Присоединение линуксового клиента к домену Samba+LDAP, с прозрачной авторизацией на шарах:
aptitude install ldap-auth-config samba
cat /etc/ldap.conf | grep -v ^#
base dc=domain,dc=local
uri ldap://192.168.0.1
ldap_version 3
binddn cn=ldap_proxy,dc=domain,dc=local
bindpw 666
rootbinddn cn=ldapadmin,dc=domain,dc=local
pam_password md5
nss_initgroups_ignoreusers avahi,backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,proxy,root,sshd,sync,sys,syslog,uucp,www-data
nano /etc/auth-client-config/profile.d/open_ldap
[open_ldap]
nss_passwd=passwd: files ldap
nss_group=group: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: files ldap
pam_auth=auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
#the following line (containing pam_group.so) must be placed before pam_ldap.so
#for ldap users to be placed in local groups such as fuse, plugdev, scanner, etc ...
auth required pam_group.so use_first_pass
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
pam_account=account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
pam_password=password sufficient pam_unix.so nullok md5 shadow
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
pam_session=session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel/
session required pam_unix.so
session optional pam_ldap.so
auth-client-config -a -p open_ldap
reboot
id alexander
uid=1001(alexander) gid=1001(alexander) groups=512(Domain Admins),1001(alexander)
Пользователь решил продолжить мысль: 17 Марта 2009, 12:22:36
Дальше интересует гибкий механизм разграничения прав на шарах.