User Tools

Site Tools

Trace:
nas_centos7

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
nas_centos7 [2015/03/28 16:56] herwarthnas_centos7 [2015/04/12 08:41] (current) herwarth
Line 18: Line 18:
 </code> </code>
 Set the FQDN in /etc/hostname. Set the FQDN with IP in /etc/hosts Set the FQDN in /etc/hostname. Set the FQDN with IP in /etc/hosts
 +=====NTP client=====
 +====Installation====
 +  yum install chrony
 +====Configuration====
 +<code - /etc/chrony.conf>
 +server 10.108.108.5 iburst
 +</code>
 +  systemctl enable chronyd
 +  systemctl restart chronyd
  
 =====Samba===== =====Samba=====
Line 56: Line 65:
   samba-tool domain level raise --domain-level 2008_R2 --forest-level 2008_R2   samba-tool domain level raise --domain-level 2008_R2 --forest-level 2008_R2
   samba-tool domain level show   samba-tool domain level show
 +
 +Disable password complexity
 +
 +  samba-tool domain passwordsettings set --complexity=off
 +  samba-tool domain passwordsettings set --history-length=0
 +  samba-tool domain passwordsettings set --min-pwd-age=0
 +  samba-tool domain passwordsettings set --max-pwd-age=0
 +  samba-tool domain passwordsettings set --min-pwd-length=0
  
 ====Homedir on server==== ====Homedir on server====
Line 105: Line 122:
  
 Having the correct permissions set on the server share also protects users from accessing another user's files. If you set the permissions correctly as outlined in this howto you should be able to test this successfully. Having the correct permissions set on the server share also protects users from accessing another user's files. If you set the permissions correctly as outlined in this howto you should be able to test this successfully.
 +====Set security policy to allow domain====
 +  Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone Assignment List > Enable and add a zone: value name: *.lzw.zorgnet value 1
 +The above is enough, but just in case:
 +  User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone Assignment List > Enable and add a zone: value name: *.lzw.zorgnet value 1
 +
 +====DHCP disable change hostname policy====
 +Computer Configuration > Policies > Administrative Templates > Network > DNS Client > Dynamic Update = Disabled > Register PTR Records = Disabled
 +
 +====Set drive mappings====
 +  User Configuration > Preferences > Windows Settings > Drive maps (choose replace as type)
 +   - F: \\nas.lzw.zorgnet\data
 +   - H: \\nas.lzw.zorgnet\users\%username%
 +   - M: \\nas.lzw.zorgnet\mirasrc
 +   - U: \\nas.lzw.zorgnet\uirom
 +   - W: \\nas.lzw.zorgnet\windata
 +   - T: \\nas.lzw.zorgnet\temp
 +====Add printers====
 +   - Add printerdrivers using Print Management tool in Windows
 +   - Connect drivers to cups printers:
 +
 +  rpcclient localhost -U administrator -c 'enumdrivers'
 +
 +  rpcclient localhost -U administrator -c 'setdriver "ETKPRT1L" "Star TSP442 Line Mode Printer"'
 +  rpcclient localhost -U administrator -c 'setdriver "RECPRT1L" "HP LaserJet P2050 Series PCL6"'
 +  rpcclient localhost -U administrator -c 'setdriver "RECPRT2L" "Samsung SCX-483x 5x3x Series"'
 +  rpcclient localhost -U administrator -c 'setdriver "SYSPRT1L" "HP LaserJet P2050 Series PCL6"'
 +  rpcclient localhost -U administrator -c 'setdriver "SYSPRT2L" "Samsung SCX-483x 5x3x Series"'
 +  rpcclient localhost -U administrator -c 'setdriver "SYSPRT1LD" "HP LaserJet P2050 Series PCL6"'
 +  rpcclient localhost -U administrator -c 'setdriver "SYSPRT2LD" "Samsung SCX-483x 5x3x Series"'
 +
 +  rpcclient localhost -U administrator -c 'enumprinters'
 +
 +In the end we have the following samba configuration:
 +
 +<code - /etc/samba/smb.conf>
 +# Global parameters
 +[global]
 + workgroup = LZW
 + realm = LZW.ZORGNET
 + netbios name = NAS
 + server role = active directory domain controller
 +# our own dns server
 +# dns forwarder = 10.108.108.5
 +# zorgnet dns forwarder
 + dns forwarder = 10.254.253.201
 + idmap_ldb:use rfc2307 = yes
 +
 +[netlogon]
 + path = /var/lib/samba/sysvol/lzw.zorgnet/scripts
 + read only = no
 +
 +[sysvol]
 + path = /var/lib/samba/sysvol
 + read only = no
 +
 +[users]
 +        path = /mnt/storage/users
 +        comment = user folders for redirection
 +        read only = no
 +
 +[data]
 + path = /mnt/storage/data
 + comment = data share
 + read only = no
 +
 +[mirasrc]
 + path = /mnt/storage/mirasrc
 + comment = share used by mira application
 + read only = no
 +
 +[uirom]
 + path = /mnt/storage/uirom
 + comment = unknown share
 + read only = no
 +
 +[windata]
 + path = /mnt/storage/windata
 + comment = unknown share
 + read only = no
 +
 +[temp]
 + path = /mnt/storage/temp
 + comment = temporary share
 + read only = no
 +
 +[print$]
 + path = /mnt/storage/printer_drivers
 + comment = share with network printer drivers
 + read only = no
 +
 +[printers]
 + path = /var/spool/samba
 + printable = yes
 + printing = CUPS
 +
 +[ETKPRT1L]
 + path = /var/spool/samba
 + browseable = yes
 + printable = yes
 + printer name = ETKPRT1L
 + read only = no
 +
 +[RECPRT1L]
 + path = /var/spool/samba
 + browseable = yes
 + printable = yes
 + printer name = RECPRT1L
 + read only = no
 +
 +[RECPRT2L]
 + path = /var/spool/samba
 + browseable = yes
 + printable = yes
 + printer name = RECPRT2L
 + read only = no
 +
 +[SYSPRT1L]
 + path = /var/spool/samba
 + browseable = yes
 + printable = yes
 + printer name = SYSPRT1L
 + read only = no
 +
 +[SYSPRT1LD]
 + path = /var/spool/samba
 + browseable = yes
 + printable = yes
 + printer name = SYSPRT1LD
 + read only = no
 +
 +[SYSPRT2L]
 + path = /var/spool/samba
 + browseable = yes
 + printable = yes
 + printer name = SYSPRT2L
 + read only = no
 +
 +[SYSPRT2LD]
 + path = /var/spool/samba
 + browseable = yes
 + printable = yes
 + printer name = SYSPRT2LD
 + read only = no
 +</code>
 +
 +  mkdir /var/spool/samba
 +  chmod 1777 /var/spool/samba
 +
 +=====Cups printserver=====
 +====Installation====
 +  yum install cups ghostscript hplip-common
 +====Configuration====
 +<code - /etc/cups/cupsd.conf>
 +.
 +Listen 0.0.0.0:631
 +.
 +DefaultEncryption Never
 +.
 +.
 +# Restrict access to the server...
 +<Location />
 +  Order allow,deny
 +  Allow 10.108.108.0/24
 +</Location>
 +
 +# Restrict access to the admin pages...
 +<Location /admin>
 +  Order allow,deny
 +  Allow 10.108.108.0/24
 +</Location>
 +.
 +.
 +</code>
 +  systemctl start cups
 +  systemctl enable cups
 +
 +Add the printers via de webgui running on port 631
 +An example config after adding printers in the gui
 +
 +<code - /etc/cups/printers.conf>
 +# Printer configuration file for CUPS v1.6.3
 +# Written by cupsd on 2015-04-05 21:06
 +# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
 +<Printer ETKPRT1L>
 +UUID urn:uuid:2919023d-a5b3-33a6-525f-98dedb73c838
 +Info Star TSP442
 +DeviceURI socket://10.108.108.50:9100
 +State Idle
 +StateTime 1428174490
 +Type 4
 +Accepting Yes
 +Shared Yes
 +JobSheets none none
 +QuotaPeriod 0
 +PageLimit 0
 +KLimit 0
 +OpPolicy default
 +ErrorPolicy stop-printer
 +</Printer>
 +<Printer RECPRT1L>
 +UUID urn:uuid:9a25d5bb-9b25-3da5-5ae3-1f47e05dc2ec
 +Info HP Laserjet P2055dn
 +DeviceURI socket://10.108.108.51:9100
 +State Idle
 +StateTime 1428178354
 +Type 4
 +Accepting Yes
 +Shared Yes
 +JobSheets none none
 +QuotaPeriod 0
 +PageLimit 0
 +KLimit 0
 +OpPolicy default
 +ErrorPolicy stop-printer
 +</Printer>
 +<Printer RECPRT2L>
 +UUID urn:uuid:d36e22c2-8116-37e5-5d15-53182a4d84fb
 +Info Samsung SCX-483x 5x3x series
 +DeviceURI socket://10.108.108.60:9100
 +State Idle
 +StateTime 1428178569
 +Type 4
 +Accepting Yes
 +Shared Yes
 +JobSheets none none
 +QuotaPeriod 0
 +PageLimit 0
 +KLimit 0
 +OpPolicy default
 +ErrorPolicy stop-printer
 +</Printer>
 +<Printer SYSPRT1L>
 +UUID urn:uuid:3b990d2d-df8e-3ff0-52f6-23b3eefb77d8
 +Info HP Laserjet P2055dn
 +DeviceURI socket://10.108.108.51:9100
 +State Idle
 +StateTime 1428178686
 +Type 4
 +Accepting Yes
 +Shared Yes
 +JobSheets none none
 +QuotaPeriod 0
 +PageLimit 0
 +KLimit 0
 +OpPolicy default
 +ErrorPolicy stop-printer
 +</Printer>
 +<Printer SYSPRT1LD>
 +UUID urn:uuid:4c5de6d6-d3ba-3358-5653-65bf24278e50
 +Info HP Laserjet P2055dn
 +DeviceURI socket://10.108.108.51:9100
 +State Idle
 +StateTime 1428178879
 +Type 4
 +Accepting Yes
 +Shared Yes
 +JobSheets none none
 +QuotaPeriod 0
 +PageLimit 0
 +KLimit 0
 +OpPolicy default
 +ErrorPolicy stop-printer
 +</Printer>
 +<Printer SYSPRT2L>
 +UUID urn:uuid:cb1b72d8-ceab-3ab4-7f5c-61ba2bf31a7e
 +Info Samsung SCX-483x 5x3x series
 +DeviceURI socket://10.108.108.60:9100
 +State Idle
 +StateTime 1428178779
 +Type 4
 +Accepting Yes
 +Shared Yes
 +JobSheets none none
 +QuotaPeriod 0
 +PageLimit 0
 +KLimit 0
 +OpPolicy default
 +ErrorPolicy stop-printer
 +</Printer>
 +<Printer SYSPRT2LD>
 +UUID urn:uuid:92455dcb-1409-33e8-5871-62c0bc5979ed
 +Info Samsung SCX-483x 5x3x series
 +DeviceURI socket://10.108.108.60:9100
 +State Idle
 +StateTime 1428178962
 +Type 4
 +Accepting Yes
 +Shared Yes
 +JobSheets none none
 +QuotaPeriod 0
 +PageLimit 0
 +KLimit 0
 +OpPolicy default
 +ErrorPolicy stop-printer
 +</Printer>
 +</code>
 =====Firewall configuration===== =====Firewall configuration=====
 ====Remove all default rules==== ====Remove all default rules====
nas_centos7.1427561781.txt.gz · Last modified: by herwarth

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki