Difference between revisions of "Net use"

From UVOO Tech Wiki
Jump to navigation Jump to search
Line 6: Line 6:
 
/etc/samba/smb.conf
 
/etc/samba/smb.conf
 
```
 
```
[myshare]
+
[clients_someuser]
 
     path = /sftp/clients/someuser
 
     path = /sftp/clients/someuser
 
     writeable = yes
 
     writeable = yes
Line 49: Line 49:
 
rmdir k:\jtest
 
rmdir k:\jtest
 
net use /delete k:
 
net use /delete k:
 +
```
 +
 +
 +
## Some verbose
 +
 +
smb.conf for AD/LDAP
 +
```
 +
[global]
 +
kerberos method = system keytab
 +
template homedir = /home/%U@%D
 +
workgroup = DOMAIN
 +
template shell = /bin/bash
 +
security = ads
 +
realm = DOMAIN.COM
 +
idmap config DOMAIN : range = 2000000-2999999
 +
idmap config DOMAIN : backend = rid
 +
idmap config * : range = 10000-999999
 +
idmap config * : backend = tdb
 +
winbind use default domain = no
 +
winbind refresh tickets = yes
 +
winbind offline logon = yes
 +
winbind enum groups = no
 +
winbind enum users = no
 +
# winbind cache time = 10
 +
 +
# Custom
 +
# Use Windows ALCS https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
 +
# https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
 +
vfs objects = acl_xattr
 +
map acl inherit = yes
 +
inherit owner = yes
 +
inherit permissions = yes
 +
# winbind nested groups = yes
 +
 +
load printers = no
 +
printing = bsd
 +
printcap name = /dev/null
 +
disable spoolss = yes
 +
 +
# log level = 3
 +
hosts allow = 127. 10. 192.168.
 +
smb encrypt = required
 +
encrypt passwords = yes
 +
client ipc min protocol = SMB3_11
 +
 +
 +
 +
include = /etc/samba/smb_shares.conf
 
```
 
```

Revision as of 17:02, 25 March 2022

Example with smb/samba and net use test

DOMAIN is your AD/LDAP domain

Samba for SMB shares

/etc/samba/smb.conf 

[clients_someuser]
    path = /sftp/clients/someuser
    writeable = yes
    browseable = no
    valid users =  @"DOMAIN\sftp_clients_group_rw"
    write list =  @"DOMAIN\sftp_clients_group_rw"

systemctl restart smb

facls

Allow traverse of dir to list directory

sudo setfacl -m 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients

Set perms and defaults for current files/dirs -Rdm (d is for default)

sudo setfacl -Rm 'g:DOMAIN\sftp_clients_someusergroup_rw:rx' /sftp/clients/someuser
sudo setfacl -Rdm 'g:DOMAIN\sftp_clients_someusergroup_rw:rx' /sftp/clients/someuser
getfacl  /sftp/clients
getfacl  /sftp/clients/someuser

Remove all

sudo setfacl -Rx 'g:DOMAIN\sftp_clients_someusergroup_rw:rx' /sftp/clients/someuser
sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients
# for sure remove all perms
sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:rwx' /sftp/clients

Map drive and delete

net use k: \\sftp\myshare /user:DOMAIN\myuser
dir k:
mkdir k:\jtest
rmdir k:\jtest
net use /delete k:

Some verbose

smb.conf for AD/LDAP 

[global]
kerberos method = system keytab
template homedir = /home/%U@%D
workgroup = DOMAIN
template shell = /bin/bash
security = ads
realm = DOMAIN.COM
idmap config DOMAIN : range = 2000000-2999999
idmap config DOMAIN : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no
# winbind cache time = 10

# Custom
# Use Windows ALCS https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
# https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
vfs objects = acl_xattr
map acl inherit = yes
inherit owner = yes
inherit permissions = yes
# winbind nested groups = yes

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

# log level = 3
hosts allow = 127. 10. 192.168.
smb encrypt = required
encrypt passwords = yes
client ipc min protocol = SMB3_11



include = /etc/samba/smb_shares.conf
Retrieved from "https://tech.uvoo.io/index.php?title=Net_use&oldid=2879"