Difference between revisions of "Net use"
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | Example with smb | + | Example with smb/samba and net use test |
| + | |||
| + | DOMAIN is your AD/LDAP domain | ||
| + | |||
| + | # Samba for SMB shares | ||
| + | /etc/samba/smb.conf | ||
| + | ``` | ||
| + | [clients_someuser] | ||
| + | path = /sftp/clients/someuser | ||
| + | writeable = yes | ||
| + | browseable = no | ||
| + | valid users = @"DOMAIN\sftp_clients_group_rw" | ||
| + | write list = @"DOMAIN\sftp_clients_group_rw" | ||
| + | ``` | ||
``` | ``` | ||
| − | + | systemctl restart smb | |
| − | |||
``` | ``` | ||
| + | |||
| + | # facls | ||
| + | |||
| + | ## Allow traverse of dir to list directory | ||
``` | ``` | ||
| − | + | sudo setfacl -m 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients | |
| − | + | ``` | |
| + | |||
| + | ## Set perms and defaults for current files/dirs -Rdm (d is for default) | ||
| + | ``` | ||
| + | sudo setfacl -Rm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser | ||
| + | sudo setfacl -Rdm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser | ||
| + | getfacl /sftp/clients | ||
| + | getfacl /sftp/clients/someuser | ||
| + | ``` | ||
| + | |||
| + | ## Error if user doesn't exist | ||
| + | ``` | ||
| + | setfacl: Option -m: Invalid argument near character 3 | ||
| + | ``` | ||
| + | |||
| + | ## Remove all | ||
| + | ``` | ||
| + | sudo setfacl -Rx 'g:DOMAIN\sftp_clients_someusergroup_rw:rx' /sftp/clients/someuser | ||
| + | sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients | ||
| + | # for sure remove all perms | ||
| + | sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:rwx' /sftp/clients | ||
``` | ``` | ||
| − | + | # Map drive and delete | |
``` | ``` | ||
| − | + | net use k: \\sftp\myshare /user:DOMAIN\myuser | |
| − | + | dir k: | |
| − | + | mkdir k:\jtest | |
| − | + | rmdir k:\jtest | |
| − | + | net use /delete k: | |
| − | |||
``` | ``` | ||
| − | + | ||
| + | ## Some verbose | ||
| + | |||
| + | smb.conf for AD/LDAP | ||
``` | ``` | ||
| − | + | [global] | |
| − | + | kerberos method = system keytab | |
| − | # | + | template homedir = /home/%U@%D |
| − | + | workgroup = DOMAIN | |
| − | # | + | template shell = /bin/bash |
| − | + | security = ads | |
| + | realm = DOMAIN.COM | ||
| + | idmap config DOMAIN : range = 2000000-2999999 | ||
| + | idmap config DOMAIN : backend = rid | ||
| + | idmap config * : range = 10000-999999 | ||
| + | idmap config * : backend = tdb | ||
| + | winbind use default domain = no | ||
| + | winbind refresh tickets = yes | ||
| + | winbind offline logon = yes | ||
| + | winbind enum groups = no | ||
| + | winbind enum users = no | ||
| + | # winbind cache time = 10 | ||
| + | |||
| + | # Custom | ||
| + | # Use Windows ALCS https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs | ||
| + | # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html | ||
| + | vfs objects = acl_xattr | ||
| + | map acl inherit = yes | ||
| + | inherit owner = yes | ||
| + | inherit permissions = yes | ||
| + | # winbind nested groups = yes | ||
| + | |||
| + | load printers = no | ||
| + | printing = bsd | ||
| + | printcap name = /dev/null | ||
| + | disable spoolss = yes | ||
| + | |||
| + | # log level = 3 | ||
| + | hosts allow = 127. 10. 192.168. | ||
| + | smb encrypt = required | ||
| + | encrypt passwords = yes | ||
| + | client ipc min protocol = SMB3_11 | ||
| + | |||
| + | |||
| + | |||
| + | include = /etc/samba/smb_shares.conf | ||
``` | ``` | ||
Latest revision as of 18:19, 25 March 2022
Example with smb/samba and net use test
DOMAIN is your AD/LDAP domain
/etc/samba/smb.conf
[clients_someuser]
path = /sftp/clients/someuser
writeable = yes
browseable = no
valid users = @"DOMAIN\sftp_clients_group_rw"
write list = @"DOMAIN\sftp_clients_group_rw"
systemctl restart smb
facls
Allow traverse of dir to list directory
sudo setfacl -m 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients
Set perms and defaults for current files/dirs -Rdm (d is for default)
sudo setfacl -Rm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser sudo setfacl -Rdm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser getfacl /sftp/clients getfacl /sftp/clients/someuser
Error if user doesn't exist
setfacl: Option -m: Invalid argument near character 3
Remove all
sudo setfacl -Rx 'g:DOMAIN\sftp_clients_someusergroup_rw:rx' /sftp/clients/someuser sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients # for sure remove all perms sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:rwx' /sftp/clients
Map drive and delete
net use k: \\sftp\myshare /user:DOMAIN\myuser dir k: mkdir k:\jtest rmdir k:\jtest net use /delete k:
Some verbose
smb.conf for AD/LDAP
[global] kerberos method = system keytab template homedir = /home/%U@%D workgroup = DOMAIN template shell = /bin/bash security = ads realm = DOMAIN.COM idmap config DOMAIN : range = 2000000-2999999 idmap config DOMAIN : backend = rid idmap config * : range = 10000-999999 idmap config * : backend = tdb winbind use default domain = no winbind refresh tickets = yes winbind offline logon = yes winbind enum groups = no winbind enum users = no # winbind cache time = 10 # Custom # Use Windows ALCS https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html vfs objects = acl_xattr map acl inherit = yes inherit owner = yes inherit permissions = yes # winbind nested groups = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # log level = 3 hosts allow = 127. 10. 192.168. smb encrypt = required encrypt passwords = yes client ipc min protocol = SMB3_11 include = /etc/samba/smb_shares.conf