第 16.7 节 Samba 服务器

# pkg install samba419

# cd /usr/ports/net/samba419/ 
# make install clean

# ee /etc/rc.conf

nmbd_enable="YES"
winbindd_enable="YES"
samba_enable="YES"
samba_server_enable="YES"

#vi /usr/local/etc/smb4.conf

[root]
    comment = root's stuff
    path = /root
    public = no
    browseable = yes
    writable = yes
    printable = no
    create mask = 0755

# smbpasswd -a root

# cd /usr/local/etc

# service samba_server start //启动命令

# service samba_server restart //重启命令

# service samba_server status

192.168.X.X

bsdconfig

# ee /etc/rc.conf

hostname="fb"

# ee /etc/resolv.conf

# Generated by resolvconf
search SVROS.COM               //设置域控制器域名
# nameserver 192.168.253.2

nameserver 192.168.253.130     //设置域控制器 IP 地址
nameserver 223.5.5.5
nameserver 127.0.0.1
options edns0

# echo "kern.maxfiles=25600" >> /etc/sysctl.conf
# echo "kern.maxfilesperproc=16384" >> /etc/sysctl.conf
# echo "net.inet.tcp.sendspace=65536" >> /etc/sysctl.conf
# echo "net.inet.tcp.recvspace=65536" >> /etc/sysctl.conf

[libdefaults]
	default_realm = SVROS.COM   //设置域名
	dns_lookup_realm = true
	dns_lookup_kdc = true
	ticket_lifetime = 24h
	renew_lifetime = 7d
	forwardable = yes

# sed -i -e "s/^passwd:.*/passwd: files winbind/" /etc/nsswitch.conf
# sed -i -e "s/^group:.*/group: files winbind/" /etc/nsswitch.conf

[global]
	workgroup = SVROS
	server string = Samba Server Version %v
	security = ads
	realm = SVROS.COM
	domain master = no
	local master = no
	preferred master = no
	socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
	use sendfile = true

	idmap config * : backend = tdb
	idmap config * : range = 100000-299999
	idmap config SVROS : backend = rid
	idmap config SVROS : range = 10000-99999
	winbind separator = +
	winbind enum users = yes
	winbind enum groups = yes
	winbind use default domain = yes
	winbind nested groups = yes
	winbind refresh tickets = yes
	template homedir = /home/%D/%U
	template shell = /bin/false

	client use spnego = yes
	client ntlmv2 auth = yes
	encrypt passwords = yes
	restrict anonymous = 2
	log file = /var/log/samba4/log.%m
	max log size = 50

#============================ Share Definitions ==============================

[testshare]
	comment = Test share
	path = /samba/testshare
	read only = no
	force group = "Domain Users"
	directory mode = 0770
	force directory mode = 0770
	create mode = 0660
	force create mode = 0660

create mode = 0750
force create mode = 0750

net ads join --no-dns-updates -U administrator
net ads testjoin
# Should report "Join is OK"
# On your DC, open the DNS MMC and add an "A" entry for your BSD server so clients can find it

# echo "samba_server_enable=YES" >> /etc/rc.conf
# echo "winbindd_enable=YES" >> /etc/rc.conf
# service samba_server start

kinit administrator
# Enter domain admin password, it should return to the prompt with no errors

klist
# Credentials cache: FILE:/tmp/krb5cc_0
#    Principal: administrator@SVROS.COM
#
# Issued                Expires               Principal
# Dec  6 10:15:39 2021  Feb  4 20:15:39 2021  krbtgt

wbinfo -u
# Should return domain users

wbinfo -g
# Should return domain groups

getent passwd
# Should return domain users at the end of the list with 10000+ UIDs

getent group
# Should return domain groups at the end of the list with 10000+ GIDs

# service samba_server restart

# mkdir -p /samba/testshare
# chown "administrator":"domain users" /samba/testshare
# chmod 0770 /samba/testshare

# chmod 0750 /samba/testshare

# chmod -R 0700 /samba/testshare