[Sysadmins] Управление учетными записями
Anton A. Vinogradov
vinogradov.mail на gmail.com
Чт Фев 17 15:29:35 UTC 2011
17.02.2011 16:23, Алексей Кайтаз пишет:
>
>
> 17 февраля 2011 г. 16:12 пользователь Anton A. Vinogradov
> <vinogradov.mail на gmail.com <mailto:vinogradov.mail на gmail.com>> написал:
>
> 17.02.2011 16:03, Алексей Кайтаз пишет:
>
> будут весьма полезными
>
>
> ==================
> smb.conf
>
> [global]
> realm = GF.LCL
> netbios name = PDCSRV
> server string = PDCSRV.GF.LCL
> use kerberos keytab = Yes
> log file = /var/log/samba/log.%m
> max log size = 50
> printcap name = cups
> printing = cups
> os level = 254
> dns proxy = No
> name resolve order = wins bcast hosts
> use sendfile = Yes
> workgroup = GF
> security = user
> wins support = yes
> #hosts allow = 192.168. 127.0.0.1
> #socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> encrypt passwords = yes
> dos charset = 866
> unix charset = UTF-8
> client use spnego = yes
> client signing = yes
>
> nt acl support = yes
> acl compatibility = auto
> map acl inherit = yes
> acl map full control = yes
> dos filemode = yes
> orce unknown acl user = no
> map read only = Permissions
> enable privileges = yes
> obey pam restrictions = no
> passdb backend = ldapsam:ldap://127.0.0.1/ <http://127.0.0.1/>
> ldap admin dn = cn=ldaproot,dc=GF,dc=LCL
> ldap suffix = dc=GF,dc=LCL
> ldap group suffix = ou=Group
> ldap user suffix = ou=People
> ldap machine suffix = ou=Hosts
> ldap idmap suffix = ou=Idmap
> ldap passwd sync = Yes
> passwd program = /usr/sbin/smbldap-passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *all*authentication*tokens*updated*
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> add user script = /usr/sbin/useradd -g Hosts -d /dev/null -s
> /bin/false -M "%u"
> ldap delete dn = Yes
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> local master = yes
> domain master = yes
> preferred master = yes
> domain logons = yes
> # logon path = \\%L\profiles\%U
> # logon drive = X:
> # logon home = \\%L\%U
> logon path = \\pdcsrv\profiles\%U
> logon drive =
> logon home =
> logon script = logon.bat
> admin users = locadmin, Administrator
>
> #[homes]
> #comment = Home Directories
> #valid users = %S
> #create mask = 0711
> #directory mask = 0755
> #read only = no
> #browseable = no
>
> [netlogon]
> comment = Network Logon Service
> path = /domain/netlogon
> browseable = no
> guest ok = yes
> writable = no
> write list = Administrator, locadmin
>
> [profiles]
> path = /domain/profiles
> browseable = no
> read only = no
> create mask = 0666
> directory mask = 0777
> profile acls = yes
> =====================
>
> один из моих первых вариантов
>
> _______________________________________________
> Sysadmins mailing list
> Sysadmins на lists.altlinux.org <mailto:Sysadmins на lists.altlinux.org>
> https://lists.altlinux.org/mailman/listinfo/sysadmins
>
>
> Видно, что работа проделана не маленькая.
> Очень полезный конфиг. Спасибо, обязательно воспользуюсь.
>
[profiles]
только потом потуже затяните, чтоб не лазал где попало.
при этом конфиге на ковчеге винда заходит "как родная"
И да, от дефолтного конфига ковчега здесь совсем немного отличий
Подробная информация о списке рассылки Sysadmins