Ovviamente dovranno essere modificati alcuni parametri in base alle proprie necessità:
Server primario
mkdir /data
vim /etc/samba/smb.conf
# # Primary Domain Controller smb.conf # # Global parameters [global] unix charset = LOCALE workgroup = DDESIGN netbios name = node1 #passdb backend = ldapsam:ldap://127.0.0.1 #passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3" passdb backend =ldapsam:"ldap://node1.differentialdesign.org ldap://node2.differentialdesign.org" username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 0 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u' delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u' add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g' delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g' add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u' delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u' set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u' add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u' shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = %u.bat #logon path = \\192.168.0.4\profiles\%u logon path = \\nodes.differentialdesign.org\profiles\%u logon drive = H: domain logons = Yes domain master = Yes wins support = Yes # peformance optimization all users stored in ldap ldapsam:trusted = yes ldap suffix = dc=differentialdesign,dc=org ldap machine suffix = ou=Computers,ou=Users ldap user suffix = ou=People,ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=sambaadmin,dc=differentialdesign,dc=org idmap backend = ldap://127.0.0.1 idmap uid = 10000-20000 idmap gid = 10000-20000 printer admin = root printing = cups #========================Share Definitions========================= [homes] comment = Home Directories valid users = %S browseable = yes writable = yes create mask = 0600 directory mask = 0700 [netlogon] comment = Network Logon Service path = /data/samba/netlogon writeable = yes browseable = yes read only = no [profiles] path = /data/samba/profiles writeable = yes browseable = no read only = no create mode = 0777 directory mode = 0777 [Documents] comment = share to test samba path = /data/documents writeable = yes browseable = yes read only = no valid users = "@Domain Users"
Server primario
mkdir /data
vim /etc/samba/smb.conf
# # Backup Domain Controller # # Global parameters [global] unix charset = LOCALE workgroup = DDESIGN netbios name = node2 #passdb backend = ldapsam:ldap://127.0.0.1 #passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3" passdb backend = ldapsam:"ldap://node2.differentialdesign.org ldap://node1.differentialdesign.org" username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No logon script = %u.bat #logon path = \\192.168.0.4\profiles\%u logon path = \\nodes.differentialdesign.org\profiles\%u logon drive = H: domain logons = Yes os level = 63 domain master = No wins server = node1.differentialdesign.org ldap suffix = dc=differentialdesign,dc=org ldap machine suffix = ou=Computers,ou=Users ldap user suffix = ou=People,ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=sambaadmin,dc=differentialdesign,dc=org utmp = Yes idmap backend = ldap://node1.differentialdesign.org idmap uid = 10000-20000 idmap gid = 10000-20000 printing = cups #========================Share Definitions========================= [homes] comment = Home Directories valid users = %S browseable = yes writable = yes create mask = 0600 directory mask = 0700 [netlogon] comment = Network Logon Service path = /data/samba/netlogon writeable = yes browseable = yes read only = no [profiles] path = /data/samba/profiles writeable = yes browseable = no read only = no create mode = 0777 directory mode = 0777 [Documents] comment = share to test samba path = /data/documents writeable = yes browseable = yes read only = no valid users = "@Domain Users"
HOST su NODE1
E' importante modificare il file host sia sul nodo1 di seguito:[root@node1 ~]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 node1 localhost.localdomain localhost
192.168.0.2 node1.differentialdesign.org
192.168.0.3 node2.differentialdesign.org
192.168.0.4 nodes.differentialdesign.org
HOST su NODE2
[root@node2 ~]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 node2 localhost.localdomain localhost
192.168.0.2 node1.differentialdesign.org
192.168.0.3 node2.differentialdesign.org
192.168.0.4 nodes.differentialdesign.org
Per un discorso di sicurezza di samba focalizzarsi sul comando hosts allow
## /etc/samba/smb.conf
## Global parameters
[global]
workgroup = DDESIGN
security = user
hosts allow = 192.168.0.0/24
ed inoltre:
## ==== Share Definitions =====
[Documents]
comment = share to test
sambapath = /data/documents
writeable = yes
browseable = yes
read only = no
valid users = "@Domain Users"
hosts allow = 192.168.0.100/24