Šta je novo?

QNAP i LDAP autentikacija na klijentu

dusko_m

Čuven
VIP član
Učlanjen(a)
30.06.2000
Poruke
1,458
Poena
660
imam u firmi već 4 QNAP uređaja. obzirom da se administracija multiplicira, reših da se pozabavim centralnom administracijom korisničkih naloga. aktivirao sam LDAP server na jednom uređaju (TS-251), kreirao naloge, formirao grupe. konfigurisao jedan klijent (TS-451A) i do te tačke nema problema. klijent se poveže na server, vidi naloge, vidi grupe al dešava se jedan glup problem

ideja je bila da setujem permission putem grupa korisnika al ovo samo parcijalno radi :smash:. npr. putem web pristupa, mogu da se ulogujem koristeći LDAP definisani nalog i putem File Station, mogu da pristupim deljenim folderima koji su podešeni da prava pristupa imaju članovi grupe u kojoj je nalazi taj nalog. ali, ako pokušam iz Windows mašine da pristupim tom deljenom folderu, nije moguće proći autentikaciju sve dok eksplicitno na server ne dodam tog user-a i ne dodelim mu RW prava. dakle, bez obzira što je član grupe koja ima RW pristup, ne može da pristupi dok ga pojedinačno se setujem kao user-a koji ima RW prava.

prvi put se srećem sa LDAP i ne mogu da ocenim gde je problem i kako da ovo prevaziđem. dajte neki predlog
 
ovo je smb.comf sa TS-451A

Kod:
[global]
passdb backend = ldapsam:ldap://10.187.20.12
workgroup = WORKGROUP
security = USER
server string=NAS Server
encrypt passwords = Yes
username level = 0
map to guest = Bad User
null passwords = yes
max log size = 10
socket options = TCP_NODELAY SO_KEEPALIVE
os level = 20
preferred master = no
dns proxy = No
smb passwd file=/etc/config/smbpasswd	
username map = /etc/config/smbusers
guest account = guest
directory mask = 0777
create mask = 0777
oplocks = yes
locking = yes
disable spoolss = no
load printers=yes
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/.@__qini/.Qsync/.@upload_cache/.qsync/.qsync_sn/.@qsys/
delete veto files = yes
map archive = no
map system = no
map hidden = no
map read only = no
deadtime = 10
server role = auto
use sendfile = yes
unix extensions = no
store dos attributes = yes
client ntlmv2 auth = yes
dos filetime resolution = no
wide links = yes
force unknown acl user = yes
template homedir = /share/homes/DOMAIN=%D/%U
inherit acls = no
domain logons = yes
min receivefile size = 256
case sensitive = auto
domain master = auto
local master = no
enhance acl v1 = yes
remove everyone = no
conn log = no
kernel oplocks = no
lock directory = /share/CACHEDEV1_DATA/.samba/lock
state directory = /share/CACHEDEV1_DATA/.samba/state
cache directory = /share/CACHEDEV1_DATA/.samba/cache
printcap cache time = 0
acl allow execute always = yes
vfs objects = shadow_copy2 aio_pthread
pid directory = /var/lock
printcap name=/etc/printcap
printing=cups
show add printer wizard=no

ldap admin dn = cn=admin, dc=firma,dc=local
ldap suffix = dc=firma,dc=local
ldap user suffix = ou=people
ldap group suffix = ou=group
ldap ssl = off
wins support = no
name resolve order = host bcast
aio read size = 1
aio write size = 0
[Web]
comment = System default share
path = /share/CACHEDEV1_DATA/Web
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
qbox = no
public = yes
invalid users = "guest"
read list = 
write list = "admin"
valid users = "root","admin"
inherit permissions = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Web/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/Web
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
mangled names = yes

[Public]
comment = System default share
path = /share/CACHEDEV1_DATA/Public
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
qbox = no
public = yes
invalid users = "guest"
read list = @"everyone"
write list = "admin",@"firma",@"firma1",@"firma2"
valid users = "root",@"everyone","admin",@"firma",@"firma1",@"firma2"
inherit permissions = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Public/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/Public
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
mangled names = yes

[printers]
use client driver=yes
writable=no
browsable=no
printable=yes
guest ok=yes

path=/var/spool/smb
[homes]
comment = System default share
path = /share/CACHEDEV1_DATA/homes
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
qbox = no
public = yes
invalid users = 
read list = 
write list = "admin"
valid users = "root","admin"
inherit permissions = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/homes/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/homes
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
mangled names = yes
[Data]
comment = 
path = /share/CACHEDEV1_DATA/Data
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
qbox = no
public = yes
invalid users = "guest"
read list = 
write list = "admin",@"firma",@"firma1",@"firma2","dmandic"
valid users = "root","admin",@"firma",@"firma1",@"firma2","dmandic"
inherit permissions = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Data/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/Data
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
mangled names = yes
[Man&FIN]
comment = 
path = /share/CACHEDEV1_DATA/Man&FIN
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
qbox = no
public = yes
invalid users = "guest"
read list = 
write list = "admin","dsimic","strajkovic",@"firma2"
valid users = "root","admin","dsimic","strajkovic",@"firma2"
inherit permissions = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Man&FIN/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/Man&FIN
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
mangled names = yes
[NASFOLDER]
comment = 
path = /share/CACHEDEV1_DATA/NASFOLDER
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
qbox = no
public = yes
invalid users = "guest"
read list = 
write list = "admin",@"firma1",@"firma2"
valid users = "root","admin",@"firma1",@"firma2"
inherit permissions = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/NASFOLDER/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/NASFOLDER
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
mangled names = yes
[home]
comment = Home
path = %H
browsable = yes
oplocks = yes
ftp write only = no
inherit permissions = yes
invalid users = "guest"
writable = yes
read list = "%u"
write list = "%u"
valid users = "%u"
root preexec = /sbin/create_home -u '%q'
shadow:snapdir = /share/CACHEDEV1_DATA/homes/../_.share/homes/.snapshot
shadow:basedir = %H
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
 
npr ovaj share DATA...dmandic može da pristupi al' nijedan član grupe firma, firma1 ili firma2 ne može

Kod:
[Data]
comment = 
path = /share/CACHEDEV1_DATA/Data
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
qbox = no
public = yes
invalid users = "guest"
read list = 
write list = "admin",@"firma",@"firma1",@"firma2","dmandic"
valid users = "root","admin",@"firma",@"firma1",@"firma2","dmandic"
inherit permissions = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Data/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/Data
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
mangled names = yes
 
tačno čovek da se rokne. samo od sebe proradilo i fercera bez ikakvih problema
 
Nazad
Vrh Dno