Samba集成Ldap認證
1.基礎安裝
yum -y install samba-common samba samba-client smbldap-tools openldap-clients nss-pam-ldapd
2.配置authconfig-tui
執行命令 "authconfig-tui"
驗證配置
# getent passwd zhangsan:x:6460:18650:zhangsan:/home/zhangsan:/bin/bash #此賬戶爲LDAP用戶
3. 配置Samba
/etc/samba/smb.conf
[global] # 設定 Samba Server 所要加入的工作組或者域。 workgroup = SAMBA # 設置用戶訪問Samba Server的驗證方式,一共有四種驗證方式, security = user cups options = raw log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 100000 # LDAP 支持 passdb backend = ldapsam:ldap://172.16.50.117/ ldap suffix = "dc=xx,dc=cn" ldap admin dn = "cn=Manager,dc=xx,dc=cn" ldap user suffix = "ou=People,dc=xx,dc=cn" ldap group suffix = "ou=Group,dc=xx,dc=cn" ldap delete dn = no ldap passwd sync = yes ldap ssl = no [homes] comment = Home Directories preexec = /data/bin/samba %U path = /data/smb/home/%U writeable = yes [caiwu] # 共享描述 comment = caiwu # 共享資源路徑 path = /data/smb/caiwu # 指定該共享路徑是否可寫 writeable = yes # 是否有瀏覽權限 browseable = yes # 指定允許訪問該資源的用戶,多個用戶用','號間隔,(用戶組用@+組名) valid users = zhangsan # 指定不允許訪問該共享資源的用戶,同 valid users # invalid users = # 指定可以在該共享下寫入文件的用戶 # write list =
執行:smbpasswd -W 輸入LDAP密碼
創建 /data/bin/samba 文件 添加:
umask 077 user=$1 if [ ! -d /data/smb/home/$user ];then mkdir /data/smb/home/$user chmod 777 /data/smb/home/$user fi
chmod 777 /data/bin/samba mkdir /data/smb/home -p mkdir /data/smb/caiwu chmod 777 /data/smb -R
啓動samba服務
systemctl restart smb
4.測試
測試創建文件及目錄