[samba-jp:20566] Re: LDAPユーザのファイル書込について。

Mutsumi Miyamoto mmiyanmoto @ kcd.biglobe.ne.jp
2009年 1月 30日 (金) 11:52:04 JST 

$BB @ EDMM!#5\K\$G$9!#(B

$B$*@$OC$K$J$j$^$9!#(B
ML$B$KE:IU$rIU$1$F$bNI$$$N$+G:$_$^$7$?$,!#!#(B

FreeBSD$B$H(BCentOS$B$N:90[$O(B
smb passwd file$B!&(Bpasswd program$B$r=$@5$7(B
passwd chat$B$r%3%a%s%H$7$^$7$?!#(B
$BB>$O(BFreeBSD$B$HF1MM$G$9!#(B

ldap.conf$B$b=i4|@_Dj$N$^$^$G(B
host$B!&(Bbase$B!&(Buri$B$N9`L\$r<B4D6-$K=$@5$7$?$N$_$G$9!#(B
(FreeBSD$B$bF1MM$G$9(B)

$B0J>e$h$m$7$/$*4j$$CW$7$^$9!#(B

oota @ mail.linux.bs1.fc.nec.co.jp wrote:
> $BB @ ED(B @ NEC$B$G$9!#(B
> 
> On Fri, Jan 30, 2009 at 11:30:08AM +0900, Mutsumi Miyamoto wrote:
> 
> > smb.conf$B$d(Bldap.conf$B$b(BFreeBSD$B$+$i0\?"$7$F$-$^$7$?!#(B
> > $BFC$K4D6-LL$G$O(BOS$B0MB8ItJ,0J30$O0\?"$7$?$D$b$j$G$9!#(B
> 
> BSD$B$G$I$&$d$C$F$$$F!"$I$NJU$r=$@5$7$^$7$?(B?
> $B$=$N$"$?$j$,=EMW$G$O$J$$$+$H!#(B
> 
> --
> $BB @ ED(B $B=S:H!w(BNEC OSS$B3+K\(B OSS$B?d?J%;%s%?!<(B OSS/Linux$B%=%j%e!<%7%g%s(BG($B<G(B.$B9A(B.$BEl5~(B) 
> (samba-jp/ldap-jp Staff,mutt-j admin,analog-jp/samba-jp postmaster)
> 
> 
-------------- next part --------------
======================= Global Settings ====fs02 smb.conf=================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = WORKGROUP

# This sets the NetBIOS name by which a Samba server is known.
   netbios name = hoge

# server string is the equivalent of the NT Description field
   server string = Contents File Server

# Security mode. Defines in which mode Samba will operate.
   security = user

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network.


# allow you to control what address Samba will listen for connections on.
   socket address = 0.0.0.0

# allow the Samba admin to limit what interfaces on a machine will serve
# SMB requests.
   bind interfaces only = yes

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = no

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = nobody

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# The  value  of  the parameter (a astring) allows the debug level
# (logging level) to be  specified  in  the  smb.conf  file.
   log level = 3

# Put a capping on the size of the log files (in Kb).
   max log size = 0

# Samba will attempt to add utmp or utmpx records (depending on the UNIX
# system) whenever a connection is made to a Samba server.
   utmp = yes

# Samba is sometimes run as root and sometime run as the connected user,
# this boolean parameter inserts the current euid, egid, uid and gid to
# the  timestamp  message headers in the log file if turned on.
   debug uid = yes

# sets the path to the encrypted smbpasswd file.
   #smb passwd file = /usr/local/etc/samba/private/smbpasswd
   smb passwd file = /usr/bin/smbpasswd
   ¨C³

# Samba attempts to synchronize the UNIX password with the SMB password
# when the encrypted SMB password in the smbpasswd file is changed.
   unix password sync = yes

# program that can be used to set UNIX user passwords.
   #passwd program = /usr/local/sbin/smbldap-passwd.pl %u
   passwd program = /usr/bin/passwd %u
@ ¨C³

# This string controls the "chat" conversation that takes places between smbd
# and the local password changing program to change the user's password.
   #passwd chat = "*Enter OLD password*" %o\n "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"
   ¨‚±‚ê‚ðƒRƒƒ“ƒg

# Backend to store user information in.
   passdb backend = ldapsam:ldap://ldap.hoge.com

# Most people will find that this option gives better performance.
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
   interfaces = em0 0.0.0.0/24 127.0.0.1

=====================================================================================
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
   local master = no
;   local master = yes
=====================================================================================

=====================================================================================
# OS Level determines the precedence of this server in master browser elections.
   os level = 33
;   os level = 65
=====================================================================================

# Domain Master specifies Samba to be the Domain Master Browser.
   domain master = no

=====================================================================================
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
   preferred master = no
;   preferred master = yes
=====================================================================================


# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no

# When a file is created, the necessary permissions are calculated according
# to the mapping from DOS modes to UNIX permissions, and the resulting UNIX
# mode is the bit-wise 'AND'ed with this parameter.
   create mask = 760

# This controls whether the DOS archive attribute should be mapped to the UNIX
# owner execute bit.
   map archive = yes

# This parameter is the octal modes which are used when converting DOS modes
# to UNIX modes when creating UNIX directories.
   directory mask = 0770

# This parameter allows the Samba administrator to stop smbd(8) from
# following symbolic links in a particular share.
   follow symlinks = no

# This parameter should contains the FQDN of the ldap directory server
# which should be queried to locate user account information.


# This option is used to control the tcp port number used to contact the
# ldap server.
#   ldap port = 636

# The ldap admin dn defines the Distinguished Name (DN) name used
# by Samba to contact the ldap server when retreiving user account information.
   ldap admin dn = cn=Manager, o=hoge, dc=com

# It also used as the base dn for all ldap searches.
   ldap suffix = o=hoge, dc=com

# This parameter specifies where users are added to the tree.
   ldap user suffix = ou=people

# This parameters specifies the suffix that is used for groups when these
# are added to the LDAP directory.

  ldap group suffix = ou=group

# Distinguished Name (DN) name used by Samba to contact the ldap server
# when retreiving user account information.
   ldap admin dn = cn=Manager, o=hoge, dc=com

# This parameter specifies the RFC 2254 compliant LDAP search filter
;   ldap filter = "(&(uid=%u)(objectClass=sambaSamAccount))"

# whether or not Samba should sync the LDAP password with the NT and LM
# hashed for normal accounts on a password change via SAMBA.
   ldap passwd sync = yes

# This option is used to define wheter or not Samba should use SSL
# when connecting to the ldap server.
;   ldap ssl = yes

# charset settings
   display charset = cp932
   unix charset = utf-8
   dos charset = cp932

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/f
alse %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


[Image(ReadOnly)]
   comment = Image (Read Only)
   path = /pub/Gazou
   read list = @users
   write list = @Image
   force group = Image
   force create mode = 0664
   force directory mode = 0775

samba-jp メーリングリストの案内