Linux-Bulgaria.ORG
навигация

 

начало

пощенски списък

архив на групата

семинари ...

документи

как да ...

 

 

Предишно писмо Следващо писмо Предишно по тема Следващо по тема По Дата По тема (thread)

Re: lug-bg: SAMBA as Primary Domain Controler ????

  • Subject: Re: lug-bg: SAMBA as Primary Domain Controler ????
  • From: vlk@email.domain.hidden (Vesselin Kolev)
  • Date: Tue, 11 Mar 2003 10:43:48 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

E biva biva da ne se chete i razbira.. no tova e veche fenomen!

Pisaneto po netlogon i profile E SLUZHEBNO i tam ne mozhesh da
si slagash filecheta i da si prehvyrliash kakvoto i da e. Tezi raboti
traibva da sa ti iasni predi da napravish kakvoto i da e!

1. Profiles sluzhi za syhranenie na localnite profiles na daden 
potrebitel vyrhu servera. Primerno tam mozhe da se prehvyrli 
sydyrzhanieto na 

C:\Documents and Settings\User

taka, che potrebitelia ot koiato i stancia v mrezhata da vleze v
domaina da ima edin i syshti nastroiki na decktop, registry i t.n..

Ukazvaneto na profiles zapochva oshte v sekciata global na smb.conf:

[global]

...
netbios name = Samba
...
...
;user profiles and home directory 
logon home = \\%L\%U\.profile 
logon drive = H: 
logon path = \\%L\profiles\%U
...

i zavyrshva s sekciata [profiles]:

[profiles] 
   path = /home/samba/profiles 
   writeable = yes 
   browseable = no 
   create mask = 0600 
   directory mask = 0700

Kakva e celta na cialata tazi shema opisana v smb.conf. Neka
az sym potrebitel vlk i imam account v PDC. Pyrviat pyt, kogato se
"logna" v systemata shte byde syzdadena directoria 

/home/samba/profiles/vlk

i v neia shte byde zapisan moiat profile. Kogato sledvashtiat pyt az
se logna, moiat profile shte byde izteglen ot 

\\Samba\profiles\vlk

Samba avtomatichno zamestva %L s netbios imeto na PDC, a %U s
tekushtoto potrebitelsko ime.

Poradi syobrazhenia za sigurnost profiles NE sa chitaemi za vsichki.
Vseki profile, koito byde syzdaden se pravi sobstvenost na unix
potrebitelia, koito se udostveriava prez Samba, na failovete se izvyrshva
chmod 0600, a na directoriite 0700.

VNIMANIE! Logon path e specifichen samo za WindowsNT/2000. Za
Windows 9x e bezpolezen.

2. Netlogon sluzhi za administrativni zadachi. V nego se postaviat scriptove
za izpylnenie v globalen mashtab za mashinite v domaina. Vizh Google
"samba scripting" za detaili (niama i tova da opisvam). Mozhe da se 
praviat backupi, antivurusni update-i i t.n...

Opisanieto na netlogon zapochva v [global]:

[global]

   ...
   logon script = netlogon.bat
   ...

i zavyrshva v sekciata [netlogon]

[netlogon] 
   comment = Network Logon Service 
   path = /home/netlogon 
   read only = yes 
   browseable = no 
   write list = vlk

Tuk naprimer e kazano, che potrebiteliat vlk mozhe da postavia
scriptove. Traibva da se vnimava koi ima pravo da pishe vyrhu tazi
directoria. Vseki postaven tuk izpylnim file, sled login ot strana na
user se izteglia i izpylniava na localnata za usera mashina. Ima ciala
pleiada virusi (Klez e syshto takyv), koito se prikachat kym Netlogon,
ne samo pod Windows PDC, no i pri Samba PDC.

Malko za UNIX-side syzdavaneto na directorii za rerursite na Samba.

Za Profiles:

    [root_at_lcpe vlk]# mkdir /home/samba /home/samba/profiles 
    [root_at_lcpe vlk]# chmod 1757 /home/samba/profiles

Za Netlogon

   [root_at_lcpe vlk]# mkdir -m 0775 /home/netlogon 
   [root_at_lcpe vlk]# chown root.admins /home/netlogon

3. HOMES

  S definiciata homes se zadava pravo na VSEKI potrebitel
da vizhda asociiranata mu v /etc/passwd directoria. Samba ne
mozhe (pone na tozi etap) da raboti dobre s virtualni useri i za
celta "mapva" unix potrebitel (ili celi unix grupi, kakto e v Samba 3)
kym Windows potrebiteli (ili NT style grupa).

  [homes] 
     comment = Home Directories 
     browseable = no 
     writeable = yes

Taka vseki potrebitel shte mozhe da vizhda svoiata unix directoria
pri uspechna authentikacia ot strana na Samba. Pri tova shte 
vizhda samo svoiata domashna directoria, no ne i chuzhdite, kakto
glasi reda browseable = no. Ako se napravi browseable = yes, togava
shte se vizhdat vsichki domashni directorii.

========================================================
  I t.n... i t.n... Mislete kato pishete! Mislete i kakvo pravite. Shtoto s
tozi mode 777 na netlogon share sistemata mozhe da se nareche HackerCity.

<p>    Vesselin Kolev

On Tuesday 11 Mar 2003 09:46, Krasimir Dimitrov wrote:
<em class="quotelev1">> interesnoto e 4e ne dava syob6tenie za gre6ka
<em class="quotelev1">> toes vsi4ko po logvaneto e OK
<em class="quotelev1">> no sled kato se logne potrebitelia
<em class="quotelev1">> go izhvyrlia.
<em class="quotelev1">> ima samo 2 sharing-a i te sa "netlogin"  i "profile"
<em class="quotelev1">> v momenta te sa sobstvenost na
<em class="quotelev1">> user: nobody
<em class="quotelev1">> group: nogroup
<em class="quotelev1">> s prava 777
<em class="quotelev1">> po niski privilegii prosto ne znam kak da zadam
<em class="quotelev1">> niakoi da ima idea ???
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+baHQ+48lZPXaa+MRAmc3AKC/KXb1WczJAqeH8T0iitQ5c/J/ngCg0jC3
zAIfr4G0UkU1LfV0R69GXow=
=OR+h
-----END PGP SIGNATURE-----

============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

 
наши приятели

 

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

 

 

Linux-Bulgaria.ORG

Mailing list messages are © Copyright their authors.