Per la parte precedente 1/7 seguente cliccare qui
Partendo dal precedente esempio per aggiuntere l'autenticazione a livello utente:
1) groupadd security
2) mkdir /home/security
3) chgrp security /home/security
4) chmod 2770 /home/security
5) vi /etc/samba/smb.conf
# line 102: modificarla
security = user
# aggiungere in fondo
[Security] # specificare qualsiasi nome
path = /home/security
writable = yes
create mode = 0770
directory mode = 0770
share modes = yes
writable = yes
create mode = 0770
directory mode = 0770
share modes = yes
guest ok = no
# prohibit guest
valid users = @security # permette solo questo gruppo
6) /etc/init.d/smb restart
Shutting down SMB services:
[ OK ]
Shutting down NMB services:
[ OK ]
Starting SMB services:
[ OK ]
Starting NMB services:
[ OK ]
7) smbpasswd -a cent # aggiungiamo l'utente
New SMB password:
Retype new SMB password:
#Utente cent aggiunto
8) vi /etc/group
security:x:502:cent # aggiungiamo cent
9) Mappare sul sistema windows la cartella di rete con la seguente sintassi:
\\server_name\security
10) E' conveniente creare su linux un utente con lo stesso nome di quello con il quale siamo loggati su windows 7/vista/xp. Stessa cosa dicasi della password. In tal modo l'autenticazione sulla share avviene in automatico senza dover mettere user e login, alternativamente, se non utilizziamo questa strada dobbiamo inserire utente e password.
12) Ecco qualche comando utile da conoscere con samba:
testparm
Esistono 3 daemon smbd, nmbd, and winbindd
smbd si occupa della condivisione dei file e della funzione di domain controller
nmbd si occupa del protocollo netbios
winbindd viene utilizzato quando samba fa parte di un dominio
I log di smbd si possono controllare in /var/log/samba/smbd.log
13) in smb.conf si possono usare i seguenti parametri:
valid users indica gli utenti disponibili (usando @ davanti al nome del gruppo si può utilizzare insieme a questo parametro)
invalid users
admin users lista utenti o gruppi con diritti amministrativi
username map, contiene un mapping gra utenti linux e Windows. Si può abilitare alcuni utenti di windows di accedere al server samba senza che questi abbiano un relativo utente su linux. Ad esempio:
root = Admin Administrator. Qui l'utente windows Admin e Administrator utilizzeranno l'utente server quando accederanno al server samba.
14) Copio incollo un articolo interessante per importare utenti da un dominio:
The second solution is to use the winbindd daemon. This daemon makes all users and
groups that are present inside a domain available inside a Linux system. It accomplishes
this by using Name Service Switch (NSS). This is an interface in the core Linux libraries
that allows for different ways to store and retrieve a list of users and groups (besides others).
You can find the configuration for NSS in the file /etc/nsswitch.conf.
The winbindd daemon will use NSS to inject all domain users and groups into the
Linux environment. This way, there is no need to create separate user accounts for all
domain users. Using winbind gets around the problem of having to create an account for
every user who logs in to the Samba server. In this example, we will be using the winbind
service.
groups that are present inside a domain available inside a Linux system. It accomplishes
this by using Name Service Switch (NSS). This is an interface in the core Linux libraries
that allows for different ways to store and retrieve a list of users and groups (besides others).
You can find the configuration for NSS in the file /etc/nsswitch.conf.
The winbindd daemon will use NSS to inject all domain users and groups into the
Linux environment. This way, there is no need to create separate user accounts for all
domain users. Using winbind gets around the problem of having to create an account for
every user who logs in to the Samba server. In this example, we will be using the winbind
service.
To set this up, you will of course need an Active Directory domain controller. You
will also need to know the name of the domain and the name of the realm. For example,
if the realm is testdomain.com, then the domain name is testdomain. You will also need the
password of the domain administrator account to add the Samba server to the domain.
Finally, you need to install the krb5-workstation package using Yum.
[global]
workgroup = TESTDOMAIN
realm = TESTDOMAIN.COM
server string = Samba Server Version %v
security = ADS
load printers = yes
cups options = raw
template shell = /bin/bash
idmap uid = 5000-100000
idmap gid = 5000-100000
winbind use default domain = Yes
Next you edit the /etc/nsswitch.conf file so that the Linux environment gets to know
the domain users and groups. Add the word winbind to the following lines:
passwd: files winbind
shadow: files winbind
group: files winbind
Next you need to initialize Kerberos to allow the Samba server to become member.
To do this, run this command:
# kinit administrator@TESTDOMAIN.COM
Then you can join the Samba server to the domain using this command:
# net ads join -Uadministrator%password
Replace the password string with the real password of the domain administrator. If
the command returns a line Joined domain TESTDOMAIN, then it succeeded, and the Samba
server is now part of the domain. Now you can start the Samba daemons. First start the
winbindd daemon and then the others:
# service winbind start
Starting Winbind services: [ OK ]
# service smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
To check whether the winbindd daemon is doing its job, you can run the wbinfo command,
which directly talks to the daemon and can tell you, besides other things, the users
and groups it sees from the domain.
You can also use the getent command. This can ask the NSS directly for all information it knows. The getent passwd command should show all users, including those present in /etc/passwd and those present in the domain. The getent group command does the same but for groups.
Per la parte precedente 1/7 seguente cliccare qui
Per la parte seguente 3/7 seguente cliccare qui 
