我们有一个运行 LDAP 的 Fedora 目录服务器,其中有几百个用户。我们需要一种方法来根据项目创建 Samba 共享,并限制多个 Linux 服务器上对这些共享的访问。
这里有 15-20 台服务器,每台都运行不同版本的 CentOS。想法是根据组创建文件夹,其中读/写访问权限仅限于该组或特定组的一组用户。
我们如何验证用户身份并在同一子网中的另一台服务器中创建 Samba 共享。用户使用 Windows Professional,他们应该访问特定的 Samba 共享来备份特定服务器的文件。
我需要创建一个表单,管理员可以通过选择服务器来创建文件夹,并相应地分配用户。欢迎提出有关如何实现此操作的想法。
答案1
应该没有问题。我在生产环境中使用了以下配置
[global]
workgroup = SYSADM
server string = File server
netbios name = FS1
security = domain
load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes
encrypt passwords = yes
winbind enum groups = yes
winbind enum users = yes
idmap backend = ldap:"ldap://pdc.example.net/"
ldap idmap suffix = ou=idmap
idmap uid = 1000-500000
idmap gid = 1000-500000
idmap config SYSADM : backend = nss
idmap config SYSADM : range = 1000-500000
ldapsam:trusted = yes
ldapsam:editposix = yes
ldap suffix = dc=example,dc=net
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap admin dn = "uid=ldap_reader,ou=users,dc=example,dc=net"
enable privileges = yes
os level = 3
local master = no
domain master = no
preferred master = no
domain logons = no
client ntlmv2 auth = yes
client plaintext auth = no
lanman auth = no
lm announce = no
display charset = utf8
unix charset = utf8
dos charset = cp866
log level = 3
host msdfs = no
[Department1]
comment = Department1
path = /samba/department1/
public=yes
guest ok = no
write list = user1, @"SYSADM\department1"
valid users = @"SYSADM\department1"
browseable = yes
force create mode = 0770
create mode = 0770
force directory mode = 0770
directory mode = 0770
vfs objects = full_audit
full_audit:prefix = [Department1]:%u|%I
full_audit:success = write rmdir rename mkdir unlink open read pread write pwrite
full_audit:failure = none
full_audit:facility = LOCAL1
full_audit:priority = ALERT