|
109.
|
|
|
There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part of the <application>apparmor-profiles</application> packages. To install the package, from a terminal prompt enter:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:649(para)
|
|
111.
|
|
|
This package contains profiles for several other binaries.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:660(para)
|
|
112.
|
|
|
By default the profiles for <application>smbd</application> and <application>nmbd</application> are in <emphasis>complain</emphasis> mode allowing Samba to work without modifying the profile, and only logging errors. To place the <application>smbd</application> profile into <emphasis>enforce</emphasis> mode, and have Samba work as expected, the profile will need to be modified to reflect any directories that are shared.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:665(para)
|
|
113.
|
|
|
Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information for <emphasis>[share]</emphasis> from the file server example:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:672(para)
|
|
115.
|
|
|
Now place the profile into <emphasis>enforce</emphasis> and reload it:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:682(para)
|
|
121.
|
|
|
For more information on Samba and ACLs see the <ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id397568">Samba ACLs page </ulink>.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:728(para)
|
|
123.
|
|
|
Although it cannot act as an Active Directory Primary Domain Controller (PDC), a Samba server can be configured to appear as a Windows NT4-style domain controller. A major advantage of this configuration is the ability to centralize user and machine credentials. Samba can also use multiple backends to store the user information.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:746(para)
|
|
124.
|
|
|
Primary Domain Controller
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:753(title)
|
|
125.
|
|
|
This section covers configuring Samba as a Primary Domain Controller (PDC) using the default smbpasswd backend.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:755(para)
|
|
126.
|
|
|
First, install Samba, and <application>libpam-smbpass</application> to sync the user accounts, by entering the following in a terminal prompt:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:762(para)
|