Material Base Servidor Samba PDF

Curso 452
Linux Security
Servers in Cloud
Servidor Samba
Cenrio
A empresa Dexter Courier possui WorkStation com o Sistema

Operacional GNU/Linux e Microsoft Windows e pretende criar uma rede
com estes dois ambientes. Como a empresa necessita de flexibilidade,
deseja que seus usurios possam se logar no sistema em qualquer
computador, podendo acessar arquivos do compartilhamento pblico, do
respectivo setor.
Proposta de soluo
A melhor soluo um servidor GNU/Linux com Samba4 pois, alm de

ser gratuito, possui muitas funcionalidades e flexibilidade.
2
IT Experience
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
3
Objetivos da Aula
Aula 12
Introduo ao Samba4;
Instalar Samba4;
Provisionar domnio no Samba;
Configurar compartilhamentos;
Autenticar usurios via Samba.
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
4
Servidor Samba
Introduo:
O Samba um servio Linux que permite o gerenciamento e
compartilhamento de recursos em redes formadas por
computadores com o Windows;
Assim, possvel utilizar um sistema Linux como servidor de
arquivos, servidor de impresso, entre outros. Este servio ir se
apresentar para a rede de forma que o Sistemas Operacionais
Windows o interprete como um Servidor Windows.
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
5
Servidor Samba
Introduo:
O Samba nasceu de uma necessidade de seu
criador Andrew Tridgell que precisava montar
um espao em disco para um servidor Unix em
seu PC, rodando o sistema operacional MS-
DOS;
Para isso, Tridgell escreveu um sniffer
(programa para captura de trfego de dados)
que permitisse analisar o trfego de dados
gerado pelo protocolo Netbios, utilizado pelo Andrew Tridgell
Windows em compartilhamentos de dados. em 2005.
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
6
Servidor Samba
Introduo:
Com o Sniffer implementado, Tridgell fez engenharia reversa no
protocolo SMB (Server Message Block), que possua como
principal funcionalidade o compartilhamento de arquivos, e o
implementou no Unix;
Isso fez com que o servidor Unix aparecesse como um servidor de
arquivos Windows em seu PC com DOS;
Tridgell disponibilizou esse cdigo publicamente em 1992 e aps
algumas atualizaes deu ao projeto o nome de SAMBA, graas ao
nome de seu protocolo base, o SMB.
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
7
Servidor Samba
Principais Caractersticas do Samba 4:

Suporte de logon no Active Directory e protocolos de
administrao;
Suporte completo para NTFS;
Servidor LDAP Interno com adaptado para o padro do AD;
Kerberos como servidor interno;
Integrao com Bind9 para suporte ao AD e ao DNS.
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
8
Servidor Samba
Preparando o Ambiente para Instalao do Samba 4:

O pacote do Samba fornecida a partir do repositrio oficial no CentOS 7
no fornece a funo DC. Como soluo precisamos usar os pacotes
RPM do Samba do site (http://enterprisesamba.com/) que introduzido
pelo site oficial do Samba (https://www.samba.org).
preciso acessar o site abaixo e fazer uma cadastro para ter acesso
as configuraes de repositrios do CentOS 7 para Samba 4:
https://portal.enterprisesamba.com/
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
9
Servidor Samba
Servidor: FileServer

Caso no possua uma cadastro utilize as informaes abaixo para criar o
repositrio do Samba 4 :
1#vim/etc/yum.repos.d/samba4.1.repo
[sernetsamba4.1]
name=SerNetSamba4.1Packages(centos7)
type=rpmmd
baseurl=https://4linuxsamba4:vl8dUgLmRBCyigwxtLCWJChVo14iVQJS@down
load.sernet.de/packages/samba/4.1/centos/7/
gpgcheck=1
gpgkey=https://4linuxsamba4:vl8dUgLmRBCyigwxtLCWJChVo14iVQJS@downl
oad.sernet.de/packages/samba/4.1/centos/7/repodata/repomd.xml.key
enabled=1
10
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
10
Servidor Samba

Em seguida instale o Samba 4 no CentOS 7 e configure quais
servios sero carregados durante a inicializao do sistema:
1#yuminstallsernetsambasernetsambaady
2#chkconfigsernetsambaadon
3#chkconfigsernetsambasmbdoff
4#chkconfigsernetsambanmbdoff
5#chkconfigsernetsambawinbinddoff
11
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
11
Servidor Samba
Provisionamento do Samba:
1 Inicie o provisionamento do samba conforme abaixo:
1#sambatooldomainprovisiondomain=DEXTERrealm=DEXTER.COM.BR
serverrole=dcadminpass=4LinuxSamba4dnsbackend=SAMBA_INTERNAL
userfc2307
Outra maneira de inciar o provisionamento utilizar o modo interativo:

sambatooldomainprovisionuserfc2307interactive
12
NOTA:
A rfc2307 aborda um conjunto de diretrizes para uso do LDAP como um

Servio de Informao de Rede, ao habilitar essa rfc atravs da opo
--use-rfc2307 estamos definindo o LDAP como base para autenticao
de usurios no Samba.
12
Servidor Samba
2 O prximo passo alterar para "ad" o modo de execuo do

Samba 4:
1#vim/etc/default/sernetsamba
....
SAMBA_START_MODE="ad"
3 Durante a instalao um arquivo de configurao do Kerberos foi gerado,

que precisa apenas ser copiado para o diretrio /etc:
2#cp/var/lib/samba/private/krb5.conf/etc/krb5.conf
4 Feito os ajustes inicie o servio do Samba 4:

3#systemctlstartsernetsambaad
13
NOTA:

13
Servidor Samba
5 O prximo passo elevar o dominio para Windows Server 2008

R2:
1#sambatooldomainlevelraisedomainlevel2008_R2forest
level2008_R2
6 Para terminar faa a checagem do nvel de domnio no Samba 4:

2#sambatooldomainlevelshow
14
NOTA:

14
Servidor Samba
Opes para criar um provisionamento manual no Samba 4:
--domain Definio do nome do domnio utilizado pelo Samba na sua

apresentao como AD;
--dns-backend=BIND9_DLZ (Zonas carregveis dinamicamente), o

DLZ um patch para o BIND verso 9, que simplifica a administrao do
servidor BIND e reduz o uso de memria e o tempo de inicializao;
--use-rfc2307 Habilita o samba automaticamente como um
componente AD, permitindo a ele armazenar atributos tipo Posix. esta
opo necessria para administrar opes de contas Unix/Linux;
--server-role Regra de funcionamento do servidor.
15
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
15
Servidor Samba
Opes para criar um provisionamento manual no Samba 4:
--realm o Reino Kerberos, basicamente o nome de identificao do

conjunto que gerencia o banco de dados Kerberos. Este valor pode ser
qualquer sequncia de caracteres ASCII, mas por conveno utilizamos
o mesmo nome que o seu nome de domnio, s que em letras
maisculas;
--adminpass Esta opo define a senha de administrao que ser

utilizada com o samba, esta senha possui como pr-requisito o mnimo
de 8 caractres, contendo ao menos uma letra em caixa alta e um
nmero;
16
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
16
Servidor Samba
Substituindo o smb.conf:
1 Baixe o arquivo smb.conf customizado para o diretrio do samba:
1#cd/etc/samba/
2#mvsmb.confsmb.conf_dist
3#cp/root/samba/smb.conf.
4#vimsmb.conf
17
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
17
Restringindo Conexes ao Samba
Dentro do arquivo smb.conf possvel criar restries no

samba de forma que, sejam aceitas requisies de acesso
apenas a partir de uma interface:
Abra o arquivo smb.conf e descomente as linhas abaixo:
1#vim/opt/samba/etc/smb.conf
interfaces=eth0
bindinterfacesonly=Yes
2#sambatooltestparm
18
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
18
Servidor Samba
Conhecendo o Arquivo smb.conf:

O arquivo smb.conf o principal arquivo de gerenciamento do
samba. Para configurar corretamente o samba importante entender
sua estrutura baseada em sees e parmetros;
Cada seo (exceto a seo [global]) descreve um recurso
compartilhado (conhecido como "share"). O nome da seo o nome
do recurso e os parmetros dentro da seo definem o
comportamento do recurso.
19
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
19
Servidor Samba
Conhecendo o Arquivo smb.conf:

Uma seo sempre iniciada por seu nome dentro de colchetes [ ] e
continua at que um novo conjunto de colchetes demarque a
prxima seo;
Os parmetros das sees possuem o seguinte formato: name =
value;
o arquivo baseado em linhas individuais, cada nova linha
representa um novo parmetro; estes valores no so CASE
SENSITIVE.
20
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
20
Servidor Samba
Configurando o Diretrio de Compartilhamento:
1 Abra o arquivo smb.conf e adicione o compartilhamento o

abaixo:
1#vim/etc/samba/smb.conf
....
[publico]
comment=Publico
path=/srv/publico
readonly=No
guestok=Yes
forcecreatemode=666
forcedirectorymode=777
vetofiles=/*.mp3/*.mpg/*.mpeg/*.avi/*.jpg/
hidefiles=/*.ini/*.log/
21
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
21
Servidor Samba
Opes Utilizadas no Compartilhamento:
Comment Comentrio que aparecer ao visualizar o

compartilhamento na mquina Windows;
path Caminho absoluto para o diretrio compartilhado (caso no

exista, este diretrio dever ser criado);
read only (yes/no) Opo de definio do compartilhamento como
somente para leitura, pode ser substituda por writable (yes/no);
guest ok Permite ou no a visualizao do compartilhamento por
convidados.
22
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
22
Servidor Samba
force create mode Fora um padro de permisses na criao de

arquivos;
force directory mode Fora um padro de permisses na criao
de diretrios;
veto files Permite criar proibies de acesso a determinados
arquivos;
hide files Oculta o tipo de arquivo especificado no
compartilhamento.
23
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
23
Servidor Samba
O comando testparm permite checar a sintaxe do arquivo smb.conf. Sua

funo checar e reportar qualquer problema encontrado no arquivo.
1 Faa uma checagem no arquivo smb.conf e em seguida

reinicialize o samba:
1#sambatooltestparm
2#systemctlrestartsernetsambaad
2 Configuraes podem ser relidas com o comando smbcontrol:

3#smbcontrolallreloadconfig
24
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
24
Servidor Samba
Smbclient:
O comando smbclient um cliente utilizado para acessar compartilhamentos via protocolo

SMB.
Sua principal funo no samba testar o funcionamento de um compartilhamento via
terminal.
1 Ajuste o resolv.conf para utilizar o IP do servidor FileServer:
1#vim/etc/resolv.conf
nameserver192.168.200.40
2 Faa um teste de requisio utilizando comando smbclient:
2#smbclientLfileserverU%
25
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
25
Servidor Samba
Como Verificar Opes do samba-tool?
A ferramenta samba-tool possui um enorme nmero de argumentos,

felizmente estes argumentos podem ser consultados atravs da prpria
ferramenta utilizando o parmetro -h.
1#sambatoolh
2#sambatooluserh
3#sambatoolgrouph
4#sambatooldnsh
26
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
26
Servidor Samba
Gerenciar usurios no Samba 4:
A sintaxe de uso do comando samba-tool para gerenciar usurios e grupos:
sambatooluserlist
sambatooluseraddusuario
sambatoolgrouplist
sambatoolgroupaddgrupo
sambatoolgroupaddmembersgrupousuario
27
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
CENRIO 1: A empresa Dexter Courier possui colaboradores que precisam

ser migrados da base Unix para a base AD do Samba 4.
SOLUO: Vamos criar um script com o lao For para migrar usurios que
possuem UID maior ou igual a 1000 para a base AD.
28
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
1#vimmigrausuarios.sh
#!/bin/bash
for usuarios in $(getent passwd | awk F: ' $3 >= 1000

{print$1}'|grepvnobody);do
sambatool user add $usuarios 123Mudar homedrive=H:

scriptpath=logon.vbs homedirectory=\\\\fileserver\\
$usuariosprofilepath=\\\\fileserver\\profiles\\$usuarios
done
29
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
1#chmod755migrausuarios.sh
2#./migrausuarios.sh
3#sambatooluserlist
Ou:
4#wbinfou
30
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
CENRIO 2: Precisamos forar os colaboradores da empresa Dexter Courier

trocar sua senha padro "4Linuxsamba" no primeiro Logon.
SOLUO: Vamos criar um script com o lao For para resetar as senhas dos
usurios da base AD.
31
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
1#vimresetasenhas.sh
#!/bin/bash
for usuarios in $(sambatool user list | egrep v "^dns|
Administrator|krbtgt|Guest|root");do
sambatool user setpassword $usuariosnewpassword=123Mudar
mustchangeatnextlogin
done
2#chmod755resetasenhas.sh
3#./resetasenhas.sh
32
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
CENRIO 3: O Samba 4 no possui atributos UNIX em sua base de usurios,

criando assim seu prprio sistema de permisses com valores diferentes dos
UIDS dos colaboradores da empresa Dexter Courier.
SOLUO: Vamos criar um script para adicionar na base do Samba 4, novos

atributos UNIX aos usurios da empresa Dexter cadastrados.
33
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Gerenciar usurios no Samba 4: Adicionando novos atributos:
1#vimaddatributos.sh
#!/bin/bash
###Criaoulimpaoarquivoldiftemporrio
>/tmp/modifica.ldif
###DefinevarivelcomalistadetodososusuriosdoAD
###DefinevariveiscomalistadeUID,GIDeHOMEUnixdos
usuriosdosistema
uid=$(getentpasswd$usuarios|cutd:f3)
34
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
gid=$(getentpasswd$usuarios|cutd:f4)
homedir=$(getentpasswd$usuarios|cutd:f6)
### Cria o arquivo ldif temporrio para a adio de novos
atributos
echo "dn: CN=$usuarios,CN=Users,DC=dexter,DC=com,DC=br"
>>/tmp/modifica.ldif
echo"changetype:modify">>/tmp/modifica.ldif
echo"add:objectClass">>/tmp/modifica.ldif
echo"objectClass:posixAccount">>/tmp/modifica.ldif
echo"objectClass:posixGroup">>/tmp/modifica.ldif
35
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
echo"">>/tmp/modifica.ldif
echo"replace:uidNumber">>/tmp/modifica.ldif
echo"uidNumber:$uid">>/tmp/modifica.ldif
echo"add:gidNumber">>/tmp/modifica.ldif
echo"gidNumber:$gid">>/tmp/modifica.ldif
36
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
echo"add:unixHomeDirectory">>/tmp/modifica.ldif
echo"unixHomeDirectory:$homedir">>/tmp/modifica.ldif
echo"add:loginShell">>/tmp/modifica.ldif
echo"loginShell:/bin/bash">>/tmp/modifica.ldif
done
37
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
2#chmod755addatributos.sh
3#./addatributos.sh
NOTA: O script add-atributos.sh apenas criou o arquivo .ldif no diretrio /tmp

contendo alteraes. Abra o arquivo /tmp/modifica.ldif e mova as primeiras
18 linhas para o final do arquivo, de depois altere a a base atravs do
comando ldbmodify:
4#vim/tmp/modifica.ldif
5# ldbmodify H ldap://192.168.200.40 /tmp/modifica.ldif

user=DEXTER/Administrator%4LinuxSamba4
38
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Gerenciar grupos no Samba 4:
CENRIO 4: A empresa Dexter Courier possui grupos de colaboradores que

precisam ser migrados da base Unix para a base AD do Samba 4.
SOLUO: Vamos criar um script com o lao For para migrar os grupos
diretores, vendedores, financeiro e analistas para a base AD.
39
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Gerenciar grupos no Samba 4:
1#vimmigragrupos.sh
#!/bin/bash
for grupos in $(getent group | egrep "diretores|vendedores|
financeiro|analistas"|cutd:f1);do
membros=$(getentgroup$grupos|cutd:f4)
sambatoolgroupadd$grupos
sambatoolgroupaddmembers$grupos$membros
done
2#chmod755migragrupos.sh&&./migragrupos.sh
40
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Adicionar Lixeiras no Samba 4:
1#vim/etc/samba/smb.conf
...
vfsobjects=recycle
recycle:repository=/srv/samba/lixeiras/%U
recycle:versions=Yes
recycle:keeptree=Yes
recycle:excludedir=/tmp|/var/tmp
recycle:directory_mode=0700
41
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
[lixeiras]
path=/srv/samba/lixeiras/%U
browsable=yes
readonly=no
guestok=yes
1#sambatooltestparm
2#mkdirp/srv/samba/lixeiras/
42
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
CENRIO 5: A empresa Dexter Courier necessita que cada colaborador

possua um diretrio que fara o papel de lixeira do Samba 4.
SOLUO: Vamos criar um script com o lao For para criar diretrios de
lixeira para usurios que possuem UID maior ou igual a 1000.
43
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
1#vimcrialixeiras.sh
#!/bin/bash
mkdir/srv/samba/lixeiras/$usuarios
chownR$usuarios/srv/samba/lixeiras/$usuarios
chgrpR$usuarios/srv/samba/lixeiras/$usuarios
done
2#chmod755crialixeiras.sh
3#./crialixeiras.sh
44
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Gerenciar mapeamentos no Samba 4:
1#cd/var/lib/samba/sysvol/dexter.com.br/scripts/;vim
logon.vbs
OnErrorResumeNext
setobjNetwork=CreateObject("WScript.Network")
objNetwork.MapNetworkDrive"P:","\\fileserver\publico"
objNetwork.MapNetworkDrive"L:","\\fileserver\lixeiras"
strDom=objNetwork.UserDomain
strUser=objNetwork.UserName
SetobjUser=GetObject("WinNT://"&strDom&"/"&strUser&
",user")
2#chownroot.userslogon.vbs;chmod755logon.vbs
45
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Ingressar estaes Windows 8 no domnio:
46
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
47
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
48
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
49
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
50
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Ajustar permisses de acesso aos compartilhamentos:
CENRIO 6: O servidor FileServer utiliza armazenamento montado via rede

NFS do servidor Storage, para armazenar os arquivos dos colaboradores na
pasta publico. Quando o compartilhamento e utilizado atravs de estaes
Windows, a permisso dos arquivos no setada corretante..
SOLUO: Vamos configurar o servidor Storage como cliente LDAP do

Samba 4, afim de ajustar corretamente as permisses na pasta
compartilhada via NFS.
51
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Servidor: Storage
1#aptgetinstalllibpamldapd
InformeaURLdoservidorLDAPdoSamba4:
(ldap://192.168.200.40)
InformeabasedarvoreLDAPdoSamba4:
(cn=Users,dc=dexter,dc=com,dc=br)
Ativeosseguintesserviosdenomeparaconfigurar:
(group,passwdeshadow)
52
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Servidor: Storage
2#vim/etc/nslcd.conf
uidnslcd
gidnslcd
urildap://192.168.200.40/
basecn=Users,dc=dexter,dc=com,dc=br
ldap_version3
binddncn=Administrator,cn=Users,dc=dexter,dc=com,dc=br
bindpw4LinuxSamba4
53
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Servidor: Storage
filterpasswd(objectClass=posixAccount)
mappasswduidsAMAccountName
mappasswdhomeDirectoryunixHomeDirectory
filtergroup(objectClass=posixGroup)
mapgroupgidNumbergidNumber
3#servicenslcdrestart
4#getentpasswd
5#getentgroup
54
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
1#vim/etc/idmapd.conf
....
NobodyUser=nobody
NobodyGroup=nobody
2#systemctlrestartrpcbind
55
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Servidor Samba
Servidor: Storage
1#vim/etc/idmapd.conf
....
NobodyUser=nobody
NobodyGroup=nobody
2#addgroupgid99nobody
3#servicenfscommonrestart
56
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Pergunta LPI
Qual das opes abaixo usada na configurao de um arquivo do Samba

para proibir que determinados arquivos estejam visveis ou acessveis
pelos clientes?
A. hide files
B. veto files
C. hide special files
D. hide dot files
57
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Pergunta LPI
Qual das opes abaixo usada na configurao de um arquivo do Samba

para proibir que determinados arquivos estejam visveis ou acessveis
pelos clientes?
A. hide files
B. veto files
C. hide special files
D. hide dot files
Resposta: alternativa A
58
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Prximos Passos
Para que voc tenha um melhor aproveitamento do curso,

participes das seguintes atividades disponveis no Netclass:
Executar as tarefas do Practice Lab;

Resolver o Desafio Appliance Lab e postar o resultado no
Frum Temtico;
Responder as questes do Teste de Conhecimento sobre o
contedo visto em aula.
Mos obra!
59
Anotaes:
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
Curso 452
Linux Security
Servers in Cloud

Material Base Servidor Samba PDF

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Material Base Servidor Samba PDF

Enviado por

Direitos autorais:

Formatos disponíveis

Curso 452

A empresa Dexter Courier possui WorkStation com o Sistema

A melhor soluo um servidor GNU/Linux com Samba4 pois, alm de

Provisionar domnio no Samba;

Autenticar usurios via Samba.

Principais Caractersticas do Samba 4:

Preparando o Ambiente para Instalao do Samba 4:

Preparando o Ambiente para Instalao do Samba 4:

Preparando o Ambiente para Instalao do Samba 4:

1 Inicie o provisionamento do samba conforme abaixo:

Outra maneira de inciar o provisionamento utilizar o modo interativo:

A rfc2307 aborda um conjunto de diretrizes para uso do LDAP como um

2 O prximo passo alterar para "ad" o modo de execuo do

3 Durante a instalao um arquivo de configurao do Kerberos foi gerado,

4 Feito os ajustes inicie o servio do Samba 4:

A rfc2307 aborda um conjunto de diretrizes para uso do LDAP como um

5 O prximo passo elevar o dominio para Windows Server 2008

6 Para terminar faa a checagem do nvel de domnio no Samba 4:

A rfc2307 aborda um conjunto de diretrizes para uso do LDAP como um

Opes para criar um provisionamento manual no Samba 4:

--domain Definio do nome do domnio utilizado pelo Samba na sua

--dns-backend=BIND9_DLZ (Zonas carregveis dinamicamente), o

Opes para criar um provisionamento manual no Samba 4:

--realm o Reino Kerberos, basicamente o nome de identificao do

--adminpass Esta opo define a senha de administrao que ser

1 Baixe o arquivo smb.conf customizado para o diretrio do samba:

Dentro do arquivo smb.conf possvel criar restries no

Conhecendo o Arquivo smb.conf:

Conhecendo o Arquivo smb.conf:

Configurando o Diretrio de Compartilhamento:

1 Abra o arquivo smb.conf e adicione o compartilhamento o

Opes Utilizadas no Compartilhamento:

Comment Comentrio que aparecer ao visualizar o

path Caminho absoluto para o diretrio compartilhado (caso no

Opes Utilizadas no Compartilhamento:

force create mode Fora um padro de permisses na criao de

Opes Utilizadas no Compartilhamento:

O comando testparm permite checar a sintaxe do arquivo smb.conf. Sua

1 Faa uma checagem no arquivo smb.conf e em seguida

2 Configuraes podem ser relidas com o comando smbcontrol:

O comando smbclient um cliente utilizado para acessar compartilhamentos via protocolo

1 Ajuste o resolv.conf para utilizar o IP do servidor FileServer:

2 Faa um teste de requisio utilizando comando smbclient:

Como Verificar Opes do samba-tool?

A ferramenta samba-tool possui um enorme nmero de argumentos,

Gerenciar usurios no Samba 4:

A sintaxe de uso do comando samba-tool para gerenciar usurios e grupos:

Gerenciar usurios no Samba 4:

CENRIO 1: A empresa Dexter Courier possui colaboradores que precisam

Gerenciar usurios no Samba 4:

for usuarios in $(getent passwd | awk F: ' $3 >= 1000

sambatool user add $usuarios 123Mudar homedrive=H:

Gerenciar usurios no Samba 4:

Gerenciar usurios no Samba 4:

CENRIO 2: Precisamos forar os colaboradores da empresa Dexter Courier

Gerenciar usurios no Samba 4:

Gerenciar usurios no Samba 4:

CENRIO 3: O Samba 4 no possui atributos UNIX em sua base de usurios,

SOLUO: Vamos criar um script para adicionar na base do Samba 4, novos

Gerenciar usurios no Samba 4: Adicionando novos atributos:

Gerenciar usurios no Samba 4: Adicionando novos atributos:

Gerenciar usurios no Samba 4: Adicionando novos atributos:

Gerenciar usurios no Samba 4: Adicionando novos atributos: