Difference between revisions of "Samba"
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
	
| (13 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| # Setting Up | # Setting Up | ||
| + | |||
| + | ### Redhat 7 | ||
| + | - [[ Samba File Server CentOS 7 ]] | ||
| + | - https://access.redhat.com/solutions/3802321 and https://access.redhat.com/articles/4355391 - Don't use sssd | ||
| + | - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-file_and_print_servers#the_samba_services | ||
| ## This seems to work | ## This seems to work | ||
| + | - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/windows_integration_guide/Red_Hat_Enterprise_Linux-7-Windows_Integration_Guide-en-US.pdf | ||
| - https://www.tecmint.com/integrate-centos-7-to-samba4-active-directory/ | - https://www.tecmint.com/integrate-centos-7-to-samba4-active-directory/ | ||
| - https://www.tecmint.com/join-ubuntu-to-active-directory-domain-member-samba-winbind/ | - https://www.tecmint.com/join-ubuntu-to-active-directory-domain-member-samba-winbind/ | ||
| Line 27: | Line 33: | ||
| New-SmbMapping -UserName jtest -password 123123 -LocalPath 'M:' -RemotePath '\\10.250.24.12\jtest' | New-SmbMapping -UserName jtest -password 123123 -LocalPath 'M:' -RemotePath '\\10.250.24.12\jtest' | ||
| + | ``` | ||
| alternatives --display cifs-idmap-plugin | alternatives --display cifs-idmap-plugin | ||
| − |   alternatives --set cifs-idmap-plugin /usr/lib/cifs-utils/idmapwb.so | + | alternatives --set cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so  # was  alternatives --set cifs-idmap-plugin /usr/lib/cifs-utils/idmapwb.so | 
| − | alternatives --set cifs-idmap-plugin /usr/lib64/cifs-utils/ | + | alternatives --set cifs-idmap-plugin /usr/lib64/cifs-utils/idmapwb.so | 
| − | + | systemctl is-active winbind.service | |
| + | systemctl is-active sssd.service | ||
| + | ``` | ||
| smbpasswd -a jebusk | smbpasswd -a jebusk | ||
| Line 45: | Line 54: | ||
| session optional pam_mkhomedir.so skel=/etc/skel umask=077 | session optional pam_mkhomedir.so skel=/etc/skel umask=077 | ||
| ``` | ``` | ||
| + | |||
| + | |||
| + | # Access | ||
| + | ```realm permit statements handle ACLs with sssd but with windbind let's use pam to restrict auth connections. | ||
| + | /etc/pam.d/sshd | ||
| + | account required pam_access.so | ||
| + | to enforce | ||
| + | /etc/security/access.conf | ||
| + | + : usertoallow : ALL | ||
| + | |||
| + | : ALL : ALL | ||
| + | https://ubuntuforums.org/showthread.php?t=1385235 | ||
| + | ``` | ||
| + | |||
| + | Checks | ||
| + | ``` | ||
| + | getent passwd myuser | ||
| + | id user@domain.com | ||
| + | ``` | ||
| + | |||
| + | |||
| + | http://koo.fi/blog/2015/06/16/ubuntu-14-04-active-directory-authentication/ | ||
Latest revision as of 20:52, 10 May 2020
Setting Up
Redhat 7
- Samba File Server CentOS 7
- https://access.redhat.com/solutions/3802321 and https://access.redhat.com/articles/4355391 - Don't use sssd
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-file_and_print_servers#the_samba_services
This seems to work
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/windows_integration_guide/Red_Hat_Enterprise_Linux-7-Windows_Integration_Guide-en-US.pdf
- https://www.tecmint.com/integrate-centos-7-to-samba4-active-directory/
- https://www.tecmint.com/join-ubuntu-to-active-directory-domain-member-samba-winbind/
Other
- https://www.tecmint.com/integrate-centos-7-to-samba4-active-directory/
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/windows_integration_guide/index#winbind
- https://linuxize.com/post/how-to-install-and-configure-samba-on-ubuntu-18-04/
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/windows_integration_guide/index#winbind
- New-SmbMapping -LocalPath 'O:' -RemotePath '\10.x.x.x\share'
- you can use -username -password
 
Client
gvfs-mount smb://stay@nas/stay
mount sucks as must be root use above or gui tools
sudo mount -t cifs -o username=myuser //nas/myuser /mnt/smbmount
New-SmbMapping -UserName jtest -password 123123 -LocalPath 'M:' -RemotePath '\10.250.24.12\jtest'
alternatives --display cifs-idmap-plugin alternatives --set cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so # was alternatives --set cifs-idmap-plugin /usr/lib/cifs-utils/idmapwb.so alternatives --set cifs-idmap-plugin /usr/lib64/cifs-utils/idmapwb.so systemctl is-active winbind.service systemctl is-active sssd.service
smbpasswd -a jebusk
New-SmbMapping -LocalPath 'O:' -RemotePath '\10.250.24.12\jtest3'
/var/lib/samba/private/passdb.tdb
Ubuntu 18.04
vim /etc/pam.d/common-session # at bottom of file
session optional pam_mkhomedir.so skel=/etc/skel umask=077
Access
- ```realm permit statements handle ACLs with sssd but with windbind let's use pam to restrict auth connections.
- /etc/pam.d/sshd
- account required pam_access.so
- to enforce
- /etc/security/access.conf
- + : usertoallow : ALL
- ALL : ALL https://ubuntuforums.org/showthread.php?t=1385235
<br />Checks
getent passwd myuser id user@domain.com ```
http://koo.fi/blog/2015/06/16/ubuntu-14-04-active-directory-authentication/