AD域用户和samba结合使用,smb.conf配置文件

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了AD域用户和samba结合使用,smb.conf配置文件相关的知识,希望对你有一定的参考价值。

#此配置文件仅为samba和AD域用户访问设置权限的配置文件


[global]
    
workgroup = OFFICE

realm = OFFICE.ABC.COM
    
security = ADS
    
client signing = required
    
template homedir = /home/%U
    
template shell = /bin/bash
    
winbind enum users = Yes
    
winbind enum groups = Yes
    
winbind use default domain = Yes
    
idmap config * : range = 100000-200000
    
idmap config * : backend = tdb
        
full_audit:prefix = %u|%I|%m|%S
        
full_audit:facility = LOCAL5
        
full_audit:priority = NOTICE
    
full_audit:success = mkdir pwrite rename rmdir unlink pread read

#    full_audit:success = connect disconnect opendir mkdir rmdir closedir
open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath
    

full_audit:failure = connect


    
#以下是清除log文件内报错的,可以不必添加
    
load printers = no   
printing = bsd

printcap name = /dev/null   
disable spoolss = yes
  
#以下为优化项
    
follow symlinks = no
    
wide links = no
    
# enable some read/write tuning,启用读写缓存等等
    
aio read size = 16384
    
aio write size = 16384
    
aio write behind = true
    
write cache size = 2097152
    
max xmit = 65536
    
large readwrite = yes
    
#socket options = TCP_NODELAY

#[userdata]
    
path = /user-data
    
writeable = yes
    
public = no
    
vfs objects = full_audit
    
valid users = @all
       
force create mode = 0775

#[人力资源部]
        
path = /data/office/人力资源部
#        
writeable = yes
        
public = no
    
read only = yes
        
browseable = yes
    
vfs objects = full_audit
        
force create mode = 0770
        
force directory mode = 0770
        
valid users = @人力资源部权限组
    
force group = 人力资源部权限组
    
write list = @人力资源部权限组读写
    
read list = @人力资源部权限组只读


#以下适合所有人只读,部分人读写,可读写的人可彼此删除文件

#[返利学院-期刊]
    
path = /data/office/返利学院-期刊
    
public = no
        
read only = yes
    
vfs objects = full_audit
        
valid users = @everyone

#force group = 培训绩效权限组
    
write list = @培训绩效权限组


#[视频共享]
        
path = /data/office/视频共享
        
public = no
        
read only = yes
        
vfs objects = full_audit
        
valid users = @everyone
        
read list = @everyone
        
write list = @adadmin


[16.设计]
        
path = /data/office/16.设计

#       writeable = yes
        
public = no
    
read only = yes
        
browseable = yes
    
vfs objects = full_audit
    
create mode = 0770
    
directory mode = 0770
        
force create mode = 0770
       
 force directory mode = 0770
        
valid users = @smb设计部权限组

#    invalid users = @smb设计部拒绝
    
force group = smb设计部权限组
    
write list = @smb设计部读写
    
read list = @smb设计部只读

以上是关于AD域用户和samba结合使用,smb.conf配置文件的主要内容,如果未能解决你的问题,请参考以下文章

Linux Samba服务主配文件smb.conf中文详解

Samba配置Standalone Server

Samba服务

Linux文件共享三大服务——SAMBA

SAMBA服务简介

samba共享目录无法访问的一般解决方案,非用户登录和读写权限问题