[Sysadmins] Управление учетными записями

Алексей Кайтаз alexey на kaytaz.ru
Чт Фев 17 13:23:01 UTC 2011


17 февраля 2011 г. 16:12 пользователь Anton A. Vinogradov <
vinogradov.mail на gmail.com> написал:

> 17.02.2011 16:03, Алексей Кайтаз пишет:
>
>> будут весьма полезными
>>
>
> ==================
> smb.conf
>
> [global]
> realm = GF.LCL
> netbios name = PDCSRV
> server string = PDCSRV.GF.LCL
> use kerberos keytab = Yes
> log file = /var/log/samba/log.%m
> max log size = 50
> printcap name = cups
> printing = cups
> os level = 254
> dns proxy = No
> name resolve order = wins bcast hosts
> use sendfile = Yes
> workgroup = GF
> security = user
> wins support = yes
> #hosts allow = 192.168. 127.0.0.1
> #socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> encrypt passwords = yes
> dos charset = 866
> unix charset = UTF-8
> client use spnego = yes
> client signing = yes
>
> nt acl support = yes
> acl compatibility = auto
> map acl inherit = yes
> acl map full control = yes
> dos filemode = yes
> orce unknown acl user = no
> map read only = Permissions
> enable privileges = yes
> obey pam restrictions = no
> passdb backend = ldapsam:ldap://127.0.0.1/
> ldap admin dn = cn=ldaproot,dc=GF,dc=LCL
> ldap suffix = dc=GF,dc=LCL
> ldap group suffix = ou=Group
> ldap user suffix = ou=People
> ldap machine suffix = ou=Hosts
> ldap idmap suffix = ou=Idmap
> ldap passwd sync = Yes
> passwd program = /usr/sbin/smbldap-passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *all*authentication*tokens*updated*
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> add user script = /usr/sbin/useradd -g Hosts -d /dev/null -s /bin/false -M
> "%u"
> ldap delete dn = Yes
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> local master = yes
> domain master = yes
> preferred master = yes
> domain logons = yes
> # logon path = \\%L\profiles\%U
> # logon drive = X:
> # logon home = \\%L\%U
> logon path = \\pdcsrv\profiles\%U
> logon drive =
> logon home =
> logon script = logon.bat
> admin users = locadmin, Administrator
>
> #[homes]
> #comment = Home Directories
> #valid users = %S
> #create mask = 0711
> #directory mask = 0755
> #read only = no
> #browseable = no
>
> [netlogon]
> comment = Network Logon Service
> path = /domain/netlogon
> browseable = no
> guest ok = yes
> writable = no
> write list = Administrator, locadmin
>
> [profiles]
> path = /domain/profiles
> browseable = no
> read only = no
> create mask = 0666
> directory mask = 0777
> profile acls = yes
> =====================
>
> один из моих первых вариантов
>
> _______________________________________________
> Sysadmins mailing list
> Sysadmins на lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/sysadmins
>

Видно, что работа проделана не маленькая.
Очень полезный конфиг. Спасибо, обязательно воспользуюсь.
----------- следующая часть -----------
Вложение в формате HTML было удалено...
URL: <http://lists.altlinux.org/pipermail/sysadmins/attachments/20110217/4beb550f/attachment.html>


Подробная информация о списке рассылки Sysadmins