[Sysadmins] Управление учетными записями

Anton A. Vinogradov vinogradov.mail на gmail.com
Чт Фев 17 15:29:35 UTC 2011


17.02.2011 16:23, Алексей Кайтаз пишет:
>
>
> 17 февраля 2011 г. 16:12 пользователь Anton A. Vinogradov
> <vinogradov.mail на gmail.com <mailto:vinogradov.mail на gmail.com>> написал:
>
>     17.02.2011 16:03, Алексей Кайтаз пишет:
>
>         будут весьма полезными
>
>
>     ==================
>     smb.conf
>
>     [global]
>     realm = GF.LCL
>     netbios name = PDCSRV
>     server string = PDCSRV.GF.LCL
>     use kerberos keytab = Yes
>     log file = /var/log/samba/log.%m
>     max log size = 50
>     printcap name = cups
>     printing = cups
>     os level = 254
>     dns proxy = No
>     name resolve order = wins bcast hosts
>     use sendfile = Yes
>     workgroup = GF
>     security = user
>     wins support = yes
>     #hosts allow = 192.168. 127.0.0.1
>     #socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
>     encrypt passwords = yes
>     dos charset = 866
>     unix charset = UTF-8
>     client use spnego = yes
>     client signing = yes
>
>     nt acl support = yes
>     acl compatibility = auto
>     map acl inherit = yes
>     acl map full control = yes
>     dos filemode = yes
>     orce unknown acl user = no
>     map read only = Permissions
>     enable privileges = yes
>     obey pam restrictions = no
>     passdb backend = ldapsam:ldap://127.0.0.1/ <http://127.0.0.1/>
>     ldap admin dn = cn=ldaproot,dc=GF,dc=LCL
>     ldap suffix = dc=GF,dc=LCL
>     ldap group suffix = ou=Group
>     ldap user suffix = ou=People
>     ldap machine suffix = ou=Hosts
>     ldap idmap suffix = ou=Idmap
>     ldap passwd sync = Yes
>     passwd program = /usr/sbin/smbldap-passwd %u
>     passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>     *all*authentication*tokens*updated*
>     add user script = /usr/sbin/smbldap-useradd -m "%u"
>     add user script = /usr/sbin/useradd -g Hosts -d /dev/null -s
>     /bin/false -M "%u"
>     ldap delete dn = Yes
>     delete user script = /usr/sbin/smbldap-userdel "%u"
>     add machine script = /usr/sbin/smbldap-useradd -w "%u"
>     add group script = /usr/sbin/smbldap-groupadd -p "%g"
>     delete group script = /usr/sbin/smbldap-groupdel "%g"
>     add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>     delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
>     set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>     local master = yes
>     domain master = yes
>     preferred master = yes
>     domain logons = yes
>     # logon path = \\%L\profiles\%U
>     # logon drive = X:
>     # logon home = \\%L\%U
>     logon path = \\pdcsrv\profiles\%U
>     logon drive =
>     logon home =
>     logon script = logon.bat
>     admin users = locadmin, Administrator
>
>     #[homes]
>     #comment = Home Directories
>     #valid users = %S
>     #create mask = 0711
>     #directory mask = 0755
>     #read only = no
>     #browseable = no
>
>     [netlogon]
>     comment = Network Logon Service
>     path = /domain/netlogon
>     browseable = no
>     guest ok = yes
>     writable = no
>     write list = Administrator, locadmin
>
>     [profiles]
>     path = /domain/profiles
>     browseable = no
>     read only = no
>     create mask = 0666
>     directory mask = 0777
>     profile acls = yes
>     =====================
>
>     один из моих первых вариантов
>
>     _______________________________________________
>     Sysadmins mailing list
>     Sysadmins на lists.altlinux.org <mailto:Sysadmins на lists.altlinux.org>
>     https://lists.altlinux.org/mailman/listinfo/sysadmins
>
>
> Видно, что работа проделана не маленькая.
> Очень полезный конфиг. Спасибо, обязательно воспользуюсь.
>
[profiles]
только потом потуже затяните, чтоб не лазал где попало.
при этом конфиге на ковчеге винда заходит "как родная"

И да, от дефолтного конфига ковчега здесь совсем немного отличий



Подробная информация о списке рассылки Sysadmins