[Samba] File server questions
Flávio Silveira
fggs at terra.com.br
Wed Sep 13 17:43:58 UTC 2017
Em 13/09/2017 11:48, L.P.H. van Belle via samba escreveu:
> Hai Flavio,
> I suggest, use the interface ignore ipv6 ( you already did set it ) for the ipv6 ipnumbers, except localhost-ipv6. ( ::1 )
> The other defaults are good to start with, then when everything is running correct, only then go optimize the config.
> And only one thing at a time, or you end up in a mess.. Just a tip.
>
> So below is a copy past of a original jessie ntp.conf ( from before my upgrade to stretch)
> And for you, i changed it to your setup. See what i did and compair it to yours.
>
>
> ####### NTP Begin ( Debian Jessie version )
> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
>
> driftfile /var/lib/ntp/ntp.drift
>
> # Enable this if you want statistics to be logged.
> #statsdir /var/log/ntpstats/
>
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable
>
>
> # You do need to talk to an NTP server or two (or three).
> #server ntp.your-provider.example
> server a.st1.ntp.br
> server b.st1.ntp.br
> server c.st1.ntp.br
>
> # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
> # pick a different set every time it starts up. Please consider joining the
> # pool: <http://www.pool.ntp.org/join.html>
> #pool 0.debian.pool.ntp.org iburst
> #pool 1.debian.pool.ntp.org iburst
> #pool 2.debian.pool.ntp.org iburst
> #pool 3.debian.pool.ntp.org iburst
>
>
> # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
> # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
> # might also be helpful.
> #
> # Note that "restrict" applies to both servers and clients, so a configuration
> # that might be intended to block requests from certain clients could also end
> # up blocking replies from your own upstream servers.
>
> # By default, exchange time with everybody, but don't allow configuration.
> restrict -4 default kod notrap nomodify nopeer noquery mssntp
> restrict -6 default kod notrap nomodify nopeer noquery mssntp
>
> # Local users may interrogate the ntp server more closely.
> restrict 127.0.0.1
> restrict ::1
>
> # Needed for adding pool entries
> restrict source notrap nomodify noquery
>
> # Clients from this (example!) subnet have unlimited access, but only if
> # cryptographically authenticated.
> #restrict 192.168.123.0 mask 255.255.255.0 notrust
>
> # If you want to provide time to your local subnet, change the next line.
> # (Again, the address is an example only.)
> #broadcast 192.168.123.255
>
> # If you want to listen to time broadcasts on your local subnet, de-comment the
> # next lines. Please do this only if you trust everybody on the network!
> #disable auth
> #broadcastclient
>
> interface listen lo
> interface listen enp2s0
> #interface ignore wildcard
> interface ignore ipv6
>
> ###### Needed for Samba 4 ######
> # in the restrict -4 or -6 added mssntp at the end
> # Location of the samba ntp_signed directory
> ntpsigndsocket /var/lib/samba/ntp_signd
> ####### NTP end
>
> Greetz,
>
> Louis
>
Hi Louis,
The file seems similar to mine, so I guess I'm all set for the ntp, any
way to test it?
Moving forward to Winbindd config as describe here:
https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
It seems I just need to edit nsswitch.conf and add winbind to passwd and
group databases, right?
Because it says tipically no configuration is required in smb.conf for
Winbindd to work.
I don't think I want to have every user home on my servers, my plan is
to force them to use the shares
Thank you
More information about the samba
mailing list