3
    local master = no
    domain master = no
    preferred master = no
    domain logons = no

    client ntlmv2 auth = yes
    client plaintext auth = no

    lanman auth = no
    lm announce = no

    display charset = utf8
    unix charset = utf8
    dos charset = cp866

    log level  = 3
    host msdfs  = no

[Department1]
    comment = Department1
    path = /samba/department1/
    public=yes
    guest ok = no
    write list = user1, @"SYSADM\department1"
    valid users = @"SYSADM\department1"
    browseable = yes
    force create mode = 0770
    create mode = 0770
    force directory mode = 0770
    directory mode = 0770
    vfs objects = full_audit
    full_audit:prefix = [Department1]:%u|%I
    full_audit:success = write rmdir rename mkdir unlink open read pread write pwrite
    full_audit:failure = none
    full_audit:facility = LOCAL1
    full_audit:priority = ALERT

相关内容