Потребовалось на предприятии поставить сервер, который будет раздавать шары. Решил пойти таким путем: поставить самбу и лдап сервер, в котором будут группы и пользователи самбы. На сервере стоит ОС FreeBSD 8.1.
Вначале ставим LDAP:
# cd /usr/ports/net/openldap24-server
# make install cleanВсе параметры я оставил как есть. После успешной установки идем править конфиг - /usr/local/etc/openldap/slapd.conf. У меня он получился такого содержания
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
# moduleload back_hdb
# moduleload back_ldap
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by users read
by anonymous read
by * none
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=dush4,dc=ru"
rootdn "cn=root,dc=dush4,dc=ru"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}*****
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/db/openldap-data
# Indices to maintain
index objectClass eq
index cn eqПароль для админа в OpenLDAP генерируется командой slappasswd, полученный результат работы команды нужно просто скопировать в конфиг.
Добавляем следующие записи в /etc/rc.conf
slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://127.0.0.1/"'Далее пробуем запустить сервис
# /usr/local/etc/rc.d/slapd startПроверяем запустился ли сервис:
# sockstat | grep slapd
ldap slapd 693 3 dgram -> /var/run/logpriv
ldap slapd 693 6 stream /var/run/openldap/ldapi
ldap slapd 693 7 tcp4 127.0.0.1:389 *:*Если вы видите что-то на подобии этого, то значит - все прошло нормально.
Наполняем лдап начальными данными, для этого создаем файл main.ldif следующего содержания:
dn: dc=dush4,dc=ru
objectClass: dcObject
objectClass: organization
objectClass: top
dc: dush4
o: dush4
dn: cn=root,dc=srv-home,dc=local
objectClass: organizationalRole
ou: root
dn: ou=users,dc=dush4,dc=ru
objectClass: top
objectClass: organizationalUnit
ou: users
dn: ou=groups,dc=dush4,dc=ru
objectClass: top
objectClass: organizationalUnit
ou: groups
dn: ou=computers,dc=dush4,dc=ru
objectClass: top
objectClass: organizationalUnit
ou: computersЧтобы добавить записи, выполняем следующую команду:
# ldapadd -x -D "cn=root,dc=dush4,dc=ru" -W -f main.ldifС настройкой OpenLDAP пока закончили, переходим к установке Samba.
# cd /usr/ports/net/samba
# make install cleanИз всех опций я оставил следующие:
- LDAP
- ACL_SUPPORT
- QUOTAS
- POPT
После установки самбы нужно добавить новую схему в OpenLDAP, для этого делаем следующее
# cp /usr/local/share/examples/samba/LDAP/samba.schema /usr/local/etc/openldap/schemaДалее правим конфиг, добавляем следующую строчку
include /usr/local/etc/openldap/schema/samba.schemaИ перезапускаем сервер
# /usr/local/etc/rc.d/slapd restartПосле этих не сложных действий правим конфиг самбы - /usr/local/etc/smb.conf. У меня он получился таким:
#======================= Global Settings =====================================
[global]
workgroup = DUSH-4
server string = DUSH-4 File Server
netbios name = srv-data.local
security = user
hosts allow = 192.168.4. 127.
load printers = no
; printcap name = /etc/printcap
; printcap name = lpstat
; printing = cups
; guest account = pcguest
log file = /var/log/samba/log.%m
max log size = 50
encrypt passwords = yes
passdb backend = ldapsam:ldap://localhost/
ldap suffix = dc=dush4,dc=ru
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap admin dn = "cn=root,dc=dush4,dc=ru"
ldap delete dn = no
ldap ssl = no
socket options = SO_RCVBUF=32768 SO_SNDBUF=32768
interfaces = 192.168.4.251/24 127.0.0.1/8
bind interfaces only = yes
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = no
wins support = yes
dns proxy = no
hide dot files = yes
hide files = /.*
dfree cache time = 60
dfree command = /usr/local/bin/dfree
display charset = koi8-r
unix charset = koi8-r
dos charset = cp866
# Use inherited ACLs for directories
; nt acl support = yes
; inherit acls = yes
; map acl inherit = yes
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
[distrib]
comment = Distrib
path = /mnt/media/samba/distrib
public = no
writable = yes
force create mode = 0640
force directory mode = 0750
force user = smb_user
force group = smb_write
valid users = @smb_read
read list = @smb_read
write list = @smb_write
[temp]
comment = Temporary files
path = /mnt/media/samba/temp
public = no
writable = yes
force create mode = 0640
force directory mode = 0750
force user = smb_user
force group = smb_write
valid users = @smb_read
read list = @smb_read
write list = @smb_readПосле чего нужно сказать пароль самбе от указанной учетной записи лдап, для этого делаем следующее:
# smbpasswd
New password: ***
Retry new password: ***Вводим пароль за запускаем самбу:
# /usr/local/etc/rc.d/samba start
Starting nmbd.
Starting smbd.На этом установка и настройка пакетов закончена. Для простоты администрирования учетных записей в LDAP можно дополнительно установить пакет ldapscripts.
Обсуждение статьи
вт, 09/06/2026 - 18:15
Really helpful post! Thanks for this information. As a sports betting fan here in Nigeria,
I usually seek The Active BET 9JA Promo Code this 2026 is yohaig best deals before
registering. If you're interested, just so you know,
the Valid BetNaija Promotion Code for 2026 is Yohaig,
and it gives you an extra boost when you register. Bookmarking this for later!
вт, 09/06/2026 - 20:01
Excellent post! I appreciated sharing this. As a betting enthusiast from Nigeria, I tend to look out for the best deals
before joining. For anyone interested, quick note, The Active Bet9JA promo code this 2026 is Yohaig Official Bet 9ja promo
code this 2026 is YOHAIG, and it unlocks a great boost when you sign up.
Thanks again!
ср, 10/06/2026 - 00:35
Really helpful article! I appreciated this information. As a sports betting fan here in Nigeria, I tend to look out for the top promotions before signing up.
For those curious, quick note, The Most Reliable Bet 9JA promotion code 2026 is yohaig Most Reliable Bet9JA
promotion code this 2026 is YOHAIG, and it unlocks an extra boost when you sign up.
Bookmarking this for later!