10.1.1.10 msrv-dc1.domain.ru 10.1.1.6 msrv-file.domain.ru
#ntpdate 10.1.1.10
#cd /usr/ports/net/samba36 #make install clean && rehash
[X] LDAP With LDAP support [X] ADS With Active Directory support [X] WINBIND With WinBIND support [X] ACL_SUPPORT With ACL support [X] SYSLOG With Syslog support [X] QUOTAS With Disk quota support [X] POPT With system-wide POPT library
#ee /usr/local/etc/smb.conf
#ee /etc/krb5.conf
# /usr/local/etc/rc.d/samba.sh start
#service samba start
Starting SAMBA: removing stale tdbs : Starting nmbd. Starting smbd. Starting winbindd.
#service samba restart
# kinit -p dl_admin // dl_admin - dl_admin@DOMAIN.RU's Password: // # klist // Credentials cache: FILE:/tmp/krb5cc_0 // Principal: dl_admin@DOMAIN.RU Issued Expires Principal Oct 05 10:37:52 Oct 05 17:17:52 krbtgt/DOMAIN.RU@DOMAIN.RU
# net ads join -U dl_admin dl_admin's password: Joined 'MSRV-FILE' to realm 'DOMAIN.RU'
# wbinfo -p Ping to winbindd succeeded on fd 4
# wbinfo -t checking the trust secret via RPC calls succeeded
# wbinfo -g
# wbinfo -u
# id dl_admin
# chown -R dl_admin:"Domain Users" /home/share # chmod -R 770 /home/share
[logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmin.log [libdefaults] ticket_lifetime = 24000 default_realm = DOMAIN.RU dns_lookup_realm = false dns_lookup_kdc = false kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 forwardable = true proxiable = true clockskew = 300 v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } [realms] DOMAIN.RU = { kdc = tcp/10.1.1.10:88 admin_server = tcp/10.1.1.10:749 default_domain = DOMAIN.RU } [domain_realm] .domain.ru = DOMAIN.RU domain.ru = DOMAIN.RU [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false [login] krb4_convert = false krb4_get_tickets = false
group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis #shells: files #services: compat #services_compat: nis #protocols: files #rpc: files
hostname="msrv-file.domain.ru" keymap="ru.koi8-r.win.kbd" ifconfig_bge0="DHCP" sshd_enable="YES" moused_enable="YES" ntpd_enable="YES" powerd_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO" # -- sysinstall generated deltas -- # Sun Oct 5 10:31:10 2014 mousechar_start="3" font8x8="cp866-8x8" font8x14="cp866-8x14" font8x16="cp866b-8x16" scrnmap="koi8-r2cp866" keymap="ru.koi8-r" # smbd_enable="YES" samba_enable="YES" nmbd_enable="YES" winbindd_enable="YES" # -- sysinstall generated deltas -- # Sun Oct 5 15:09:56 2014 tcp_extensions="YES"
# Generated by resolvconf nameserver 10.1.1.10
[global] dos charset = cp866 unix charset = koi8-r display charset = koi8-r workgroup = DOMAIN realm = DOMAIN.RU netbios name = MSRV-FILE server string = File Server %v security = ADS auth methods = winbind map to guest = Bad User log file = /var/log/samba/log.%m max log size = 50 client signing = Yes preferred master = No local master = No domain master = No dns proxy = No winbind use default domain = Yes inherit acls = Yes hosts allow = 10.1.1., 127. map acl inherit = Yes case sensitive = No nt acl support = Yes os level = 10 socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 TCP_NODELAY load printers = No printing = bsd guest account = nobody guest ok = yes winbind enum users = Yes winbind enum groups = Yes winbind nested groups = No winbind refresh tickets = Yes idmap config * : range = 600-20000 idmap config * : backend = tdb interfaces = bge0 [tmp] comment = Temporary file space path = /tmp read only = No create mask = 0666 create mode = 666 directory mode = 666 directory mask = 0777 guest ok = Yes [share] comment = Share Directory path = /home/share write list = "@DOMAIN.RU\Domain Admins", "@DOMAIN.RU\Domain Users" read only = No create mode = 660 directory mode = 660 create mask = 0660 directory mask = 0770
Source: https://habr.com/ru/post/239813/
All Articles