forum.opennet.ru

Составление сообщения

Исходное сообщение

"перенос паролей пользователей из Samba в LDAP"
Отправлено Goshik1, 17-Фев-12 09:41

smb.conf:
[global]
#   host msdfs = yes
    workgroup = OD-TEST
    server string = BDC
    security = user
    hosts allow = xxx.xx. 127.
;   load printers = yes
;   printcap name = /etc/printcap
;   printcap name = lpstat
;   printing = cups
;   guest account = pcguest
    log file = /var/log/samba/log.%m
    max log size = 500
;   password server = <NT-Server-Name>
;   realm = MY_REALM
#   passdb backend = smbpasswd
    passdb backend = ldapsam:ldap://localhost/
    ldap delete dn                = Yes
    ldap ssl                      = off
    ldap passwd sync              = Yes
    ldap suffix                   = dc=mylocaldomainl,dc=ru
    ldap machine suffix           = ou=Computers,ou=Samba
    ldap user suffix              = ou=Users,ou=Samba
    ldap group suffix             = ou=Group,ou=Samba
    ldap idmap suffix             = ou=Idmap,ou=Samba
    ldap admin dn                 = cn=root,dc=mylocaldomain,dc=ru
    idmap backend                 = ldap:ldap://localhost
    idmap uid                     = 10000-20000
    idmap gid                     = 10000-20000
    winbind uid = 10000-20000
    winbind gid = 10000-20000
    winbind separator = @
    winbind use default domain = yes
;   include = /usr/local/etc/smb.conf.%m
    socket  options  =  TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    interfaces = xxx.xxx.xxx.xxx/xx
    local master = no
    os level = 65
    domain master = yes
    preferred master = yes
    domain logons = yes
;   logon script = %m.bat
;   logon script = %U.bat
    logon script = netlogon.cmd
;   logon path = \\%L\Profiles\%U
    wins support = yes
;   wins server = w.x.y.z
;   wins proxy = yes
    dns proxy = no
;   display charset = koi8-r
;   unix charset = koi8-r
;   dos charset = cp866
    display charset = utf-8
    unix charset = utf-8
    dos charset = cp866
# Use extended attributes to store file modes
;    store dos attributes = yes
;    map hidden = no
;    map system = no
;    map archive = no
# Use inherited ACLs for directories
;    nt acl support = yes
;    inherit acls = yes
;    map acl inherit = yes
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g
    add machine script = /usr/local/sbin/ldapaddmachine '%u' computers
    add user script = /usr/local/sbin/ldapadduser '%u' users
    add group script = /usr/local/sbin/ldapaddgroup '%g'
    add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
    delete user script = /usr/local/sbin/ldapdeleteuser '%u'
    delete group script = /usr/local/sbin/ldapdeletegroup '%g'
    delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
    set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
    rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'
    encrypt passwords = yes
    time server = Yes
    logon home =
    logon path =
    syslog = LOG_DEBUG
    winbind enum groups = yes
    winbind enum users = yes
    winbind use default domain = yes
    # off port 445
    smb ports = 139
    netbios name = BDC
;    netbios aliases = xxxx
    # наследовать владельца (вышестоящей директории)
    inherit owner           = yes
    # наследовать ACL
    inherit acls            = yes
    # наследовать права
    inherit permissions     = yes
    # позвоялет редактору прав из винды корректно обрабатывать
    # наследуемые права
    map acl inherit         = yes
#============================ Share Definitions ==============================

Исходное сообщение
"перенос паролей пользователей из Samba в LDAP" Отправлено Goshik1, 17-Фев-12 09:41
smb.conf: [global] # host msdfs = yes workgroup = OD-TEST server string = BDC security = user hosts allow = xxx.xx. 127. ; load printers = yes ; printcap name = /etc/printcap ; printcap name = lpstat ; printing = cups ; guest account = pcguest log file = /var/log/samba/log.%m max log size = 500 ; password server = <NT-Server-Name> ; realm = MY_REALM # passdb backend = smbpasswd passdb backend = ldapsam:ldap://localhost/ ldap delete dn = Yes ldap ssl = off ldap passwd sync = Yes ldap suffix = dc=mylocaldomainl,dc=ru ldap machine suffix = ou=Computers,ou=Samba ldap user suffix = ou=Users,ou=Samba ldap group suffix = ou=Group,ou=Samba ldap idmap suffix = ou=Idmap,ou=Samba ldap admin dn = cn=root,dc=mylocaldomain,dc=ru idmap backend = ldap:ldap://localhost idmap uid = 10000-20000 idmap gid = 10000-20000 winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = @ winbind use default domain = yes ; include = /usr/local/etc/smb.conf.%m socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = xxx.xxx.xxx.xxx/xx local master = no os level = 65 domain master = yes preferred master = yes domain logons = yes ; logon script = %m.bat ; logon script = %U.bat logon script = netlogon.cmd ; logon path = \\%L\Profiles\%U wins support = yes ; wins server = w.x.y.z ; wins proxy = yes dns proxy = no ; display charset = koi8-r ; unix charset = koi8-r ; dos charset = cp866 display charset = utf-8 unix charset = utf-8 dos charset = cp866 # Use extended attributes to store file modes ; store dos attributes = yes ; map hidden = no ; map system = no ; map archive = no # Use inherited ACLs for directories ; nt acl support = yes ; inherit acls = yes ; map acl inherit = yes # These scripts are used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts ; add user script = /usr/sbin/useradd %u ; add group script = /usr/sbin/groupadd %g ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u ; delete user script = /usr/sbin/userdel %u ; delete user from group script = /usr/sbin/deluser %u %g ; delete group script = /usr/sbin/groupdel %g add machine script = /usr/local/sbin/ldapaddmachine '%u' computers add user script = /usr/local/sbin/ldapadduser '%u' users add group script = /usr/local/sbin/ldapaddgroup '%g' add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g' delete user script = /usr/local/sbin/ldapdeleteuser '%u' delete group script = /usr/local/sbin/ldapdeletegroup '%g' delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g' set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g' rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew' encrypt passwords = yes time server = Yes logon home = logon path = syslog = LOG_DEBUG winbind enum groups = yes winbind enum users = yes winbind use default domain = yes # off port 445 smb ports = 139 netbios name = BDC ; netbios aliases = xxxx # наследовать владельца (вышестоящей директории) inherit owner = yes # наследовать ACL inherit acls = yes # наследовать права inherit permissions = yes # позвоялет редактору прав из винды корректно обрабатывать # наследуемые права map acl inherit = yes #============================ Share Definitions ==============================

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> smb.conf: > [global] > # host msdfs = yes > workgroup = OD-TEST > server string = BDC > security = user > hosts allow = xxx.xx. 127. > ; load printers = yes > ; printcap name = /etc/printcap > ; printcap name = lpstat > ; printing = cups > ; guest account = pcguest > log file = /var/log/samba/log.%m > max log size = 500 > ; password server = <NT-Server-Name> > ; realm = MY_REALM > # passdb backend = smbpasswd > passdb backend = ldapsam:ldap://localhost/ > ldap delete dn > = > Yes > ldap ssl > > = off > ldap passwd sync > = Yes > ldap suffix > > = dc=mylocaldomainl,dc=ru > ldap machine suffix > = ou=Computers,ou=Samba > ldap user suffix > = ou=Users,ou=Samba > ldap group suffix > = ou=Group,ou=Samba > ldap idmap suffix > = ou=Idmap,ou=Samba > ldap admin dn > > = cn=root,dc=mylocaldomain,dc=ru > idmap backend > = > ldap:ldap://localhost > idmap uid > > = 10000-20000 > idmap gid > > = 10000-20000 > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind separator = @ > winbind use default domain = yes > ; include = /usr/local/etc/smb.conf.%m > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > interfaces = xxx.xxx.xxx.xxx/xx > local master = no > os level = 65 > domain master = yes > preferred master = yes > domain logons = yes > ; logon script = %m.bat > ; logon script = %U.bat > logon script = netlogon.cmd > ; logon path = \\%L\Profiles\%U > wins support = yes > ; wins server = w.x.y.z > ; wins proxy = yes > dns proxy = no > ; display charset = koi8-r > ; unix charset = koi8-r > ; dos charset = cp866 > display charset = utf-8 > unix charset = utf-8 > dos charset = cp866 > # Use extended attributes to store file modes > ; store dos attributes = yes > ; map hidden = no > ; map system = no > ; map archive = no > # Use inherited ACLs for directories > ; nt acl support = yes > ; inherit acls = yes > ; map acl inherit = yes > # These scripts are used on a domain controller or stand-alone > # machine to add or delete corresponding unix accounts > ; add user script = /usr/sbin/useradd %u > ; add group script = /usr/sbin/groupadd %g > ; add machine script = /usr/sbin/adduser -n -g machines -c Machine > -d /dev/null -s /bin/false %u > ; delete user script = /usr/sbin/userdel %u > ; delete user from group script = /usr/sbin/deluser %u %g > ; delete group script = /usr/sbin/groupdel %g > add machine script = /usr/local/sbin/ldapaddmachine '%u' computers > add user script = /usr/local/sbin/ldapadduser '%u' users > add group script = /usr/local/sbin/ldapaddgroup '%g' > add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' > '%g' > delete user script = /usr/local/sbin/ldapdeleteuser '%u' > delete group script = /usr/local/sbin/ldapdeletegroup '%g' > delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' > '%g' > set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g' > rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew' > encrypt passwords = yes > time server = Yes > logon home = > logon path = > syslog = LOG_DEBUG > winbind enum groups = yes > winbind enum users = yes > winbind use default domain = yes > # off port 445 > smb ports = 139 > netbios name = BDC > ; netbios aliases = xxxx > # наследовать владельца (вышестоящей директории) > inherit owner > = yes > # наследовать ACL > inherit acls > = yes > # наследовать права > inherit permissions = yes > # позвоялет редактору прав из винды корректно обрабатывать > # наследуемые права > map acl inherit > = yes > #============================ Share Definitions ==============================
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру