NSAS Wiki

Network System Access Solutions

User Tools

Site Tools


Sidebar

Contact

linux:samba

Samba

Connection from shell to a samba server:

smbclient //server/share -U user%password

List all Windows Machines + there Sharings

smbtree

net

Groupmapping

net groupmap add ntgroup="Domain Admins" unixgroup=adm rid=512 type=d 
net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
net groupmap add ntgroup="Domain Guests" unixgroup=guest rid=514 type=d 

Netbios hostname lookup

nmblookup -A

Send Popup Messages to Windows

echo 'message' | smbclient -M windows_box

Mount Samba Share

mount -t smbfs -o fmask=666,guest //windows_box/share /mnt/share

Samba Server with LDAP Backend

/etc/samba/smb.conf
[global]
   workgroup = nsas.de
   netbios name = pdc
   server string = Primary Domain Controler %h
   log level = 1
   wins support = yes
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
####### Authentication #######
   security = user
   encrypt passwords = true
####### LDAP #######
   lanman auth = yes
   passdb backend = ldapsam:ldap://ldapserver/
   ldap ssl = no
   ldap admin dn = cn=admin,dc=nsas,dc=de
   ldap suffix = dc=nsas,dc=de
   ldap group suffix = ou=Groups
   ldap user suffix = ou=People
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Idmap
   ldap passwd sync = yes
   ldap delete dn = Yes
   passwd program = /usr/sbin/smbldap-passwd -u %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g" 
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user script = /usr/sbin/smbldap-userdel "%u"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   map to guest = bad user
########## Domains ###########
   domain logons = yes
   domain master = auto
   preferred master = yes
   os level = 200
############ Misc ############
   load printers = no
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
   usershare max shares = 100
   usershare allow guests = yes
   hide files = /desktop.ini/RECYCLER/.svn/
   inherit permissions = yes
   inherit acls = yes
   profile acls = yes
   username map = /etc/samba/usermap
############ Profile ############
   logon path = \\%N\%U\profile
   logon home = \\%N\%U
   include = /etc/samba/smb.conf.%G
 
#======================= Share Definitions =======================
[profiles]
 comment = Users Profiles
 path = /home/%U/.profile
 create mask = 0600
 directory mask = 0700
 guest ok = no
 browseable = no
 
[homes]
 comment = Home Directories
 read only = no
 browseable = no
 create mask = 0600
 directory mask = 0700
 valid users = %S
 
[netlogon]
 comment = Network Logon Service
 path = /etc/samba/netlogon
 browseable = no
 guest ok = yes 
 read only = yes
 store dos attributes = Yes
 csc policy = disable
/etc/smbldap-tools/smbldap.conf
SID="S-1-5-21-93769820-1299978608-688565243"
sambaDomain="nsas.de"
slaveLDAP="ldapserver"
masterLDAP="ldapserver"
verify="require"
cafile="/etc/smbldap-tools/ca.pem"
clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"
suffix="dc=nsas,dc=de"
usersdn="ou=People,${suffix}"
computersdn="ou=computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/usr/bin/zsh"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="Windows User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\PDC\%U"
userProfile="\\PDC\profiles\%U"
userHomeDrive="Z:"
userScript="logon.bat"
mailDomain="nsas.de"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

Force user to change the password on next logon

pdbedit -u brauner --pwd-must-change-time 0

Shadow Copy

/etc/samba/smb.conf
[global]
   unix extensions = no
   # Veto files
   veto files          = /.DS_Store/@GMT*/
   delete veto files   = yes
   ea support          = yes
 
[share]
   path = /srv/tftp
   follow symlinks = yes
   wide links      = yes
   vfs objects = shadow_copy2
   shadow:snapdir = ../tftp
   shadow:basedir = /srv/tftp
   shadow:sort = desc
create_btrfs_snap.sh
#!/bin/bash
#===============================================================================
#
#          FILE:  create_btrfs_snapshot.sh
#
#         USAGE:  ./create_btrfs_snapshot.sh
#
#   DESCRIPTION:  This script will generate snapshots based on MAXSNAPS value
#                 older snapshots will be deleted.
#       OPTIONS:  ---
#  REQUIREMENTS:  ---
#          BUGS:  ---
#         NOTES:  ---
#       COMPANY: NSAS - Network System Access Solutions
#       CREATED: 10/18/2013 11:24:28 AM CEST
#      REVISION:  ---
#     COPYRIGHT: Copyright (c) 2013, Michèl Pelzer Please visit http://www.nsas.de/privacy.htm
#
#===============================================================================
#set -x         # Display commands and their arguments as they are executed.
#set -v         # Display shell input lines as they are read.
#set -n         # Read commands but do not execute them. This may be used to check a shell script for syntax errors.
#set -o nounset # Treat unset variables as an error
 
#MOUNTPOINT=$(cat /proc/mounts | grep btrfs | awk '{print $2}')
MOUNTPOINT=$1
MAXSNAPS="24"
 
if [ $# -lt 1 ]
then
        echo "USEAGE: $(basename $0) <btrfs share>"
        exit 1
fi
 
SUBVOLUMES=$(btrfs su l ${MOUNTPOINT} | grep -v GMT | awk '{print $7}')
 
for subvolume in ${SUBVOLUMES}
do
        SNAPCOUNT="0"
        SNAPCOUNT=$(btrfs su l ${MOUNTPOINT}/${subvolume} | grep ${subvolume} | grep GMT | awk '{print $7}' | wc -l)
        if [ ${SNAPCOUNT} -gt ${MAXSNAPS} ]
                then
                        echo Delete oldes snapshot:
                        btrfs su d ${MOUNTPOINT}/$(btrfs su l ${MOUNTPOINT}/${subvolume} | grep ${subvolume} | grep GMT | awk '{print $7}' | head -n1)
        fi
        btrfs subvolume snapshot ${MOUNTPOINT}/${subvolume} ${MOUNTPOINT}/${subvolume}/$(date +@GMT-%Y.%m.%d-%H.%M.%S)
done
crontab
0 8-17 * * 1,2,3,4,5    /usr/local/bin/create_btrfs_snap.sh /srv > /dev/null

List btrfs Subdirs

btrfs su l /MOUNTPOINT

Create btrfs Snapshots manuel

btrfs subvolume snapshot /MOUNTPOINT /MOUNTPOINT/$(date +@GMT-%Y.%m.%d-%H.%M.%S)
linux/samba.txt · Last modified: 2018/09/07 10:12 by michel.pelzer