第二十八章 DragonFlyBSD
第七节 Samba 服务器
环境:freebsd 11

设置 samba 为独立服务器

安装 samba

1
# pkg install samba413
Copied!

配置 samba

(1)打开/etc/rc.conf
1
# ee /etc/rc.conf
Copied!
(2)在 /etc/rc.conf 最后加入如下,并保存:
1
nmbd_enable="YES"
2
winbindd_enable="YES"
3
samba_enable="YES"
4
samba_server_enable="YES"
Copied!
(3)创建 /usr/local/etc/smb4.conf,添加如下内容并保存
1
#vi /usr/local/etc/smb4.conf
2
3
[root]
4
comment = root's stuff
5
path = /root
6
public = no
7
browseable = yes
8
writable = yes
9
printable = no
10
create mask = 0755
Copied!
(4)创建 samba root 用户:
1
# smbpasswd -a root
Copied!
(5)进入/usr/local/etc
1
# cd /usr/local/etc
Copied!
(6)再执行
1
# service samba_server start //启动命令
Copied!
1
# service samba_server restart //重启命令
Copied!
(7)查看 samba 状态:
1
# service samba_server status
Copied!
(8)在 windows 下利用 192.168.X.X 访问共享文件夹(以实际 IP 为准,Windows 需要先开启 SMB 1.0 支持)
1
192.168.X.X
Copied!

将Samba设置为域成员

环境:freebsd 12

配置静态IP地址

使用如下命令配置:
1
bsdconfig
Copied!

配置主机名

1
# ee /etc/rc.conf
2
3
hostname="fb"
Copied!

配置 DNS

1
# ee /etc/resolv.conf
2
3
# Generated by resolvconf
4
search SVROS.COM //设置域控制器域名
5
# nameserver 192.168.253.2
6
7
nameserver 192.168.253.130 //设置域控制器IP地址
8
nameserver 223.5.5.5
9
nameserver 127.0.0.1
10
options edns0
Copied!

修改 /etc/sysctl.conf

1
# echo "kern.maxfiles=25600" >> /etc/sysctl.conf
2
# echo "kern.maxfilesperproc=16384" >> /etc/sysctl.conf
3
# echo "net.inet.tcp.sendspace=65536" >> /etc/sysctl.conf
4
# echo "net.inet.tcp.recvspace=65536" >> /etc/sysctl.conf
Copied!

创建 /etc/krb5.conf

1
[libdefaults]
2
default_realm = SVROS.COM //设置域名
3
dns_lookup_realm = true
4
dns_lookup_kdc = true
5
ticket_lifetime = 24h
6
renew_lifetime = 7d
7
forwardable = yes
Copied!

修改 /etc/nsswitch.conf

1
# sed -i -e "s/^passwd:.*/passwd: files winbind/" /etc/nsswitch.conf
2
# sed -i -e "s/^group:.*/group: files winbind/" /etc/nsswitch.conf
Copied!

创建 /usr/local/etc/smb4.conf

1
[global]
2
workgroup = SVROS
3
server string = Samba Server Version %v
4
security = ads
5
realm = SVROS.COM
6
domain master = no
7
local master = no
8
preferred master = no
9
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
10
use sendfile = true
11
12
idmap config * : backend = tdb
13
idmap config * : range = 100000-299999
14
idmap config SVROS : backend = rid
15
idmap config SVROS : range = 10000-99999
16
winbind separator = +
17
winbind enum users = yes
18
winbind enum groups = yes
19
winbind use default domain = yes
20
winbind nested groups = yes
21
winbind refresh tickets = yes
22
template homedir = /home/%D/%U
23
template shell = /bin/false
24
25
client use spnego = yes
26
client ntlmv2 auth = yes
27
encrypt passwords = yes
28
restrict anonymous = 2
29
log file = /var/log/samba4/log.%m
30
max log size = 50
31
32
#============================ Share Definitions ==============================
33
34
[testshare]
35
comment = Test share
36
path = /samba/testshare
37
read only = no
38
force group = "Domain Users"
39
directory mode = 0770
40
force directory mode = 0770
41
create mode = 0660
42
force create mode = 0660
Copied!
上面【testshare】最后两行内容实际使用权限优化(可选)
1
create mode = 0750
2
force create mode = 0750
Copied!

将 samba 加入到域

1
net ads join --no-dns-updates -U administrator
2
net ads testjoin
3
# Should report "Join is OK"
4
# On your DC, open the DNS MMC and add an "A" entry for your BSD server so clients can find it
Copied!

使 samba 启动并设置为开机自启动

1
# echo "samba_server_enable=YES" >> /etc/rc.conf
2
# echo "winbindd_enable=YES" >> /etc/rc.conf
3
# service samba_server start
Copied!

测试 Kerberos

1
kinit administrator
2
# Enter domain admin password, it should return to the prompt with no errors
3
4
klist
5
# Credentials cache: FILE:/tmp/krb5cc_0
6
# Principal: [email protected]
7
#
8
# Issued Expires Principal
9
# Dec 6 10:15:39 2021 Feb 4 20:15:39 2021 krbtgt
Copied!

测试 Winbind

1
wbinfo -u
2
# Should return domain users
3
4
wbinfo -g
5
# Should return domain groups
6
7
getent passwd
8
# Should return domain users at the end of the list with 10000+ UIDs
9
10
getent group
11
# Should return domain groups at the end of the list with 10000+ GIDs
Copied!

如果 wbinfo 命令显示报错,请执行命令

1
# service samba_server restart
Copied!

创建共享文件夹

1
# mkdir -p /samba/testshare
2
# chown "administrator":"domain users" /samba/testshare
3
# chmod 0770 /samba/testshare
Copied!
如果只允许属主可读可写,属组只允许读,用以下命令设置
1
# chmod 0750 /samba/testshare
Copied!
如果只允许属主可读可写,属组和其他均不可读写,用以下命令设置
1
# chmod -R 0700 /samba/testshare
Copied!
最近更新 1mo ago