samba4的負載均衡羣集
1 架構簡介php
1.1 負載均衡器層html
此層提供負載均衡的調度服務,把負載分派到各個文件系統服務器。linux
1.2 文件系統服務層git
此層提供文件系統的存儲、身份認證、權限控制等服務等,由基於Linux系統的Samba實現,結合AD提供的身份認證服務,能夠提供與Windows同樣的共享服務。算法
1.3 可擴展分佈式存儲層shell
此層爲第一層提供可無限擴展的數據存取服務、Quota,由基於linux的GlusterFS羣集實現,一共有4個節點。數據庫
1.4 集羣工做流程分析vim
1)鏈接創建過程windows
step1 客戶端訪問負載均衡器的虛擬IP(10.10.2.90)後端
step2 負載均衡器檢測到客戶端訪問請求的是虛擬IP的目標端口445/tcp或139/tcp
step3 負載均衡器將虛擬IP的MAC地址改成鏈接數最小的samba服務器MAC地址(ARP的解析過程)
step4 用戶與鏈接數最小的samba服務器創建鏈接
2)數據上傳過程
step1 用戶上傳文件到samba服務器且被samba服務器緩存在本地
step2 samba服務器將轉存數據保存到後端存儲層
3)數據讀取過程
step1 用戶到samba服務器取數據
step2 samba服務器從後端存儲層將數據取出後再傳送給用戶
2 負載均衡器層
2.1 項目的簡介
官方地址:
Keepalived的做用是檢測服務器的狀態,若是有一臺文件服務器死機,或工做出現故障,Keepalived將檢測到,並將有故障的服務器從系統中剔除,當服務器工做正常後Keepalived自動將服務器加入到服務器羣中,這些工做所有自動完成,不須要人工干涉,須要人工作的只是修復故障的服務器。
2.2 工做原理
2.2.1 LVS的架構
1)調度層(Director):
2)集羣層(Real Server)
3)共享層
2.2.2 LVS的三種工做模式
1)DR模式
- MAC層實現
- Director將請求的數據包目標MAC改成Real Server的MAC地址
- 數據直接返回客戶端
2)NAT模式
- IP層實現
- Director將請求的目標IP改成Real Server的IP
- 數據返回在Director將源IP還原
3)TUN模式
- 相似於×××實現
- Director創建加密IP隧道轉發到Real Server
- 數據直接返回客戶端
2.2.3 LVS的IP分類
1)VIP(Virtual IP)
- VIP每臺機都須要配置
- IP用於內網通信並對外提供服務
2)DIP(Driector IP)
- DIP設置於Driector服務器
- 份內外網IP,內網IP用於內部通信,外網IP用於NAT模式的外網
3)RIP(Real IP)
- RIP設置於Real服務器
- 只有內網IP,IP只用於內網通信
2.2.4 LVS的調度算法
1)輪叫調度(Round Robin,簡稱RR)
2)加權輪叫(Weighted Round Robin,簡稱WRR)
3)最少連接(Least Connection,簡稱LC)
4)加權最少連接(Weighted Least Conncetions,簡稱WLC)
2.3 Keeplived的配置
2.3.1 環境配置
KeepLive{1-2}
hostname=Keeplive{1-2}.cmdschool.org
ipaddress=10.168.0.9{0-1}
OS=CentOS 6.8
2.3.2 配置NTP
In KeepLive{1-2} :
1)安裝ntp的相關包
yum install -y chrony
2)指定內網的NTP服務器
vim /etc/chrony.conf
更改以下配置:
#server 0.rhel.pool.ntp.org iburst #server 1.rhel.pool.ntp.org iburst #server 2.rhel.pool.ntp.org iburst #server 3.rhel.pool.ntp.org iburst server 10.168.0.154 iburst
3)啓動服務並配置開機自啓動
/etc/init.d/chronyd start chkconfig chronyd on
4)同步時間
chronyc sources
2.3.3 配置Keepalived服務
1)軟件包安裝
In KeepLive{1-2} :
yum install -y ipvsadm keepalived
2)配置主服務器
In KeepLive{1-2} :
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.default echo "" > /etc/keepalived/keepalived.conf vim /etc/keepalived/keepalived.conf
配置以下:
In KeepLive1 :
vrrp_instance VI_1 {
state MASTER #備用服務器上爲 BACKUP
interface eth0
virtual_router_id 51
priority 100 #備用服務器上爲90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.168.0.90
}
}
virtual_server 10.168.0.90 445 {
delay_loop 6 #(每隔6秒查詢realserver狀態)
lb_algo wlc #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 7200 #(同一IP的鏈接7200秒內被分配到同一臺realserver)
protocol TCP #(用TCP協議檢查realserver狀態)
real_server 10.168.0.190 445 {
weight 100 #(權重)
TCP_CHECK {
connect_timeout 10 #(10秒無響應超時)
nb_get_retry 3
delay_before_retry 3
connect_port 445
}
}
real_server 10.168.0.191 445 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 445
}
}
}
virtual_server 10.168.0.90 139 {
delay_loop 6 #(每隔6秒查詢realserver狀態)
lb_algo wlc #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 7200 #(同一IP的鏈接7200秒內被分配到同一臺realserver)
protocol TCP #(用TCP協議檢查realserver狀態)
real_server 10.168.0.190 139 {
weight 100 #(權重)
TCP_CHECK {
connect_timeout 10 #(10秒無響應超時)
nb_get_retry 3
delay_before_retry 3
connect_port 139
}
}
real_server 10.168.0.190 139 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 139
}
}
}
In KeepLive2 :
vrrp_instance VI_1 {
state BACKUP #主服務器上爲 MASTER
interface eth0
virtual_router_id 51
priority 90 #主服務器上爲100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.168.0.90
}
}
virtual_server 110.168.0.90 445 {
delay_loop 6 #(每隔6秒查詢realserver狀態)
lb_algo wlc #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 7200 #(同一IP的鏈接7200秒內被分配到同一臺realserver)
protocol TCP #(用TCP協議檢查realserver狀態)
real_server 10.168.0.190 445 {
weight 100 #(權重)
TCP_CHECK {
connect_timeout 10 #(10秒無響應超時)
nb_get_retry 3
delay_before_retry 3
connect_port 445
}
}
real_server 10.168.0.191 445 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 445
}
}
}
virtual_server 10.168.0.90 139 {
delay_loop 6 #(每隔6秒查詢realserver狀態)
lb_algo wlc #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 7200 #(同一IP的鏈接7200秒內被分配到同一臺realserver)
protocol TCP #(用TCP協議檢查realserver狀態)
real_server 10.168.0.190 139 {
weight 100 #(權重)
TCP_CHECK {
connect_timeout 10 #(10秒無響應超時)
nb_get_retry 3
delay_before_retry 3
connect_port 139
}
}
real_server 10.168.0.191 139 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 139
}
}
}
3)啓動服務並配置開機啓動
In KeepLive{1-2} :
/etc/init.d/keepalived start chkconfig keepalived on
2.3.4 配置路由轉發
In KeepLive{1-2} :
1)臨時開啓路由轉發
echo 1 > /proc/sys/net/ipv4/ip_forward
2)永久開啓路由轉發
vim /etc/sysctl.conf
修改以下配置
net.ipv4.ip_forward = 1
2.3.5 配置防火牆
In KeepLive{1-2} :
vim /etc/sysconfig/iptables
加入以下條目:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
重啓防火牆使配置生效
/etc/init.d/iptables restart
2.3.6 配置Real Server服務器
In GlusterGW0{1-2} :
1)編輯配置腳本
vim /usr/local/sbin/lvs_dr_rs.sh
輸入以下內容:
#! /bin/bash vip=10.168.0.90 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
2)執行配置腳本
sh /usr/local/sbin/lvs_dr_rs.sh echo 'sh /usr/local/sbin/lvs_dr_rs.sh' >> /etc/rc.local
3 文件系統服務層
3.1 理論基礎
3.1.1 samba的簡介
Samba是在Linux和UNIX系統上實現SMB協議的一個免費軟件,由服務器及客戶端程序構成。SMB(Server Messages Block,信息服務塊)是一種在局域網上共享文件和打印機的一種通訊協議,它爲局域網內的不一樣計算機之間提供文件及打印機等資源的共享服務。SMB協議是客戶機/服務器型協議,客戶機經過該協議能夠訪問服務器上的共享文件系統、打印機及其餘資源。經過設置「NetBIOS over TCP/IP」使得Samba不但能與局域網絡主機分享資源,還能與全世界的電腦分享資源。
3.1.2 samba的起源
1991 年一個名叫Andrew Tridgwell 的大學生就有這樣的困擾,他手上有三部機器,分別是跑DOS 的我的計算機、DEC公司的 Digital Unix 系統以及 Sun 的 Unix 系統。在當時,DEC 公司有發展出一套稱爲 PATHWORKS 的軟件,這套軟件能夠用來分享 DEC 的Unix 與我的計算機的 DOS 這兩個操做系統的檔案數據,惋惜讓 Tridgwell 以爲較困擾的是,Sun的 Unix 沒法藉由這個軟件來達到數據分享的目的。這個時候 Tridgwell 就想說:『咦!既然這兩部系統能夠相互溝通,沒道理Sun 就必需這麼苦命吧?可不能夠將這兩部系統的運做原理找出來,而後讓 Sun這部機器也可以分享檔案數據呢?』,爲了解決這樣的的問題,這老兄就自行寫了個program 去偵測當 DOS 與 DEC 的 Unix 系統在進行數據分享傳送時所使用到的通信協議信息,而後將這些重要的信息擷取下來,而且基於上述所找到的通信協議而開發出ServerMessage Block (SMB) 這個檔案系統,而就是這套 SMB軟件可以讓 Unix 與 DOS 互相的分享數據!( 注:再次的給他強調一次,在Unix Like 上面能夠分享檔案數據的 file system 是 NFS,那麼在 Windows 上面使用的『網絡鄰居』所使用的檔案系統則稱爲Common Internet File System, CIFS )
3.2 推薦配置
3.2.1 Windows Server 2008 R2 server
- Deploy Windows Server 2008 R2
- Configure Active Directory Domain Services
3.2.2 Red Hat Enterprise Linux 6 systems
- Deploy Red Hat Enterprise Linux 6
- Configure SELinux Security Parameters
- Install/Configure Samba (Recommended Configurations 1, 2 only)
- Synchronize Time Services
- Configure DNS
- Install/Configure Kerberos Client
- Install oddjob-mkhomedir
3.3 Winbind Backends的分類
| Backend | Type | ID Mappings | Advantages | Disadvantages |
| idmap_tdb | Read/Write | Allocating (分配) |
Simplest to implement 簡單實現 Default winbind backend 默認的winbind後端 |
Limited scalability - not intended for consistent ID mappings across multiple RHEL servers 有限的伸縮性 - 沒有專爲跨多個RHEL服務器提供一致的ID映射 Cache corruption requires manual intervention to correct file ownership 緩存損壞須要手動介入去修正文件全部權 Static - 1 tdb entry for each SID(slower) 靜態 - 爲每個SID配置1個tdb條目 |
| idmap_rid | Read-only | Algorithmic (算法) |
User algorithmic ID mappings across multiple servers(faster) 用戶經過算法將ID映射到多個服務器(快) |
Requires additional configuration work to support a forest of AD domains or multiple domain trees 須要額外的配置工做去支持一個AD域的森林或多個域樹 |
| idmap_ad | Read-only | Assigned by admin (由管理員指定) |
Standardized user configuration (shell,home directory) 標準用戶配置(shell,家目錄) Centralized user account managenment 集中式用戶帳號管理 |
Requires additional configuration work to support a forest of AD domains or multiple domain trees 須要額外的配置工做去支持一個AD域的森林或多個域樹 Requires additional user management tasks - user/group ID attributes mustbe specified within AD 須要額外的用戶管理任務 - 用戶/組ID屬性必須在AD內指定 |
| idmap_ldap | Read/Write | Allocating (分配) |
ID mappings stored in centralized,non-AD server(RHDS,OpenLDAP,etc.) ID映射集中存儲在非AD服務器(RHDS,OpenLDAP,etc.) |
Requires external LDAP server 須要外部的LDAP服務器 Most complex configuration to implement due to Samba LDAP mapping limitations(UID/GID not store at POSIX level) 最複雜的配置去實現Samba的LDAP映射限制(UID/GID不存儲在POSIX級別) |
| idmap_adex | Read-only | Assigned by admin (由管理員指定) |
Supports ID mappings using RFC2307 attributes 支持使用RFC2307屬性進行ID映射 |
Not recommended for new deplyments(deprecated by latest versions of Samba) 不推薦用於新的部署(Samba最新版不推薦使用) |
| idmap_hash | Read-only | Algorithmic (算法) |
Similar to idmap_rid but generates UID/GID from full domain SID 相似idmap_rid可是從全域SID生成UID/GID Mappings consistent across RHEL systems 跨越RHEL系統的映射一致 |
No additional configuration but potential risk of ID collisions 沒有額外的配置但存在ID衝突的風險 |
| idmap_tdb2 | Read/Write | Allocating (分配) |
Script option availabel for performing ID mappings via an external program 腳本選項能夠經過一個外部程序執行ID映射 |
For Samba clusters(CTDB) only 僅適用於Samba羣集 |
| idmap_nss | Read-only | Pre-existing (預先存在的) |
Uses existing UID/GID mappings 使用一個已存在的UID/GID映射 |
No support for trusted domains 不支持信任域 Can't resolve mappings unless SID is available 不能解決映射除非SID是可用的 |
3.4 winbind
3.4.1 winbind的數據庫
ll /var/lib/samba/winbindd_*.tdb
顯示以下:
-rw-------. 1 root root 32768 Aug 10 01:12 /var/lib/samba/winbindd_cache.tdb -rw-r--r--. 1 root root 421888 Aug 10 00:46 /var/lib/samba/winbindd_idmap.tdb
3.4.2 數據庫的查看
1)安裝工具
yum install -y tdb-tools
2)使用工具
tdbdump /var/lib/samba/winbindd_idmap.tdb tdbdump /var/lib/samba/winbindd_cache.tdb
3.5 環境配置
3.5.1 環境信息
ad1 server(信任dg.cmdschool.org):
hostname = rootad.cmdschool.org
ipaddress = 10.168.0.154
OS = window server 2008 R2
ad2 server(信任rootad.cmdschool.org):
hostname = dg.cmdschool.org
ipaddress = 10.168.0.155
OS = window server 2008 R2
samba server:
hostname = GlusterGW0{1-2}.cmdschoolo.org
ipaddress = 10.168.0.19{0-1}
OS = CentOS 6.8
3.5.2 部署Windows 2008 Server R2
詳細請參閱:
https://technet.microsoft.com/en-us/library/dd283085.aspx
3.5.3 配置活動目錄域服務
詳細請參閱:
https://technet.microsoft.com/en-us/library/cc770946.aspx
3.5.4 配置分佈式存儲
因爲samba自己並不支持羣集,故此層是samba負載均衡成敗的關鍵,故請務必注意:
1)擴展存儲須要使用含Gluster 3.8及以上版本,配置參閱:http://cmdschool.blog.51cto.com/2420395/1828450
2)分佈式存儲須要開啓存儲鎖,配置請參閱:http://cmdschool.blog.51cto.com/2420395/1858776
利用存儲鎖解決多臺服務器之間Excel的獨佔編輯問題,防止多用戶分佈到不一樣的samba服務器同時編輯損壞文件。
3.6 基礎配置
3.6.1 配置SElinux安全參數
In GlusterGW0{1-2} :
setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
3.6.2 名稱解析配置
In GlusterGW0{1-2} :
1)hosts配置
echo "10.168.0.190 GlusterGW01.cmdschool.org GlusterGW01" >> /etc/hosts echo "10.168.0.191 GlusterGW02.cmdschool.org GlusterGW02" >> /etc/hosts echo "10.168.0.192 GlusterH01.cmdschool.org" >> /etc/hosts echo "10.168.0.193 GlusterH02.cmdschool.org" >> /etc/hosts echo "10.168.0.194 GlusterH03.cmdschool.org" >> /etc/hosts echo "10.168.0.195 GlusterH04.cmdschool.org" >> /etc/hosts
2)DNS服務器方式
echo "nameserver 10.168.0.154" >> /etc/resolv.conf echo "search ad.cmdschool.org" >> /etc/resolv.conf
3.6.3 域服務器驗證
In GlusterGW0{1-2} :
1)安裝DNS工具套件
yum install -y bind-utils
2)輸入以下命令測試
host -t A ad.cmdschool.org
3.6.4 NTP配置
In GlusterGW0{1-2} :
1)rpm包的安裝
yum install -y chrony
2)配置NTP服務器
vim /etc/chrony.conf
指定內網的NTP服務器,更改以下配置
#server 0.rhel.pool.ntp.org iburst #server 1.rhel.pool.ntp.org iburst #server 2.rhel.pool.ntp.org iburst #server 3.rhel.pool.ntp.org iburst server 10.168.0.154 iburst
3)啓動服務
並配置開機自啓動
/etc/init.d/chronyd start chkconfig chronyd on
4)同步時間
chronyc sources
3.6.5 配置yum源
In GlusterGW0{1-2} :
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm curl http://download.gluster.org/pub/gluster/glusterfs/3.7/LATEST/CentOS/glusterfs-epel.repo > /etc/yum.repos.d/glusterfs-epel.repo
3.6.6 配置防火牆
In GlusterGW0{1-2} :
/etc/init.d/iptables stop chkconfig iptables off
3.6.7 安裝相關包
In GlusterGW0{1-2} :
1)安裝相關包
yum -y install samba4 samba4-client samba4-common samba4-winbind samba4-winbind-clients
2)啓動並校驗服務
/etc/init.d/smb start /etc/init.d/smb status ps -aef | grep smb
3)配置服務開機自動啓動
chkconfig smb on chkconfig --list smb
3.7 配置文件系統服務
3.7.1 配置Kerberos服務端
In AD Server :
1)關閉UAC並重啓系統
2)新建認證用戶
注:帳號只須要一個便可實現多臺服務器認證
3)生成證書到D盤根目錄
命令行範例
setspn -A host/client.ad.example.com@AD.EXAMPLE.COM client setspn -L client ktpass /princ host/client.ad.example.com@AD.EXAMPLE.COM /out client-host.keytab /crypto all /ptype KRB5_NT_PRINCIPAL -desonly /mapuser AD\client$ +setupn +rndPass +setpass +answer
注:加證書只須要按照以上命令格式生成新的證書便可
實際操做
setspn -A GLUSTERGW02/authuser.cmdschool.org@CMDSCHOOL.ORG authuser setspn -L authuser ktpass /princ GLUSTERGW02/authuser.cmdschool.org@CMDSCHOOL.ORG /out authuser-GLUSTERGW02.keytab /crypto all /ptype KRB5_NT_PRINCIPAL -desonly /mapuser CMDSCHOOL\authuser +setupn +rndPass +setpass +answer setspn -A GLUSTERGW01/authuser.cmdschool.org@CMDSCHOOL.ORG authuser setspn -L authuser ktpass /princ GLUSTERGW01/authuser.cmdschool.org@CMDSCHOOL.ORG /out authuser-GLUSTERGW01.keytab /crypto all /ptype KRB5_NT_PRINCIPAL -desonly /mapuser CMDSCHOOL\authuser +setupn +rndPass +setpass +answer
3.7.2 配置Kerberos客戶端
In GlusterGW0{1-2} :
1)證書安裝
將Kerberos服務器端生成的證書分別複製到名稱對應的客戶端的/root目錄下並執行如下命令:
cp authuser-GLUSTERGW*.keytab /etc/krb5.keytab chown root:root /etc/krb5.keytab chmod 0600 /etc/krb5.keytab restorecon /etc/krb5.keytab
2)安裝Kerberos客戶端rpm包
yum install -y krb5-workstation
3)編輯krb5配置文件
cp /etc/krb5.conf /etc/krb5.conf.default echo "" > /etc/krb5.conf vim /etc/krb5.conf
內容修改以下:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = CMDSCHOOL.ORG
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
CMDSCHOOL.ORG = {
kdc = rootad.cmdschool.org
admin_server = rootad.cmdschool.org
}
DG.CMDSCHOOL.ORG = {
kdc = dg.cmdschool.org:88
admin_server = dg.cmdschool.org:749
}
[domain_realm]
.cmdschool.org = ROOTAD.CMDSCHOOL.ORG
cmdschool.org = ROOTAD.CMDSCHOOL.ORG
.dg.cmdschool.org = DG.CMDSCHOOL.ORG
dg.cmdschool.org = DG.CMDSCHOOL.ORG
4)測試證書是否生效
kdestroy klist
能夠看到以下提示:
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
5)初始化krb5
kinit administrator@CMDSCHOOL.ORG
確認是否成功
klist
成功能夠看到以下信息:
Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@CMDSCHOOL.ORG Valid starting Expires Service principal 08/28/16 08:59:12 08/28/16 18:59:17 krbtgt/CMDSCHOOL.ORG@CMDSCHOOL.ORG renew until 09/04/16 08:59:12
3.7.3 加域並測試
1)增長加域信息
In GlusterGW0{1-2} :
cp /etc/samba/smb.conf /etc/samba/smb.conf.default echo "" > /etc/samba/smb.conf vim /etc/samba/smb.conf
修改以下信息:
[global] workgroup = CMDSCHOOL client signing = yes client use spnego = yes kerberos method = secrets and keytab log file = /var/log/samba/%m.log max log size = 50 password server = * allow trusted domains = yes realm = CMDSCHOOL.ORG security = ads idmap uid = 10000-19999 idmap gid = 10000-19999 idmap config CMDSCHOOL:backend = rid idmap config CMDSCHOOL:range = 10000000-19999999 idmap config DG:backend = rid idmap config DG:range = 20000000-29999999 winbind enum users = no winbind enum groups = no
2)測試配置文件
In GlusterGW0{1-2} :
testparm
3)備份緩存信息
In GlusterGW0{1-2} :
/etc/init.d/smb stop /etc/init.d/winbind stop tar -cvf /var/tmp/samba-cache-backup.tar /var/lib/samba ls -l /var/tmp/samba-cache-backup.tar
4)清理緩存文件
In GlusterGW0{1-2} :
rm -f /var/lib/samba/*
4)確認清理
In GlusterGW0{1-2} :
kdestroy
正常顯示以下或無輸出:
kdestroy: No credentials cache found while destroying cache
運行
klist
正常顯示以下:
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
5)成員服務爲加域
In GlusterGW0{1-2} :
net ads join -U administrator
或者
net ads join -U administrator -S rootad.cmdschool.org
6)測試與域控的鏈接
In GlusterGW0{1-2} :
net ads testjoin
正常顯示以下:
Join is OK
或
net ads info
顯示以下:
LDAP server: 10.168.0.154 LDAP server name: RootAD.cmdschool.org Realm: CMDSCHOOL.ORG Bind Path: dc=CMDSCHOOL,dc=ORG LDAP port: 389 Server time: Sun, 28 Aug 2016 09:04:08 CST KDC server: 10.168.0.154 Server time offset: 0
7)配置密碼認證
In GlusterGW0{1-2} :
vim /etc/nsswitch.conf
修改內容以下:
passwd: files winbind group: files winbind
8)初始化Kerberos鏈接
In GlusterGW0{1-2} :
kinit administrator@CMDSCHOOL.ORG
9)啓動winbind服務並配置服務自動啓動
In Samba{1-2} :
/etc/init.d/winbind start chkconfig winbind on
10)測試
In GlusterGW0{1-2} :
獲取用戶:
wbinfo -u wbinfo -u --domain DG.CMDSCHOOL.ORG
顯示以下:
CMDSCHOOL\administrator CMDSCHOOL\guest CMDSCHOOL\krbtgt CMDSCHOOL\user1 CMDSCHOOL\user2 CMDSCHOOL\user3 CMDSCHOOL\authuser CMDSCHOOL\dg$ DG\administrator DG\guest DG\krbtgt DG\cmdschool$
獲取組信息:
wbinfo -g wbinfo -g --domain DG.CMDSCHOOL.ORG
顯示以下:
CMDSCHOOL\domain computers CMDSCHOOL\domain controllers CMDSCHOOL\schema admins CMDSCHOOL\enterprise admins CMDSCHOOL\cert publishers CMDSCHOOL\domain admins CMDSCHOOL\domain users CMDSCHOOL\domain guests CMDSCHOOL\group policy creator owners CMDSCHOOL\ras and ias servers CMDSCHOOL\allowed rodc password replication group CMDSCHOOL\denied rodc password replication group CMDSCHOOL\read-only domain controllers CMDSCHOOL\enterprise read-only domain controllers CMDSCHOOL\dnsadmins CMDSCHOOL\dnsupdateproxy CMDSCHOOL\gp1 CMDSCHOOL\gp2 CMDSCHOOL\gps DG\domain computers DG\domain controllers DG\domain admins DG\domain users DG\domain guests DG\group policy creator owners DG\read-only domain controllers DG\dnsupdateproxy
11)單用戶身份測試
id "CMDSCHOOL\administrator" id "DG\administrator"
顯示以下:
uid=10000500(CMDSCHOOL\administrator) gid=10000513(CMDSCHOOL\domain users) groups=10000513(CMDSCHOOL\domain users),10000500(CMDSCHOOL\administrator),10000572(CMDSCHOOL\denied rodc password replication group),10000518(CMDSCHOOL\schema admins),10000519(CMDSCHOOL\enterprise admins),10000512(CMDSCHOOL\domain admins),10000520(CMDSCHOOL\group policy creator owners) uid=20000500(DG\administrator) gid=20000513(DG\domain users) groups=20000513(DG\domain users),20000500(DG\administrator),20000572(DG\denied rodc password replication group),20000512(DG\domain admins),20000520(DG\group policy creator owners)
12)顯示全部域
wbinfo --all-domains
顯示以下:
BUILTIN GLUSTERGW01 CMDSCHOOL DG
13)啓動samba服務
In GlusterGW0{1-2} :
/etc/init.d/smb start
3.7.4 掛載共享存儲
1)安裝客戶端yum包
In GlusterGW0{1-2} :
yum install -y glusterfs-fuse
2)手動掛載測試
In GlusterGW0{1-2} :
mount -t glusterfs GlusterH01.cmdschool.org:/gv0 /mnt mount umount /mnt
3)自動掛載測試
In GlusterGW0{1-2} :
mkdir /data
編輯掛載點:
In GlusterGW01 :
echo 'GlusterH01.cmdschool.org:/gv0 /data glusterfs defaults,acl 0 0' >> /etc/fstab
In GlusterGW02 :
echo 'GlusterH02.cmdschool.org:/gv0 /data glusterfs defaults,acl 0 0' >> /etc/fstab
4)嘗試掛載
In GlusterGW0{1-2} :
mount -a & mount
5)檢查掛載
In GlusterGW0{1-2} :
df -h
顯示以下:
Filesystem Size Used Avail Use% Mounted on /dev/mapper/VG_OS-lv_root 18G 912M 16G 6% / tmpfs 1.5G 0 1.5G 0% /dev/shm /dev/sda1 488M 37M 426M 8% /boot GlusterH01.cmdschool.org:/gv0 400G 5.0G 395G 2% /data
3.7.5 配置根據組受權的共享
目標:實現根據組受權的共享
優勢:用戶能夠經過微軟的ADMINPACK工具簡單地修改組成員授予用戶讀寫權限
缺點:用戶沒法自定修改文件的ACL受權
1)建立用戶目錄
In GlusterGW01 :
mkdir -p /data/share{1,2}
2)目錄受權
In GlusterGW01 :
chmod 777 /data/share1 chmod 777 /data/share2
3)建立samba配置目錄
In GlusterGW01 :
mkdir -p /data/samba.d/
注:本目錄用於存儲samba的配置文件,全部samba服務器到此加載共享配置,需嚴格備份此文件夾的配置
4)修改配置文件
In GlusterGW01 :
vim /data/samba.d/share1.smb.conf
加入以下配置:
[share1] path = /data/share1 valid users = "@CMDSCHOOL\gp1" write list = "@CMDSCHOOL\gp1" create mask = 666 directory mask = 777
注:以上share1受權給gp1組(具備讀寫權限)
In GlusterGW01 :
vim /data/samba.d/share2.smb.conf
加入以下配置:
[share2] path = /data/share2 valid users = "@CMDSCHOOL\gp2" write list = "@CMDSCHOOL\gp2" create mask = 666 directory mask = 777
注: 以上share2受權給gp2組(具備讀寫權限)
4)引入配置samba配置
In GlusterGW0{1-2} :
echo "include = /data/samba.d/share1.smb.conf" >> /etc/samba/smb.conf echo "include = /data/samba.d/share2.smb.conf" >> /etc/samba/smb.conf
注:若是你想隱藏其餘的共享,只顯示當前加載的共享請使用以下配置
echo "config file = /data/samba.d/share1.smb.conf" >> /etc/samba/smb.conf echo "config file = /data/samba.d/share2.smb.conf" >> /etc/samba/smb.conf
重啓服務:
/etc/init.d/smb restart
3.7.6 配置文件ACL控制的共享
目標:實現根據文件ACL受權的共享
優勢:用戶能夠經過編輯文件的ACL來定義員授予用戶讀寫權限
缺點:因爲權限是用戶定義,管理上會增長運維人員工做量
1)建立用戶目錄
In GlusterGW01 :
mkdir -p /data/share3
2)目錄受權
chmod 700 /data/share3
3)指定目錄的管理員
In GlusterGW01 :
chown "CMDSCHOOL\user3": /data/share3/
4)修改配置文件
In GlusterGW01 :
vim /data/samba.d/share3.smb.conf
加入以下配置:
[share3] path = /data/share3 valid users = "@CMDSCHOOL\domain users" write list = "@CMDSCHOOL\domain users" create mask = 660 directory mask = 770
5)引入配置samba配置並使配置生效
In GlusterGW0{1-2} :
echo "include = /data/samba.d/share3.smb.conf" >> /etc/samba/smb.conf /etc/init.d/smb restart
6)管理員成員受權
注:
1)亦可受權給組,根據具體狀況定義
2)若是不支持,請參閱3.2.16的配置
從Linux系統底層可發現是經過文件的ACL實現的
3.7.7 配置用戶私有的共享
目標:使用用戶觸發式自動配置知足用戶私有目錄的需求
1)建立腳本存放目錄
In GlusterGW01 :
mkdir -p /data/samba.d/scripts
注:本目錄用於存儲samba的配置腳本文件,全部samba服務器到此加載,需嚴格備份此文件夾的配置
2)建立用戶目錄配置腳本
In GlusterGW01 :
vim /data/samba.d/scripts/domain_add_user.sh
輸入以下內容
#!/bin/bash domain=$1 user=$2 rootdir="/data/$domain" homedir="/data/$domain/$user" if [ ! -d "$rootdir" ]; then /bin/mkdir -p "$rootdir" /bin/chmod 777 "$rootdir" fi if [ ! -d "$homedir" ]; then /bin/mkdir -p "$homedir" /bin/chown "$domain\\$user": "$homedir" /bin/chmod 700 "$homedir" fi
3)授予腳本執行權限
In GlusterGW01 :
chmod 755 /data/samba.d/scripts/domain_add_user.sh
4)測試腳本
In GlusterGW01 :
/data/samba.d/scripts/domain_add_user.sh CMDSCHOOL user1
ls -l /data/
顯示效果以下:
total 20 drwxrwxrwx 3 root root 4096 Aug 28 2016 CMDSCHOOL drwxr-xr-x 3 root root 4096 Aug 28 2016 samba.d drwxrwxrwx 2 root root 4096 Aug 28 2016 share1 drwxrwxrwx 2 root root 4096 Aug 28 2016 share2 drwxrwx---+ 2 CMDSCHOOL\user3 CMDSCHOOL\domain users 4096 Aug 28 2016 share3
清理用戶文件夾:
rm -rf /data/CMDSCHOOL/*
注:因爲「/data」目錄下的文件夾只能由「root」用戶建立,故不能刪除「/data/CMDSCHOOL」文件夾
5)建立samba配置文件
In GlusterGW01 :
vim /data/samba.d/homes.smb.conf
測試腳本
[homes] comment = Home Directories browseable = no valid users = "@CMDSCHOOL\gp2","@CMDSCHOOL\gp1" write list = "@CMDSCHOOL\gp2","@CMDSCHOOL\gp1" path = "/data/%D/%U" create mask = 600 directory mask = 700 preexec = /data/samba.d/scripts/domain_add_user.sh %D %U [%D] valid users = "@CMDSCHOOL\gp2","@CMDSCHOOL\gp1" write list = "@CMDSCHOOL\gp2","@CMDSCHOOL\gp1" path = "/data/%D" create mask = 600 directory mask = 700 preexec = /data/samba.d/scripts/domain_add_user.sh %D %U
6)引入配置samba配置並使配置生效
In GlusterGW0{1-2} :
echo "include = /data/samba.d/homes.smb.conf" >> /etc/samba/smb.conf /etc/init.d/smb restart
3.7.8 配置複雜的共享
目標:實現共享的根下包含用戶的各個組文件夾和用戶私有文件夾
1)建立用戶目錄
In GlusterGW01 :
mkdir -p /data/share4
mkdir -p /data/share4/gp{1,2,s}
2)目錄受權
In GlusterGW01 :
建立底層管理(排他)權限:
chown root:root /data/share4 chmod 700 /data/share4
容許特定的組訪問讀寫執行
setfacl -m g:"CMDSCHOOL\gp1":rx /data/share4 setfacl -m g:"CMDSCHOOL\gp2":rx /data/share4
配置特定組文件夾訪問權限
chown root:"CMDSCHOOL\gp1" /data/share4/gp1 chown root:"CMDSCHOOL\gp2" /data/share4/gp2 chown root:"CMDSCHOOL\gpS" /data/share4/gps chmod 770 /data/share4/gp*
配置特定組文件夾組權限自動繼承
chmod g+s /data/share4/gp*
3)修改配置文件
In GlusterGW01 :
vim /data/samba.d/share4.smb.conf
加入以下配置:
[share4] path = /data/share4 valid users = "@CMDSCHOOL\gps" write list = "@CMDSCHOOL\gps" create mask = 660 directory mask = 770
6)引入配置samba配置並使配置生效
In GlusterGW0{1-2} :
echo "include = /data/samba.d/share4.smb.conf" >> /etc/samba/smb.conf /etc/init.d/smb restart
3.7.9 增長windows的ACL支持
In GlusterGW0{1-2} :
[global] ... nt acl support = yes
注:以上配置完成用戶可自行在windows下編輯文件的acl
3.7.10 文件類型過濾
1)建立類型庫
In GlusterGW01 :
mkdir -p /data/samba.d/veto_files_type
2)建立視頻規律規則
In GlusterGW01 :
vim /data/samba.d/veto_files_type/video.smb.conf
輸入以下內容:
veto files = /*.264/*.3G2/*.3GP/*.3GP2/*.3GPP/*.3GPP2/*.3MM/*.3P2/*.60D/*.787/*.890/*.AAF/*.AEC/*.AEP/*.AEPX/*.AET/*.AETX/*.AJP/*.ALE/*.AM/*.AMC/*.AMV/*.AMX/*.ANIM/*.ANX/*.AQT/*.ARCUT/*.ARF/*.ASF/*.ASX/*.AVB/*.AVC/*.AVCHD/*.AVD/*.AVI/*.AVM/*.AVP/*.AVS/*.AVS/*.AVV/*.AWLIVE/*.AXM/*.AXV/*.BDM/*.BDMV/*.BDT2/*.BDT3/*.BIK/*.BIN/*.BIX/*.BMC/*.BMK/*.BNP/*.BOX/*.BS4/*.BSF/*.BU/*.BVR/*.BYU/*.CAMPROJ/*.CAMREC/*.CAMV/*.CED/*.CEL/*.CINE/*.CIP/*.CLK/*.CLPI/*.CMMP/*.CMMTPL/*.CMPROJ/*.CMREC/*.CMV/*.CPI/*.CPVC/*.CST/*.CVC/*.CX3/*.D2V/*.D3V/*.DASH/*.DAT/*.DAV/*.DB2/*.DCE/*.DCK/*.DCR/*.DCR/*.DDAT/*.DIF/*.DIR/*.DIVX/*.DLX/*.DMB/*.DMSD/*.DMSD3D/*.DMSM/*.DMSM3D/*.DMSS/*.DMX/*.DNC/*.DPA/*.DPG/*.DREAM/*.DSY/*.DV/*.DV-AVI/*.DV4/*.DVDMEDIA/*.DVR/*.DVR-MS/*.DVX/*.DXR/*.DZM/*.DZP/*.DZT/*.EDL/*.EVO/*.EVO/*.EXO/*.EYE/*.EYETV/*.EZT/*.F4F/*.F4P/*.F4V/*.FBR/*.FBR/*.FBZ/*.FCARCH/*.FCP/*.FCPROJECT/*.FFD/*.FFM/*.FLC/*.FLH/*.FLI/*.FLV/*.FLX/*.FPDX/*.FTC/*.G64/*.GCS/*.GFP/*.GIFV/*.GL/*.GOM/*.GRASP/*.GTS/*.GVI/*.GVP/*.GXF/*.H264/*.HDMOV/*.HDV/*.HKM/*.IFO/*.IMOVIELIBRARY/*.IMOVIEMOBILE/*.IMOVIEPROJ/*.IMOVIEPROJECT/*.INP/*.INT/*.IRCP/*.IRF/*.ISM/*.ISMC/*.ISMCLIP/*.ISMV/*.IVA/*.IVF/*.IVR/*.IVS/*.IZZ/*.IZZY/*.JMV/*.JSS/*.JTS/*.JTV/*.K3G/*.KDENLIVE/*.KMV/*.KTN/*.LREC/*.LRV/*.LSF/*.LSX/*.LVIX/*.M15/*.M1PG/*.M1V/*.M21/*.M21/*.M2A/*.M2P/*.M2T/*.M2TS/*.M2V/*.M4E/*.M4U/*.M4V/*.M75/*.MANI/*.META/*.MGV/*.MJ2/*.MJP/*.MJPEG/*.MJPG/*.MK3D/*.MKV/*.MMV/*.MNV/*.MOB/*.MOD/*.MODD/*.MOFF/*.MOI/*.MOOV/*.MOV/*.MOVIE/*.MP21/*.MP21/*.MP2V/*.MP4/*.MP4.INFOVID/*.MP4V/*.MPE/*.MPEG/*.MPEG1/*.MPEG2/*.MPEG4/*.MPF/*.MPG/*.MPG2/*.MPG4/*.MPGINDEX/*.MPL/*.MPL/*.MPLS/*.MPROJ/*.MPSUB/*.MPV/*.MPV2/*.MQV/*.MSDVD/*.MSE/*.MSH/*.MSWMM/*.MT2S/*.MTS/*.MTV/*.MVB/*.MVC/*.MVD/*.MVE/*.MVEX/*.MVP/*.MVP/*.MVY/*.MXF/*.MXV/*.MYS/*.NCOR/*.NSV/*.NTP/*.NUT/*.NUV/*.NVC/*.OGM/*.OGV/*.OGX/*.ORV/*.OSP/*.OTRKEY/*.PAC/*.PAR/*.PDS/*.PGI/*.PHOTOSHOW/*.PIV/*.PJS/*.PLAYLIST/*.PLPROJ/*.PMF/*.PMV/*.PNS/*.PPJ/*.PREL/*.PRO/*.PRO4DVD/*.PRO5DVD/*.PROQC/*.PRPROJ/*.PRTL/*.PSB/*.PSH/*.PSSD/*.PVA/*.PVR/*.PXV/*.QT/*.QTCH/*.QTINDEX/*.QTL/*.QTM/*.QTZ/*.R3D/*.RCD/*.RCPROJECT/*.RCREC/*.RCUT/*.RDB/*.REC/*.RM/*.RMD/*.RMD/*.RMP/*.RMS/*.RMV/*.RMVB/*.ROQ/*.RP/*.RSX/*.RTS/*.RTS/*.RUM/*.RV/*.RVID/*.RVL/*.SAN/*.SBK/*.SBT/*.SBZ/*.SCC/*.SCM/*.SCM/*.SCN/*.SCREENFLOW/*.SDV/*.SEC/*.SEC/*.SEDPRJ/*.SEQ/*.SFD/*.SFERA/*.SFVIDCAP/*.SIV/*.SMI/*.SMI/*.SMIL/*.SMK/*.SML/*.SMV/*.SNAGPROJ/*.SPL/*.SQZ/*.SRT/*.SSF/*.SSM/*.STL/*.STR/*.STX/*.SVI/*.SWF/*.SWI/*.SWT/*.TDA3MT/*.TDT/*.TDX/*.THEATER/*.THP/*.TID/*.TIVO/*.TIX/*.TOD/*.TP/*.TP0/*.TPD/*.TPR/*.TREC/*.TRP/*.TS/*.TSP/*.TTXT/*.TVLAYER/*.TVRECORDING/*.TVS/*.TVSHOW/*.USF/*.USM/*.VBC/*.VC1/*.VCPF/*.VCR/*.VCV/*.VDO/*.VDR/*.VDX/*.VEG/*.VEM/*.VEP/*.VF/*.VFT/*.VFW/*.VFZ/*.VGZ/*.VID/*.VIDEO/*.VIEWLET/*.VIV/*.VIVO/*.VIX/*.VLAB/*.VMLF/*.VMLT/*.VOB/*.VP3/*.VP6/*.VP7/*.VPJ/*.VRO/*.VS4/*.VSE/*.VSP/*.VTT/*.W32/*.WCP/*.WEBM/*.WFSP/*.WGI/*.WLMP/*.WM/*.WMD/*.WMMP/*.WMV/*.WMX/*.WOT/*.WP3/*.WPL/*.WSVE/*.WTV/*.WVE/*.WVX/*.WXP/*.XEJ/*.XEL/*.XESC/*.XFL/*.XLMV/*.XML/*.XMV/*.XVID/*.Y4M/*.YOG/*.YUV/*.ZEG/*.ZM1/*.ZM2/*.ZM3/*.ZMV/
3)建立音頻規則
In GlusterGW01 :
vim /data/samba.d/veto_files_type/audio.smb.conf
輸入以下內容:
veto files = /*.3GA/*.4MP/*.5XB/*.5XE/*.5XS/*.669/*.8SVX/*.A2B/*.A2I/*.A2M/*.A2P/*.A2T/*.A2W/*.AA/*.AA3/*.AAC/*.AAX/*.ABC/*.ABM/*.AC3/*.ACD/*.ACD-BAK/*.ACD-ZIP/*.ACM/*.ACT/*.ADG/*.ADT/*.ADTS/*.AFC/*.AGM/*.AGR/*.AHX/*.AIF/*.AIFC/*.AIFF/*.AIMPPL/*.AKP/*.ALAW/*.ALC/*.ALS/*.AMF/*.AMR/*.AMS/*.AMS/*.AMXD/*.AMZ/*.ANG/*.AOB/*.APE/*.APF/*.APL/*.ASD/*.AT3/*.AU/*.AU/*.AUD/*.AUP/*.AVASTSOUNDS/*.AXA/*.BAND/*.BAP/*.BDD/*.BIDULE/*.BMML/*.BNK/*.BRR/*.BUN/*.BWF/*.BWG/*.BWW/*.CAF/*.CAFF/*.CDA/*.CDDA/*.CDLX/*.CDO/*.CDR/*.CEL/*.CFA/*.CGRP/*.CIDB/*.CKB/*.CKF/*.CMF/*.CONFORM/*.COPY/*.CPR/*.CPT/*.CSH/*.CTS/*.CWB/*.CWP/*.CWS/*.CWT/*.DCF/*.DCM/*.DCT/*.DEWF/*.DF2/*.DFC/*.DFF/*.DIG/*.DIG/*.DJR/*.DLS/*.DM/*.DMC/*.DMF/*.DMSA/*.DMSE/*.DRA/*.DRG/*.DS2/*.DSF/*.DSM/*.DSS/*.DTM/*.DTS/*.DTSHD/*.DVF/*.DW/*.DWD/*.EFA/*.EFE/*.EFK/*.EFQ/*.EFS/*.EFV/*.EMD/*.EMP/*.EMX/*.EMY/*.EOP/*.ERB/*.ESPS/*.F2R/*.F32/*.F3R/*.F4A/*.F64/*.FAR/*.FDP/*.FEV/*.FLAC/*.FLM/*.FLP/*.FLP/*.FPA/*.FRG/*.FSB/*.FSC/*.FSM/*.FTI/*.FTM/*.FTM/*.FTMX/*.FUZ/*.FZF/*.FZV/*.G721/*.G723/*.G726/*.GBS/*.GIG/*.GMC/*.GP5/*.GPBANK/*.GPK/*.GPX/*.GROOVE/*.GSF/*.GSFLIB/*.GSM/*.GYM/*.H0/*.H3B/*.H3E/*.H4B/*.H4E/*.H5B/*.H5E/*.H5S/*.HBB/*.HBE/*.HBS/*.HDP/*.HMA/*.HPS/*.HSB/*.IAA/*.ICS/*.IFF/*.IGP/*.IMP/*.INS/*.INS/*.ISMA/*.IT/*.ITI/*.ITLS/*.JSPF/*.K26/*.KAR/*.KFN/*.KOZ/*.KOZ/*.KPL/*.KRZ/*.KSD/*.KSF/*.KT3/*.LA/*.LOGIC/*.LOGICX/*.LSO/*.LVP/*.LWV/*.M/*.M2/*.M3U/*.M3U8/*.M4A/*.M4B/*.M4P/*.M4R/*.MA1/*.MBR/*.MDC/*.MDR/*.MED/*.MGV/*.MID/*.MIDI/*.MINIGSF/*.MINIPSF/*.MINIPSF2/*.MINIUSF/*.MKA/*.MMF/*.MMLP/*.MMM/*.MMP/*.MMP/*.MMPZ/*.MO3/*.MOD/*.MOGG/*.MP2/*.MP3/*.MP_/*.MPA/*.MPC/*.MPDP/*.MPGA/*.MPU/*.MSCX/*.MSCZ/*.MSV/*.MTE/*.MTF/*.MTI/*.MTM/*.MTP/*.MTS/*.MU3/*.MUI/*.MUS/*.MUS/*.MUS/*.MUSX/*.MUX/*.MUX/*.MX3/*.MX4/*.MX5/*.MX5TEMPLATE/*.MXL/*.MXMF/*.MYR/*.NARRATIVE/*.NBS/*.NCW/*.NKB/*.NKC/*.NKI/*.NKM/*.NKS/*.NKX/*.NML/*.NMSV/*.NOTE/*.NRA/*.NRT/*.NSA/*.NST/*.NTN/*.NWC/*.OBW/*.ODM/*.OGA/*.OGG/*.OKT/*.OMA/*.OMF/*.OMG/*.OMX/*.OPUS/*.OTS/*.OVE/*.OVW/*.PANDORA/*.PCA/*.PCAST/*.PCG/*.PCM/*.PEAK/*.PEK/*.PJUNOXL/*.PK/*.PKF/*.PLA/*.PLS/*.PLST/*.PLY/*.PNA/*.PPC/*.PSF/*.PSF1/*.PSF2/*.PSM/*.PTCOP/*.PTF/*.PTM/*.PTS/*.PTT/*.PTX/*.PTXT/*.PVC/*.Q1/*.Q2/*.QCP/*.R1M/*.RA/*.RAD/*.RAM/*.RAX/*.RBS/*.REX/*.RFL/*.RGRP/*.RIP/*.RMI/*.RMJ/*.RMX/*.RNG/*.RNS/*.ROL/*.RSF/*.RSN/*.RSO/*.RTA/*.RTI/*.RX2/*.S3I/*.S3M/*.SAF/*.SAP/*.SBG/*.SBI/*.SC2/*.SCS11/*.SD/*.SD/*.SD2/*.SDAT/*.SDS/*.SEQ/*.SES/*.SESX/*.SF2/*.SFK/*.SFL/*.SFPACK/*.SFZ/*.SGP/*.SHN/*.SIB/*.SLP/*.SLX/*.SMA/*.SMF/*.SMP/*.SMP/*.SMPX/*.SND/*.SND/*.SNG/*.SNG/*.SNS/*.SOU/*.SPH/*.SPPACK/*.SPRG/*.SSEQ/*.SSEQ/*.SSM/*.SSND/*.STAP/*.STM/*.STX/*.STY/*.SVD/*.SVQ/*.SVX/*.SWA/*.SXT/*.SYH/*.SYN/*.SYW/*.SYX/*.TAK/*.TD0/*.TG/*.THX/*.TOC/*.TRAK/*.TSP/*.TTA/*.TXW/*.U/*.UAX/*.UB/*.ULT/*.UNI/*.USF/*.USFLIB/*.UST/*.UW/*.UWF/*.V2M/*.VAG/*.VAP/*.VC3/*.VCE/*.VIP/*.VLC/*.VMD/*.VMF/*.VMO/*.VOC/*.VOX/*.VOXAL/*.VPL/*.VPM/*.VPW/*.VQF/*.VRF/*.VSQ/*.VSQX/*.VTX/*.VYF/*.W01/*.W64/*.WAV/*.WAV/*.WAVE/*.WAX/*.WEM/*.WFB/*.WFD/*.WFM/*.WFP/*.WMA/*.WOW/*.WPK/*.WPP/*.WPROJ/*.WRK/*.WUS/*.WUT/*.WV/*.WVC/*.WVE/*.WWU/*.XA/*.XA/*.XBMML/*.XFS/*.XM/*.XMI/*.XMS/*.XMU/*.XPF/*.XRNS/*.XSP/*.XSPF/*.YOOKOO/*.ZGR/*.ZPL/*.ZVD/
4)導入過濾規則
In GlusterGW0{1-2} :
vim /etc/samba/smb.conf
修改配置以下:
[global] ... include = /data/samba.d/veto_files_type/video.smb.conf include = /data/samba.d/veto_files_type/audio.smb.conf
重啓服務是配置生效
/etc/init.d/smb restart
5)其餘文類型請參閱
----------------------------------------------------------------
參閱文檔
----------------------------------------------------------------
官方文檔
----------
用戶文檔:
https://wiki.samba.org/index.php/Main_Page
企業samba的安裝包:
https://samba.plus/older-packages/
https://samba.plus/samba-3/red-hats-rhel/
http://ftp.sernet.de/pub/samba/3.4/rhel/6/x86_64/
Samba+的源
https://portal.enterprisesamba.com/
官方配置文檔:
https://wiki.samba.org/index.php/User_Documentation
配置samba成爲域成員:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
https://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html
配置一個sambaAD域控制器:
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
加一個額外的DC到現有的活動目錄:
https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory
本地samba數據庫信息:
https://wiki.samba.org/index.php/Frequently_Asked_Questions
紅帽的資料:
winbind的離線登陸
https://wiki.samba.org/index.php/PAM_Offline_Authentication
-----------
非官方文檔
-----------
理論文章:
http://www.tuicool.com/articles/ie6fue
samba的搭建:
http://www.toxingwang.com/linux-unix/linux-admin/584.html
samba的權限控制:
http://os.51cto.com/art/201101/243960.htm
AD用戶數量統計:
http://jankie.blog.51cto.com/6640/104269
--------
samba 集羣
-----------
https://wiki.samba.org/index.php/Clustered_Samba
http://www.tuicool.com/articles/rYJBZb
https://wiki.samba.org/index.php/CTDB_Setup#Critical_smb.conf_parameters
kerberos
http://blog.csdn.net/wulantian/article/details/42418231
http://www.cnblogs.com/artech/archive/2011/01/24/kerberos.html
http://blog.sina.com.cn/s/blog_716c1cc8010119ne.html
http://blog.scottlowe.org/2007/07/09/uac-and-ktpassexe/
http://www.tuicool.com/articles/ie6fue
常見的Krb5錯誤消息:
http://joshuasabrina.iteye.com/blog/1895281
IBM的文章
http://www.ibm.com/developerworks/cn/linux/l-lpic3-313-3/
smb.conf的配置
https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
SSSD
https://fedorahosted.org/sssd/
https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
SETSPN.exe命令的用法
http://blog.csdn.net/wzhwho/article/details/6169624
Windows SID的修改
- 1. samba4的負載均衡羣集
- 2. 負載均衡集羣,Haproxy
- 3. LVS負載均衡集羣
- 4. LVS負載均衡羣集
- 5. Lvs負載均衡羣集
- 6. LVS-負載均衡集羣
- 7. 負載均衡集羣LVS
- 8. 【LVS】負載均衡集羣
- 9. 負載均衡集羣
- 10. 集羣負載均衡
- 更多相關文章...
- • Swarm 集羣管理 - Docker教程
- • ionic 加載動作 - ionic 教程
- • ☆技術問答集錦(13)Java Instrument原理
- • 漫談MySQL的鎖機制
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. No provider available from registry 127.0.0.1:2181 for service com.ddbuy.ser 解決方法
- 2. Qt5.7以上調用虛擬鍵盤(支持中文),以及源碼修改(可拖動,水平縮放)
- 3. 軟件測試面試- 購物車功能測試用例設計
- 4. ElasticSearch(概念篇):你知道的, 爲了搜索…
- 5. redux理解
- 6. gitee創建第一個項目
- 7. 支持向量機之硬間隔(一步步推導,通俗易懂)
- 8. Mysql 異步複製延遲的原因及解決方案
- 9. 如何在運行SEPM配置嚮導時將不可認的複雜數據庫密碼改爲簡單密碼
- 10. windows系統下tftp服務器使用
- 1. samba4的負載均衡羣集
- 2. 負載均衡集羣,Haproxy
- 3. LVS負載均衡集羣
- 4. LVS負載均衡羣集
- 5. Lvs負載均衡羣集
- 6. LVS-負載均衡集羣
- 7. 負載均衡集羣LVS
- 8. 【LVS】負載均衡集羣
- 9. 負載均衡集羣
- 10. 集羣負載均衡