samba+ldap或samba+dc认证中，如何实现客户机用ldap或dc账户登陆自动挂载有权限目录

李老实

windows+dc的文件共享用惯了，windows下域账号登陆之后能自动打开有权限的共享目录，不需要另外输入账号密码连接，很方便。不知道在linux下的samba+ldap或samba+dc认证中，如何实现客户机用ldap或dc账户登陆客户机后自动挂载有权限共享目录，这个问题比较高级，希望有高手能解答，谢谢。

p3505

回复 1# 李老实
samba + openldap, 因範圍蠻大的, 提供一下關鍵字上網找找看.#若是誤會你的意思, 請忽略回覆, 剛好最近在試有些地方提出來.

(1.) openldap, load samba.ldif 或是samba.schemaopenldap 服務正常才能提供給 samba 用

(2.) samba, /etc/samba/smb.conf , /etc/smbldap-tools/smbldap_bind.conf, /etc/smbldap-tools/smbldap.conf

smb.conf
[global]
   log file = /var/log/samba/%m.log
   ;username map = /etc/samba/smbusers
   encrypt passwords = yes
   netbios name = 此台主機名例如 fileserver
   server string = Student homework server
   workgroup = 例如 Classmate
   security = user
   max log size = 50
   unix charset = UTF-8
   max connections = 0
   passdb backend = ldapsam:ldap://192.168.1.100/
   ldap ssl = no
   ldap delete dn = no
   ldap admin dn = cn=Manager,dc=ibm,dc=com
   ldap suffix = dc=ibm,dc=com
   ldap user suffix = ou=users
   ldap group suffix = ou=groups
   ldap machine suffix = ou=machines
   ldap passwd sync = on
   add machine script = /usr/sbin/smbldap-useradd -W "%u"
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   enable privileges = yes
   nt acl support = yes


(3.) 新增ldap user 帳號由 smbldap-useradd 加, 會在 user attribute 增加一些 samba 資料
/usr/sbin/ 安裝 smbldap-tools-0.9.10-6.el7.noarch 就有如下指令可用
smbldap-config
smbldap-groupadd
smbldap-groupdel
smbldap-grouplist
smbldap-groupmod
smbldap-groupshow
smbldap-passwd
smbldap-passwdOneTime
smbldap-populate
smbldap-upgrade-0.9.6.pl
smbldap-useradd
smbldap-userdel
smbldap-userinfo
smbldap-userlist
smbldap-usermod
smbldap-usershow
(4.)
/etc/nslcd.conf
https://blog.valhalla.solutions/ ... with-nss-pam-ldapd/