Skip to main content

Configurazione SAMBA

Installare i pacchetti:

apt install samba krb5-config winbind libpam-winbind libnss-winbind -y

Salvare i file iniziali:

mv /etc/krb5.conf /etc/krb5.conf.backup
mv /etc/nsswitch.conf /etc/nsswitch.conf.backup
mv /etc/samba/smb.conf /etc/samba/smb.conf.backup

File /etc/krb5.conf:

[libdefaults]
        default_realm = EAGLE.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = true

File /etc/nsswitch.conf:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd winbind compat
group:          files systemd winbind compat
shadow:         files systemd compat winbind
gshadow:        files systemd

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

File /etc/samba/smb.conf:

[global]
        kerberos method = secrets and keytab
        realm = EAGLE.LOCAL
        workgroup = EAGLE
        security = ads
        passdb backend = tdbsam
        printing = cups
        server role = member server
        server string = %h server
        printcap name = /dev/null
        load printers = no
        cups options = raw
        domain master = no
        local master = no
        preferred master = no
        template shell = /bin/bash
        winbind enum groups = Yes
        winbind enum users = Yes
        idmap config * : rangesize = 1000000
        idmap config * : range = 1000000-19999999
        idmap config * : backend = tdb
        vfs objects = acl_xattr
        # Cestino di rete
        vfs object = recycle
        recycle:repository = /mnt/mycephfs/recycle/%U
        recycle:touch = Yes
        recycle:keeptree = Yes
        recycle:versions = Yes
        recycle:noversions = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP
        recycle:exclude = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP
        recycle:excludedir = /recycle,/tmp,/temp,/TMP,/TEMP
        # Cluster
        # clustering = yes

[ceph-ACLs]
        path = /mnt/mycephfs
        public = yes
        writable = yes
        guest ok = no
        inherit acls = yes

Mettere a dominio:

net ads join -U administrator

Riavviare i servizi:

systemctl restart smbd
systemctl restart nmbd
systemctl restart winbind

Controllare a dominio:

wbinfo -u
wbinfo -g

Cambiare i permessi delle cartelle condivise:

Back to top