Net use

From UVOO Tech Wiki
Jump to navigation Jump to search

Example with smb/samba and net use test

DOMAIN is your AD/LDAP domain

Samba for SMB shares

/etc/samba/smb.conf 

[clients_someuser]
    path = /sftp/clients/someuser
    writeable = yes
    browseable = no
    valid users =  @"DOMAIN\sftp_clients_group_rw"
    write list =  @"DOMAIN\sftp_clients_group_rw"

systemctl restart smb

facls

Allow traverse of dir to list directory

sudo setfacl -m 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients

Set perms and defaults for current files/dirs -Rdm (d is for default)

sudo setfacl -Rm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser
sudo setfacl -Rdm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser
getfacl  /sftp/clients
getfacl  /sftp/clients/someuser

Error if user doesn't exist

setfacl: Option -m: Invalid argument near character 3

Remove all

sudo setfacl -Rx 'g:DOMAIN\sftp_clients_someusergroup_rw:rx' /sftp/clients/someuser
sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients
# for sure remove all perms
sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:rwx' /sftp/clients

Map drive and delete

net use k: \\sftp\myshare /user:DOMAIN\myuser
dir k:
mkdir k:\jtest
rmdir k:\jtest
net use /delete k:

Some verbose

smb.conf for AD/LDAP 

[global]
kerberos method = system keytab
template homedir = /home/%U@%D
workgroup = DOMAIN
template shell = /bin/bash
security = ads
realm = DOMAIN.COM
idmap config DOMAIN : range = 2000000-2999999
idmap config DOMAIN : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no
# winbind cache time = 10

# Custom
# Use Windows ALCS https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
# https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
vfs objects = acl_xattr
map acl inherit = yes
inherit owner = yes
inherit permissions = yes
# winbind nested groups = yes

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

# log level = 3
hosts allow = 127. 10. 192.168.
smb encrypt = required
encrypt passwords = yes
client ipc min protocol = SMB3_11



include = /etc/samba/smb_shares.conf
Retrieved from "https://tech.uvoo.io/index.php?title=Net_use&oldid=2881"