我已在我们的服务器上安装了 Samba,它运行良好。Samba 共享中有数百个文件夹,我们使用 user.map 将用户列表映射到 smb.share 文件中的特定文件夹。由于用户数量增加到数百人以上,因此很难维护如此庞大的用户数量。是否可以使用 LDAP 组授予对特定文件夹中的 Samba 共享的访问权限?
例如,现在我们的 samba 共享中有文件夹 a 和文件夹 b。用户 1-用户 5 可以访问文件夹 a,而用户 6-用户 10 可以访问文件夹 b。现在文件夹 a 中有 400 个用户,并且数量还在不断增加。我们如何管理访问权限,而无需每次新用户需要访问权限时都更新 user.map?可以使用 LDAP 组来完成吗?
这是我们当前的配置:
smb配置文件
[global]
workgroup = AUTH
security = ADS
realm = AUTH.xxxxxxx.NET
domain master = no
os level = 10
client lanman auth = no
client ntlmv2 auth = yes
client plaintext auth = no
client schannel = auto
client signing = auto
client use spnego = yes
log file = /var/log/samba/log.%m
pid directory = /var/run/samba
lock directory = /var/run/samba
private dir = /var/log/samba/private
username map = /etc/samba/users.map
include = /etc/samba/smb.share
共享
[foldera]
comment = Home Directories
path = /opt/foldera
valid users = usera
public = no
browseable = no
writable = yes
write list = usera
[folderb]
comment = Home Directories
path = /opt/folderb
valid users = userb
public = no
browseable = no
writable = yes
write list = userb
用户地图
usera= auth\user1
usera= auth\user2
usera= auth\user3
usera= auth\user4
usera= auth\user5
userb= auth\user6
userb= auth\user7
userb= auth\user8
userb= auth\user9
userb= auth\user10