Difference between revisions of "Net use"
Jump to navigation
Jump to search
| (2 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
/etc/samba/smb.conf | /etc/samba/smb.conf | ||
``` | ``` | ||
| − | [ | + | [clients_someuser] |
path = /sftp/clients/someuser | path = /sftp/clients/someuser | ||
writeable = yes | writeable = yes | ||
| Line 28: | Line 28: | ||
## Set perms and defaults for current files/dirs -Rdm (d is for default) | ## Set perms and defaults for current files/dirs -Rdm (d is for default) | ||
``` | ``` | ||
| − | sudo setfacl -Rm 'g:DOMAIN\sftp_clients_someusergroup_rw: | + | sudo setfacl -Rm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser |
| − | sudo setfacl -Rdm 'g:DOMAIN\sftp_clients_someusergroup_rw: | + | sudo setfacl -Rdm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser |
getfacl /sftp/clients | getfacl /sftp/clients | ||
getfacl /sftp/clients/someuser | getfacl /sftp/clients/someuser | ||
| + | ``` | ||
| + | |||
| + | ## Error if user doesn't exist | ||
| + | ``` | ||
| + | setfacl: Option -m: Invalid argument near character 3 | ||
``` | ``` | ||
| Line 49: | Line 54: | ||
rmdir k:\jtest | rmdir k:\jtest | ||
net use /delete k: | net use /delete k: | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ## Some verbose | ||
| + | |||
| + | smb.conf for AD/LDAP | ||
| + | ``` | ||
| + | [global] | ||
| + | kerberos method = system keytab | ||
| + | template homedir = /home/%U@%D | ||
| + | workgroup = DOMAIN | ||
| + | template shell = /bin/bash | ||
| + | security = ads | ||
| + | realm = DOMAIN.COM | ||
| + | idmap config DOMAIN : range = 2000000-2999999 | ||
| + | idmap config DOMAIN : backend = rid | ||
| + | idmap config * : range = 10000-999999 | ||
| + | idmap config * : backend = tdb | ||
| + | winbind use default domain = no | ||
| + | winbind refresh tickets = yes | ||
| + | winbind offline logon = yes | ||
| + | winbind enum groups = no | ||
| + | winbind enum users = no | ||
| + | # winbind cache time = 10 | ||
| + | |||
| + | # Custom | ||
| + | # Use Windows ALCS https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs | ||
| + | # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html | ||
| + | vfs objects = acl_xattr | ||
| + | map acl inherit = yes | ||
| + | inherit owner = yes | ||
| + | inherit permissions = yes | ||
| + | # winbind nested groups = yes | ||
| + | |||
| + | load printers = no | ||
| + | printing = bsd | ||
| + | printcap name = /dev/null | ||
| + | disable spoolss = yes | ||
| + | |||
| + | # log level = 3 | ||
| + | hosts allow = 127. 10. 192.168. | ||
| + | smb encrypt = required | ||
| + | encrypt passwords = yes | ||
| + | client ipc min protocol = SMB3_11 | ||
| + | |||
| + | |||
| + | |||
| + | include = /etc/samba/smb_shares.conf | ||
``` | ``` | ||
Latest revision as of 18:19, 25 March 2022
Example with smb/samba and net use test
DOMAIN is your AD/LDAP domain
/etc/samba/smb.conf
[clients_someuser]
path = /sftp/clients/someuser
writeable = yes
browseable = no
valid users = @"DOMAIN\sftp_clients_group_rw"
write list = @"DOMAIN\sftp_clients_group_rw"
systemctl restart smb
facls
Allow traverse of dir to list directory
sudo setfacl -m 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients
Set perms and defaults for current files/dirs -Rdm (d is for default)
sudo setfacl -Rm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser sudo setfacl -Rdm 'g:DOMAIN\sftp_clients_someusergroup_rw:rwx' /sftp/clients/someuser getfacl /sftp/clients getfacl /sftp/clients/someuser
Error if user doesn't exist
setfacl: Option -m: Invalid argument near character 3
Remove all
sudo setfacl -Rx 'g:DOMAIN\sftp_clients_someusergroup_rw:rx' /sftp/clients/someuser sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:x' /sftp/clients # for sure remove all perms sudo setfacl -x 'g:DOMAIN\sftp_clients_group_rw:rwx' /sftp/clients
Map drive and delete
net use k: \\sftp\myshare /user:DOMAIN\myuser dir k: mkdir k:\jtest rmdir k:\jtest net use /delete k:
Some verbose
smb.conf for AD/LDAP
[global] kerberos method = system keytab template homedir = /home/%U@%D workgroup = DOMAIN template shell = /bin/bash security = ads realm = DOMAIN.COM idmap config DOMAIN : range = 2000000-2999999 idmap config DOMAIN : backend = rid idmap config * : range = 10000-999999 idmap config * : backend = tdb winbind use default domain = no winbind refresh tickets = yes winbind offline logon = yes winbind enum groups = no winbind enum users = no # winbind cache time = 10 # Custom # Use Windows ALCS https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html vfs objects = acl_xattr map acl inherit = yes inherit owner = yes inherit permissions = yes # winbind nested groups = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # log level = 3 hosts allow = 127. 10. 192.168. smb encrypt = required encrypt passwords = yes client ipc min protocol = SMB3_11 include = /etc/samba/smb_shares.conf