Samba e OpenLDAP: creare un controller di dominio con Debian Lenny: differenze tra le versioni

Samba e OpenLDAP: creare un controller di dominio con Debian Lenny (visualizza wikitesto)

Versione delle 17:57, 28 gen 2010

1 018 byte aggiunti , 28 gen 2010

→‎Configurazione di Samba

Ferdybassi

Burocrati, Amministratori

4 069

contributi

@@ Riga 1 118: / Riga 1 118: @@
         server string = DOMINOP PDC Server - Samba %v
         case sensitive = No
+       use kerberos keytab = yes
+       use spnego = yes
+       client NTLMv2 auth = yes
+       username map = /etc/samba/usermap
     ### Imposto il server come controller di dominio ###
-        os level = 65
+        os level = 255
         preferred master = yes
         local master = yes
         domain master = yes
         domain logons = yes
+       admin users = root addmachine @"Domain Admins"
     ### Opzioni di connessione e sicurezza. Configurazione Wins ###
@@ Riga 1 136: / Riga 1 142: @@
         idmap uid = 10000-90000
         idmap gid = 10000-90000
-        idmap backend = ldap:ldap://127.0.0.1
+        idmap backend = ldap:ldaps://127.0.0.1
         name resolve order = wins lmhosts host bcast
-        dns proxy = no
+        dns proxy = yes
         time server = yes
         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
+       keepalive = 20
+       preserve case = yes
+       short preserve case = yes
+	   bind interfaces only = yes
+       interfaces = bond0, lo
     ### Configuro Winbind
@@ Riga 1 159: / Riga 1 171: @@
         log level = 2
         max log size = 50
+       debug level = 1
+       syslog = 0
+       utmp = Yes
     ### Impostazione charset corretto ###
@@ Riga 1 166: / Riga 1 181: @@
         dos charset = UTF-8
         display charset = UTF-8
+       restrict anonymous = 0
         panic action = /usr/share/samba/panic-action %d
     ### Configurazione del supporto a LDAP ###
-        passdb backend = ldapsam:ldap://127.0.0.1
+        passdb backend = ldapsam:ldaps://127.0.0.1
+       ldap admin dn = krb5PrincipalName=ldapmaster/admin@DOMINIO.LOCAL,ou=KerberosPrincipals,ou=Users,dc=dominio,dc=local
+       ldap ssl = On
+       ldapsam:trusted = yes
         ldap suffix = dc=dominio,dc=local
         ldap machine suffix = ou=Computers
@@ Riga 1 176: / Riga 1 195: @@
         ldap group suffix = ou=Groups
         ldap idmap suffix = ou=Idmap
-       ldap admin dn = cn=admin,dc=dominio,dc=local
         enable privileges = yes
         ldap delete dn = Yes
@@ Riga 1 185: / Riga 1 203: @@
         pam password change = Yes
         unix password sync = Yes
+       pam password change = no
     ### Profili mobili, directory home, script di logon ###
@@ Riga 1 195: / Riga 1 214: @@
         passwd program = /usr/sbin/smbldap-passwd %u
         passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*token*updated*
-        add user script = /usr/sbin/smbldap-useradd -m "%u"
+        add user script = /usr/sbin/smbldap-useradd -m -a "%u"
         ldap delete dn = Yes
         delete user script = /usr/sbin/smbldap-userdel "%u"
@@ Riga 1 214: / Riga 1 233: @@
        ;printer admin = @sambaadmins
+   ### Comando per loggare login e logoff (Legge amministratore di sistema)
+       root preexec = /etc/samba/log_access_login.bash "%L" "%U" "%G" "%H" "%u" "%S" "%I" "%m" ON
+       root postexec = /etc/samba/log_access_login.bash "%L" "%U" "%G" "%H" "%u" "%S" "%I" "%m" OFF
     ### Condivisioni ###
@@ Riga 1 222: / Riga 1 245: @@
         path = /dominio/netlogon
         guest ok = no
-        writable = no
+        writable = yes
         browseable = no
         share modes = no
+       admin users = @"Domain Admins"
 ### Percorso per i roaming profiles
@@ Riga 1 267: / Riga 1 291: @@
        guest ok = no
        inherit permissions = yes
+      admin users = %u
+      write list = %u
+      read list = %u
+      create mask = 0700
+      directory mask = 0700
 ### Directory condivisa