[Sysadmins] SAMBA + Win2000Server
Alexey Shabalin
=?iso-8859-1?q?a=2Eshabalin_=CE=C1_gmail=2Ecom?=
÷Ô áÐÒ 15 14:14:56 MSD 2008
15.04.08, Fedorenko Ruslan §ß§Ñ§á§Ú§ã§Ñ§Ý(§Ñ):
> §¥§à§Ò§â§à§Ô§à §Ó§â§Ö§Þ§Ö§ß§Ú §ã§å§ä§à§Ü!
> 14.04.08, Ruslan §ß§Ñ§á§Ú§ã§Ñ§Ý(§Ñ):
> > §¥§à§Ò§â§à§Ô§à §Ó§â§Ö§Þ§Ö§ß§Ú §ã§å§ä§à§Ü!
> > §±§à§Õ§ã§Ü§Ñ§Ø§Ú§ä§Ö §á§à§Ø§Ñ§Ý§å§Û§ã§ä§Ñ. §±§í§ä§Ñ§ð§ã§î §ã§Ñ§Þ§Ò§å §á§â§Ú§Ü§â§å§ä§Ú§ä§î §Ü §Ü§à§ß§ä§à§â§Ý§Ý§Ö§â§å §Õ§à§Þ§Ö§ß§Ñ §á§à§Õ
> > Win2000. §£§ã§Ö §Ó§â§à§Õ§Ö §Ò§í §ß§Ñ§ã§ä§â§à§Ú§Ý. §³§á§Ú§ã§à§Ü §á§à§Ý§î§Ù§à§Ó§Ñ§ä§Ö§Ý§Ö§Û §Ó§Ú§Õ§Ú§ä, §Ô§â§å§á§á§í §ä§à§Ø§Ö
> > (§Õ§à§Þ§Ö§ß§ß§í§Ö). §£ §ã§Ö§ä§Ö§Ó§à§Þ §à§Ü§â§å§Ø§Ö§ß§Ú§Ú §Ù§Ñ§ç§à§Ø§å §ß§Ñ §ã§Ö§â§Ó§Ñ§Ü, §Ó §á§Ñ§á§Ü§Ú. §±§Ö§â§Ö§Ù§Ñ§Ô§â§å§Ù§Ú§Ý§ã§ñ
> ?
> > §ß§Ö §á§å§ã§Ü§Ñ§Ö§ä §Ý§à§Ü§Ñ§Ý§î§ß§à §ß§Ñ §ã§Ö§â§Ó§Ö§â §ã §ã§Ñ§Þ§Ò§à§Û ?§ß§Ú §á§à§Õ §Õ§à§Þ§Ö§ß§ß§í§Þ§Ú §ð§Ù§Ö§â§Ñ§Þ§Ú, §ß§Ú §á§à§Õ
> > root.
> > §±§â§Ú §á§à§á§í§ä§Ü§Ö §Ù§Ñ§Ý§à§Ô§Ú§ß§Ú§ä§î§ã§ñ §á§Ú§ê§Ö§ä:
> > /Home/dom.local/User/
> > /Home/dom.local/User/Dokuments/
> > /Home/dom.local/User/tmp/
> > /Home/dom.local/User/.xsession.d/
> > /Home/dom.local/User/.mutt
> > /Home/dom.local/User/color.default
> §¯§Ö §á§à§ß§ñ§ä§ß§à §Ô§Õ§Ö §ï§ä§Ú §ã§ä§â§à§é§Ü§Ú §å §Ó§Ñ§ã §Ó§í§Ó§à§Õ§ñ§ä§ã§ñ, §Õ§Ñ §Ú §Ó§Ö§â§à§ñ§ä§ß§à §ß§Ö
> §Õ§à§Ü§à§ß§è§Ñ(§Ú§Ý§Ú §ß§Ö §ã§ß§Ñ§é§Ñ§Ý§Ñ) §Ú§ç §ß§Ñ§Þ §á§à§Ü§Ñ§Ù§í§Ó§Ñ§Ö§ä§Ö. §±§â§Ö§Õ§á§à§Ý§à§Ø§å §é§ä§à §ï§ä§Ú §ã§ä§â§à§é§Ü§Ú
> §à§Ù§ß§Ñ§é§Ñ§ð§ä §é§ä§à §á§â§à§ê§Ý§Ñ §Ñ§å§ä§Ö§ß§ä§Ú§æ§Ú§Ü§Ñ§è§Ú§ñ §Õ§à§Þ§Ö§ß§ß§í§Þ §á§à§Ý§î§Ù§à§Ó§Ñ§ä§Ö§Ý§Ö§Þ User, §ß§à
> §Õ§à§Þ§Ñ§ê§ß§Ö§Û §Õ§Ú§â§Ö§Ü§ä§à§â§Ú§Ú §å §ß§Ö§Ô§à §ß§Ö§ä, §Ó§à§ä §Ú §à§Ò§Ý§Ñ§Þ§í§Ó§Ñ§Ö§ä§ã§ñ. §¦§ë§× §á§â§à§Ö§Õ§á§à§Ý§à§Ø§å,
> §é§ä§à §ã §Ü§à§ß§æ§Ú§Ô§Ñ§Þ§Ú §Ó§ã§×-§Ø§Ö §Ô§Õ§Ö-§ä§à §ß§Ñ§Ü§à§ã§ñ§é§Ú§Ý.
> §±§à§Ü§Ñ§Ù§í§Ó§Ñ§ä§Ö §Ó§ã§Ö §Ü§à§ß§æ§Ú§Ô§Ú, §é§ä§à §á§â§Ñ§Ó§Ú§Ý§Ú (smb.conf, pam.d/login §Ú
> §à§ã§ä§Ñ§Ý§î§ß§í§Ö, nsswitch.conf )
> > §Ñ §Õ§Ñ§Ý§î§ê§Ö §Ó§í§Ò§â§Ñ§ã§í§Ó§Ñ§Ö§ä §Ó §Ü§à§ß§ã§à§Ý§î §Ú §á§â§à§ã§Ú§ä §à§á§ñ§ä§î §Ó§Ó§Ö§ã§ä§Ú §Ý§à§Ô§Ú§ß:
> §³§á§Ñ§ã§Ú§Ò§à §Ù§Ñ §à§ä§Ó§Ö§ä, §ñ §å§Ø§Ö §á§à§ß§ñ§Ý §Ó §Ü§Ñ§Ü§å§ð §ã§ä§à§â§à§ß§å §Ü§à§á§Ñ§ä§î ¨C §Ó§ã§Ö §Õ§Ö§Ý§à §Ó pam.
> §´§à§Ý§î§Ü§à §ñ §ß§Ö §á§à§ß§ñ§Ý §Ü§Ñ§Ü §Ú§ç §ß§Ñ§ã§ä§â§à§Ú§ä§î §á§â§Ñ§Ó§Ú§Ý§î§ß§à?
> §£§à§ä §ß§Ñ§á§â§Ú§Þ§Ö§â §ä§Ñ§Ü
> http://www.linux-online.ru/desktop/users/documentation/detail.php?ID=1514.
> §¯§à, §ä§Ñ§Þ §é§ä§à-§ä§à §ß§Ö ¨C§ä§à ¡.
> §¡ §Ó§à§à§Ò§ë§Ö §á§Ö§â§Ö§ã§Þ§à§ä§â§Ö§Ý §Ü§å§é§å §Þ§Ñ§ä§Ö§â§Ú§Ñ§Ý§à§Ó §Ú §Ó§ã§Ö §â§Ñ§Ó§ß§à §ß§Ö §Ó§í§ç§à§Õ§Ú§ä. §¦§ã§Ý§Ú §Ö§ã§ä§î
> §Ó§à§Ù§Þ§à§Ø§ß§à§ã§ä§î §á§à§Õ§ã§Ü§Ñ§Ø§Ú§ä§Ö §Ü§Ñ§Ü §á§â§Ñ§Ó§Ú§Ý§î§ß§à §ã§Õ§Ö§Ý§Ñ§ä§î (§â§Ñ§Ò§à§é§Ú§Û §Ü§à§ß§æ§Ú§Ô pam?)?
> §©§Ñ§Ý§à§Ô§Ú§ß§Ú§ä§î§ã§ñ §ß§å§Ø§ß§à §Ó §Ü§à§ß§ã§à§Ý§Ú, §ß§Ú§Ü§Ñ§Ü§à§Û §Ô§â§Ñ§æ§Ú§Ü§Ú §ß§Ö§ä¡.
> §£ §â§Ñ§ã§ã§í§Ý§Ü§å §ß§Ö §ã§ä§Ñ§Ý §ã§á§Ñ§Þ§Ú§ä§î ¨C §Ó §á§â§Ú§ß§è§Ú§á§Ö §Ó§à§á§â§à§ã ¨C §ä§à §á§å§ã§ä§ñ§Ü§à§Ó§í§Û¡.
> §©§Ñ§â§Ñ§ß§Ö§Ö §Ò§Ý§Ñ§Ô§à§Õ§Ñ§â§ð §Ù§Ñ §à§ä§Ó§Ö§ä¡.
> §³ §å§Ó§Ñ§Ø§Ö§ß§Ú§Ö§Þ,
> §¶§Ö§Õ§à§â§Ö§ß§Ü§à §²§å§ã§Ý§Ñ§ß
§¯§Ñ §ã§Ñ§Þ§à§Þ §Õ§Ö§Ý§Ö §Ù§â§ñ §Ó §â§Ñ§ã§ã§í§Ý§Ü§å §ß§Ö §á§Ú§ê§Ú§ä§Ö. §´§Ñ§Ü§à§Ö §ß§Ñ§Õ§à §à§ã§ä§Ñ§Ó§Ý§ñ§ä§î §Õ§Ý§ñ
§Ú§ã§ä§à§â§Ú§Ú. §®§Ö§ã§ñ§è§Ö§Ó §á§ñ§ä§î§ä §ß§Ñ§Ù§Ñ§Õ §ä§à§Ø§Ö §Ú§ã§Ü§Ñ§Ý §Ô§à§ä§à§Ó§í§Ö §â§Ö§Ü§à§Þ§Ö§ß§Õ§Ñ§è§Ú§Ú(§Ü§Ñ§Ü
§Ó§ã§Ö§Ô§Õ§Ñ §ß§Ñ§Õ§à §Ò§í§Ý§à §ã§Õ§Ö§Ý§Ñ§ä§î §Ò§í§ã§ä§â§à - §Ù§Ñ§ß§à§Ó§à §á§Ö§â§Ö§é§Ú§ä§í§Ó§Ñ§ä§î §Õ§à§Ü§å§Þ§Ö§ß§ä§Ñ§è§Ú§ð
§ß§Ö§Ü§à§Ô§Õ§Ñ), §ß§à §Ó §â§Ñ§ã§ã§í§Ý§Ü§Ö §ß§Ñ§ê§×§Ý §ä§à§Ý§î§Ü§à "§Õ§Ö§Ý§Ñ§Û§ä§Ö §á§à §Ñ§ß§Ñ§Ý§à§Ô§Ú§Ú §ã ldap". §¥§Ý§ñ
§Ñ§å§ä§Ö§ß§ä§Ú§æ§Ú§Ü§Ñ§è§Ú§Ú §é§Ö§â§Ö§Ù ldap §Ö§ã§ä§î §Ô§à§ä§à§Ó§í§Û control (control system-auth
ldap).
§£ §à§Ò§ë§Ö§Þ §á§â§Ñ§Ó§Ú§Ý§î§ß§í§Û §ã§á§à§ã§à§Ò - §ï§ä§à §Õ§Ý§ñ §ß§å§Ø§ß§í§ç §ã§Ö§â§Ó§Ú§ã§à§Ó §Ù§Ñ§Þ§Ö§ß§Ú§ä§î
system-auth §ß§Ñ system-auth-winbind §Ú §Ü§Ñ§Ü §Ò§å§Õ§ä§à §Ó§ã§×. §£
system-auth-winbind §Ö§ã§ä§î §Ó§Ü§Ý§ð§é§Ö§ß§Ú§ñ §Ú system-auth, §ä§Ñ§Ü §é§ä§à §Õ§à§Ý§Ø§ß§Ñ
§â§Ñ§Ò§à§ä§Ñ§ä§î §Ú §Ñ§å§ä§Ö§ß§ä§Ú§æ§Ú§Ü§Ñ§è§Ú§ñ §Ó §Ý§à§Ü§Ñ§Ý§î§ß§à§Û "§Ò§Ñ§Ù§Ö §á§Ñ§â§à§Ý§Ö§Û".
§¯§Ñ §á§â§Ñ§Ü§ä§Ú§Ü§Ö §å §Þ§Ö§ß§ñ §ï§ä§à §ã§â§Ñ§Ù§å §ß§Ö §Ù§Ñ§â§Ñ§Ò§à§ä§Ñ§Ý§à, §Ñ §â§Ñ§Ù§Ò§Ú§â§Ñ§ä§ã§ñ §Ò§í§Ý§à §ß§Ö§Ü§à§Ô§Õ§Ñ.
§±§à§ï§ä§à§Þ§å §Ó§à§ä §Þ§à§Û §á§â§Ú§Þ§Ö§â §Õ§Ý§ñ login(§ï§ä§à §á§â§à§ã§ä§à §á§â§Ú§Þ§Ö§â, §ß§Ö §á§â§Ö§ä§Ö§ß§Õ§å§ð§ë§Ú§Û §ß§Ñ
§Ù§Ó§Ñ§ß§Ú§Ö "§á§â§Ñ§Ó§Ú§Ý§î§ß§í§Û"):
#%PAM-1.0
#auth required pam_securetty.so
#auth include system-auth-winbind
#auth required pam_nologin.so
#account include system-auth-winbind
#password include system-auth-winbind
#session include system-auth-winbind
#session optional pam_lastlog.so nowtmp
#session optional pam_motd.so
#session optional pam_mail.so
#session optional pam_console.so
auth required pam_securetty.so debug
auth required pam_nologin.so
auth sufficient pam_winbind.so debug
auth required pam_tcb.so debug shadow fork prefix=$2a$
count=8 nullok use_first_pass
account sufficient pam_winbind.so debug
account required pam_tcb.so debug shadow fork
password sufficient pam_winbind.so debug
password required pam_tcb.so debug use_authtok shadow fork
prefix=$2a$ count=8 nullok write_to=tcb
# We use pam_mkhomedir to create home dirs for incoming domain users
# Note used umask, it will result in rwxr-x--x access rights
session required pam_mkhomedir.so skel=/etc/skel/ umask=0026
#session required pam_tcb.so debug
#session required pam_mktemp.so debug
session required pam_limits.so debug
§£ §ß§×§Þ §ñ §á§â§à§Ò§à§Ó§Ñ§Ý §Ú§ã§á§à§Ý§î§Ù§à§Ó§Ñ§ä§î §Ú system-auth-winbind - §ã§Ö§Û§é§Ñ§ã §à§ß§Ú
§Ù§Ñ§Ü§à§Þ§Ö§ß§ä§Ú§â§à§Ó§Ñ§ß§í, §Ú §á§à§é§ä§Ú §Ò§Ö§Ù §Ú§Ù§Þ§Ö§ß§Ö§ß§Ú§Û system-auth-winbind §ã§Ü§à§á§Ú§â§à§Ó§Ñ§ß
§Ó §ã§Ñ§Þ /etc/pam.d/login
§´§Ñ§Ü §Ø§Ö §ä§à§é§ß§à §Ó§í§Ô§Ý§ñ§Õ§Ú§ä, §ß§Ñ§á§â§Ú§Þ§Ö§â, gdm.
§¿§ä§à §ã§ä§Ñ§â§í§Ö §Ù§Ñ§ß§Ñ§é§Ü§Ú §Ü§à§ß§æ§Ú§Ô§à§Ó, §Ü§à§ä§à§â§í§Þ§Ú §ñ §ã§Ö§Û§é§Ñ§ã §ß§Ö §á§à§Ý§î§Ù§å§ð§ã§î. §£§à§ä
§â§Ñ§Ò§à§é§Ú§Ö §Õ§Ý§ñ openvpn, dovecot:
#%PAM-1.0
# auth required pam_nologin.so
auth include system-auth-winbind
account include system-auth-winbind
# session include system-auth-winbind
password include system-auth-winbind
§²§Ö§Ù§Ú§Þ§Ú§â§å§ñ: §à§é§Ö§ß§î §ç§à§é§Ö§ä§ã§ñ §Ú§Þ§Ö§ä§î §á§â§à§ã§ä§à§Û §â§í§é§Ñ§Ø§×§Ü §Ú §Õ§Ý§ñ winbind (control
system-auth winbind), §Ü§ä§à §Ø§Ö §ß§Ñ§Ü§à§ß§Ö§è §ã§à§Ò§Ö§â§×§ä§ã§ñ §Ú §ã§Õ§Ö§Ý§Ñ§Ö§ä §Ö§Ô§à? :)
PS: §Á §Ó§à§ä §â§Ñ§ã§á§Ú§ß§Ñ§Ý§ã§ñ §á§Ú§ã§Ñ§Ý, §Ñ §Ó§Ñ§Þ §Õ§Ö§Û§ã§ä§Ó§Ú§ä§Ö§Ý§î§ß§à §ß§Ñ§Õ§à §Ý§à§Ô§Ú§ß§Ú§ä§ã§ñ
§Õ§à§Þ§Ö§ß§ß§í§Þ §á§à§Ý§î§Ù§à§Ó§Ñ§ä§Ö§Ý§Ö§Þ §Ó §Ü§à§ß§ã§à§Ý§î? §¬§Ñ§Ü§Ñ§ñ §å §Ó§Ñ§ã §Ù§Ñ§Õ§Ñ§é§Ñ §ã§ä§à§Ú§ä? §Ö§ã§Ý§Ú
§ã§Õ§Ö§Ý§Ñ§ä§î §æ§Ñ§Û§Ý§à§Ó§í§Û §ã§Ö§â§Ó§Ö§â, §ä§à §ã§à§Ó§ã§Ö§Þ §ß§Ö §ß§å§Ø§ß§à §á§â§Ñ§Ó§Ú§ä§î §é§ä§à-§Ý§Ú§Ò§à §Ó pam.
--
Alexey Shabalin
ðÏÄÒÏÂÎÁÑ ÉÎÆÏÒÍÁÃÉÑ Ï ÓÐÉÓËÅ ÒÁÓÓÙÌËÉ Sysadmins