samba+ldap或samba+dc认证中,如何实现客户机用ldap或dc账户登陆自动挂载有权限目录
windows+dc的文件共享用惯了,windows下域账号登陆之后能自动打开有权限的共享目录,不需要另外输入账号密码连接,很方便。不知道在linux下的samba+ldap或samba+dc认证中,如何实现客户机用ldap或dc账户登陆客户机后自动挂载有权限共享目录,这个问题比较高级,希望有高手能解答,谢谢。本帖最后由 p3505 于 2017-04-05 14:52 编辑
回复 1# 李老实
samba + openldap, 因範圍蠻大的, 提供一下關鍵字上網找找看.#若是誤會你的意思, 請忽略回覆, 剛好最近在試有些地方提出來.
(1.) openldap, load samba.ldif 或是samba.schemaopenldap 服務正常才能提供給 samba 用
(2.) samba, /etc/samba/smb.conf , /etc/smbldap-tools/smbldap_bind.conf, /etc/smbldap-tools/smbldap.conf
smb.conf
log file = /var/log/samba/%m.log
;username map = /etc/samba/smbusers
encrypt passwords = yes
netbios name = 此台主機名例如 fileserver
server string = Student homework server
workgroup = 例如 Classmate
security = user
max log size = 50
unix charset = UTF-8
max connections = 0
passdb backend = ldapsam:ldap://192.168.1.100/
ldap ssl = no
ldap delete dn = no
ldap admin dn = cn=Manager,dc=ibm,dc=com
ldap suffix = dc=ibm,dc=com
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap passwd sync = on
add machine script = /usr/sbin/smbldap-useradd -W "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
enable privileges = yes
nt acl support = yes
(3.) 新增ldap user 帳號由 smbldap-useradd 加, 會在 user attribute 增加一些 samba 資料
/usr/sbin/ 安裝 smbldap-tools-0.9.10-6.el7.noarch 就有如下指令可用
smbldap-config
smbldap-groupadd
smbldap-groupdel
smbldap-grouplist
smbldap-groupmod
smbldap-groupshow
smbldap-passwd
smbldap-passwdOneTime
smbldap-populate
smbldap-upgrade-0.9.6.pl
smbldap-useradd
smbldap-userdel
smbldap-userinfo
smbldap-userlist
smbldap-usermod
smbldap-usershow
(4.)
/etc/nslcd.conf
https://blog.valhalla.solutions/replace-nss-ldap-and-pam-ldap-with-nss-pam-ldapd/
页:
[1]