15:38:11
|
#smbclient -U testsambauser -L //192.168.16.3
Password: tree connect failed: Call returned zero bytes (EOF) |
| /l3/users/10-12-2007/unix-win/linux3.net.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22 :23 :24 :25 :26 :27 :28 :29 |
|
|
#ls -l /home
# Unix users can map to different SMB User names
; username map = /etc/samba/smbusers
# Using the following line enables you to customise your configuration
"/etc/samba/smb.conf" 326L, 11667C записано
[root@linux3:~]# /etc/init.d/smb restart
Останавливаются службы SMB: [ ОК ]
Останавливаются службы NMB: [ ОК ]
Запускаются службы SMB: [ ОК ]
Запускаются службы NMB: [ ОК ]
итого 1
...
drwxr-xr-x 2 testt root 80 Дек 14 13:01 testt2
drwxr-xr-x 2 testsambauser root 48 Дек 14 13:06 testt3
drwxr-xr-x 2 testuser root 48 Дек 14 11:51 testuser
drwxr-xr-x 2 root root 48 Дек 14 12:06 tetsuser
drwxr-xr-x 19 user user 872 Дек 14 11:34 user
loginShell: /bin/bash
gecos: System User
userPassword: {SSHA}edPz7x+11qQhEok9MkZUfMPtL7pFZUs3
[root@linux3:~]# smbc
-----------------------------------------------------------------------------------------------------
|
|
#ping www.ya.ru
PING ya.ru (213.180.204.8) 56(84) bytes of data. 64 bytes from ya.ru (213.180.204.8): icmp_seq=0 ttl=56 time=177 ms 64 bytes from ya.ru (213.180.204.8): icmp_seq=1 ttl=56 time=266 ms 64 bytes from ya.ru (213.180.204.8): icmp_seq=2 ttl=56 time=127 ms --- ya.ru ping statistics --- 4 packets transmitted, 3 received, 25% packet loss, time 3012ms rtt min/avg/max/mdev = 127.940/190.832/266.658/57.366 ms, pipe 2 |
|
#ls /etc/pam.d/
authconfig-gtk kuser seuserx system-config-printer
chfn login smtp system-config-printer-gui
chsh neat smtp.sendmail system-config-printer-tui
cpufreq-selector newrole sshd system-config-rootpassword
crond other sshd_orig system-config-securitylevel
cups passwd su system-config-services
dateconfig poweroff sudo system-config-soundcard
ethereal ppp system-auth system-config-time
gdm printconf system-cdinstall-helper system-config-users
gdm-autologin printconf-gui system-config-authentication system-install-packages
gdmsetup printconf-tui system-config-date vlock
gnome-system-log printtool system-config-display xdm
halt reboot system-config-keyboard xscreensaver
hibernate remote system-config-language xserver
hwbrowser run_init system-config-mouse yumex
internet-druid samba system-config-network
kbdrate screen system-config-network-cmd
107,10 36%
|
|
#smbclient -U testsambauser -L //192.168.16.3
Password: tree connect failed: Call returned zero bytes (EOF) |
|
#ls -lt /var/log
итого 1139 -rw------- 1 root root 141935 Дек 14 15:38 messages drwx------ 3 root root 208 Дек 14 15:36 samba -rw------- 1 root root 39322 Дек 14 15:35 cron -rw-r--r-- 1 root root 561705 Дек 14 15:33 Xorg.0.log -rw-rw-r-- 1 root utmp 36096 Дек 14 15:04 wtmp -rw-r--r-- 1 root root 864 Дек 14 13:48 yum.log -rw------- 1 root root 77433 Дек 14 13:26 secure -rw-r--r-- 1 root root 18980584 Дек 14 13:26 lastlog -rw------- 1 root utmp 22272 Дек 14 13:06 btmp ... -rw-r--r-- 1 root root 56564 Дек 14 09:18 Xorg.0.log.old drwxr-xr-x 2 lp sys 112 Дек 13 20:14 cups drwxr-x--- 2 root root 80 Дек 13 20:11 audit -rw------- 1 root root 0 Дек 13 20:11 boot.log drwxr-xr-x 2 uucp uucp 120 Дек 13 09:55 uucp -rw-r--r-- 1 root root 44281 Дек 13 09:55 scrollkeeper.log drwxr-xr-x 2 root root 80 Дек 13 09:46 mail -rw------- 1 root root 0 Дек 13 09:41 spooler drwx------ 2 root root 48 Окт 20 2005 ppp drwxr-xr-x 2 root root 48 Окт 19 2005 vbox |
|
#tail -f /var/log/messages
Dec 14 15:36:36 linux3 nmbd[17797]: [2007/12/14 15:36:36, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) Dec 14 15:36:36 linux3 nmbd[17797]: ***** Dec 14 15:36:36 linux3 nmbd[17797]: Dec 14 15:36:36 linux3 nmbd[17797]: Samba name server LINUX3 is now a local master browser for workgroup MYDCLOCAL on subnet 192.168.16.3 Dec 14 15:36:36 linux3 nmbd[17797]: Dec 14 15:36:36 linux3 nmbd[17797]: ***** Dec 14 15:36:49 linux3 smbd[17825]: [2007/12/14 15:36:49, 0] lib/access.c:check_access(327) Dec 14 15:36:49 linux3 smbd[17825]: Denied connection from (192.168.16.3) Dec 14 15:38:14 linux3 smbd[17887]: [2007/12/14 15:38:14, 0] lib/access.c:check_access(327) Dec 14 15:38:14 linux3 smbd[17887]: Denied connection from (192.168.16.3) |
|
#vim /etc/smbldap-tools/smbldap
|
|
#vim /etc/smbldap-tools/smbldap.conf
|
|
#cpan
Net-SSLeay-1.32/examples/ssl-inetd-serv.pl
Net-SSLeay-1.32/examples/get_page.pl
Net-SSLeay-1.32/examples/tcpcat.pl
Net-SSLeay-1.32/examples/passwd-cb.pl
Net-SSLeay-1.32/examples/bulk.pl
Net-SSLeay-1.32/examples/server_key.pem
Net-SSLeay-1.32/examples/makecert.pl
Net-SSLeay-1.32/Changes
Net-SSLeay-1.32/MANIFEST
Net-SSLeay-1.32/typemap
...
t/1................dubious
Test returned status 2 (wstat 512, 0x200)
DIED. FAILED test 1
Failed 1/1 tests, 0.00% okay
t/carped...........Can't locate Test/Builder/Tester.pm in @INC (@INC contains: /root/.cpan/build/Test-Warn-0.10/blib/lib/5.8.6/i386-linux-thread-multi /root/.cpan/build/Test-Warn-0.10/blib/lib/5.8.6 /root/.cpan/build/Test-Warn-0.10/blib/lib/i386-linux-thread-multi /root/.cpan/build/Test-Warn-0.10/blib/lib/5.8.5 /root/.cpan/build/Test-Warn-0.10/blib/lib/5.8.4 /root/.cpan/build/Test-Warn-0.10/blib/l
BEGIN failed--compilation aborted at t/carped.t line 8.
t/carped...........dubious
Test returned status 2 (wstat 512, 0x200)
t/pod..............skipped
all skipped: Test::Pod 1.14 required for testing POD
|
|
#firefox
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
ldap://127.0.0.1
; unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*
tokens*updated*successfully*
# Unix users can map to different SMB User names
; username map = /etc/samba/smbusers
# Using the following line enables you to customise your configuration
...
Останавливаются службы SMB: [ ОК ]
Останавливаются службы NMB: [ ОК ]
Запускаются службы SMB: [ ОК ]
Запускаются службы NMB: [ ОК ]
You have new mail in /var/spool/mail/root
loginShell: /bin/bash
gecos: System User
userPassword: {SSHA}edPz7x+11qQhEok9MkZUfMPtL7pFZUs3
[root@linux3:~]# smbc
-----------------------------------------------------------------------------------------------------
|
|
#vim /etc/pam.d/samba
|
|
#vim /etc/pam.d/sshd
|
|
#vim /etc/pam.d/samba
1a2,3 > > auth sufficient /lib/security/pam_ldap.so 3a6 > account sufficient /lib/security/pam_ldap.so 6a10 > password sufficient /lib/security/pam_ldap.so |
|
#vim /etc/pam.d/samba
|
|
#smbclient -U testsambauser -L //192.168.16.3
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Password: tree connect failed: Call returned zero bytes (EOF) |
|
#vim /etc/samba/smb.conf
74,75c74,75 < ; smb passwd file = /etc/samba/smbpasswd < #passdb backend = tdbsam --- > # smb passwd file = /etc/samba/smbpasswd > passdb backend = tdbsam |
|
#/etc/init.d/smb restart
Останавливаются службы SMB: [ ОК ] Останавливаются службы NMB: [ ОК ] Запускаются службы SMB: [ ОК ] Запускаются службы NMB: [ ОК ] |
|
#smbclient -U testsambauser -L //192.168.16.3
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem"
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key"
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=idealx,dc=org"
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=Users,${suffix}"
Error connecting to 192.168.16.3 (В соединении отказано)
Connection to 192.168.16.3 failed
107,10 36%
|
|
#vim /etc/samba/smb.conf
|
|
#/etc/init.d/smb restart
# just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Останавливаются службы SMB: [ ОК ] Останавливаются службы NMB: [ ОК ] Запускаются службы SMB: [ ОК ] Запускаются службы NMB: [ ОК ] |
|
#smbclient -U testsambauser -L //192.168.16.3
Error connecting to 192.168.16.3 (В соединении отказано) Connection to 192.168.16.3 failed |
|
#/etc/init.d/smb restart
# just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Останавливаются службы SMB: [ ОК ] Останавливаются службы NMB: [ ОК ] Запускаются службы SMB: [ ОК ] Запускаются службы NMB: [ ОК ] |
|
#smbclient -U testsambauser -L //192.168.16.3
Password: tree connect failed: Call returned zero bytes (EOF) |
|
#smbclient -U testsambauser -L \\192.168.16.3
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem"
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key"
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=idealx,dc=org"
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=Users,${suffix}"
Password:
tree connect failed: Call returned zero bytes (EOF)
107,10 36%
|
|
#smbclient -U testsambauser -L //192.168.16.3/testsambauser
# Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Password: Interupted by signal. ux3:~ |
|
#smbclient -U testsambauser //192.168.16.3/testsambauser
Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) |
|
#smbclient //192.168.16.3/testsambauser -Utestsambauser
Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) |
|
#ps ax | grep screen
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key"
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=idealx,dc=org"
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=Users,${suffix}"
5042 ? S 0:02 xscreensaver -nosplash
14404 pts/3 S+ 0:00 screen
14462 pts/1 S+ 0:00 screen -x
16784 pts/13 S+ 0:00 screen -x
18390 pts/17 S+ 0:00 grep screen
107,10 36%
|
|
#testpasrm -sv | grep security
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 bash: testpasrm: command not found |
|
#testparm -sv | grep security
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
security = USER
paranoid server security = Yes
security mask = 0777
force security mode = 00
directory security mask = 0777
force directory security mode = 00
|
|
#vim /etc/samba/smb.conf
|
|
#smbclient //localhost/testsambauser -Utestsambauser
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#vim /etc/smbldap-tools/smbldap.conf
86c86 < verify="require" --- > #verify="require" 90c90,91 < cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem" --- > > #cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem" 94c95 < clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem" --- > #clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem" 98c99 < clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key" --- > #clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key" 186c187 < #userSmbHome="\\PDC-SRV\%U" --- > userSmbHome="\\LINUX3\%U" 192c193 < #userProfile="\\PDC-SRV\profiles\%U" --- > userProfile="\\LINUX3\profiles\%U" 197c198 < #userHomeDrive="H:" --- > userHomeDrive="H:" 203c204 < #userScript="logon.bat" --- > userScript="logon.bat" |
|
#/etc/init.d/smb restart
Останавливаются службы SMB: [ ОК ] Останавливаются службы NMB: [ ОК ] Запускаются службы SMB: [ ОК ] Запускаются службы NMB: [ ОК ] |
|
#smbclient //localhost/testsambauser -Utestsambauser
Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#smbclient //192.168.16.3/testsambauser -Utestsambauser
Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) |
|
#/etc/init.d/smb restart
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)
# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
Останавливаются службы SMB:
[ ОК ]
Останавливаются службы NMB: [ ОК ]
Запускаются службы SMB: [ ОК ]
Запускаются службы NMB: [ ОК ]
|
|
#vim /etc/samba/smb.conf
|
|
#/etc/init.d/smb restart
Останавливаются службы SMB: [ ОК ] Останавливаются службы NMB: [ ОК ] Запускаются службы SMB: [ ОК ] Запускаются службы NMB: [ ОК ] |
|
#smbclient //192.168.16.3/testsambauser -Utestsambauser
Error connecting to 192.168.16.3 (В соединении отказано) Connection to 192.168.16.3 failed |
|
#smbclient //192.168.16.3/testsambauser -Utestsambauser
Error connecting to 192.168.16.3 (В соединении отказано) Connection to 192.168.16.3 failed |
|
#smbclient //192.168.16.3/testsambauser -Utestsambauser
Error connecting to 192.168.16.3 (В соединении отказано) Connection to 192.168.16.3 failed |
|
#smbclient //localhost/testsambauser -Utestsambauser
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Error connecting to 127.0.0.1 (В соединении отказано) Connection to localhost failed |
|
#tail -f /var/log/samba/log.smbd
TECH(3) current master browser = DEBIAN
TECHLOCAL(2) current master browser = DEBIAN1
MYDCLOCAL(1) current master browser = LINUX3
LINUX3 408c9b0b (Samba Server)
[2007/12/14 16:03:47, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for MYDCLOCAL on subnet 192.168.16.3: found.
[2007/12/14 16:03:47, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282)
dump_workgroups()
dump workgroup on subnet 192.168.16.3: netmask= 255.255.255.0:
TECH(3) current master browser = DEBIAN
...
-- ВСТАВКА -- 228,1 99%
Password:
Server not using user level security and no password supplied.
tree connect failed: Call returned zero bytes (EOF)
[root@linux3:~]# smbclient //192.168.16.3/testsambauser -Utestsambauser
Password:
Server not using user level security and no password supplied.
tree connect failed: Call returned zero bytes (EOF)
[root@linux3:~]#
-----------------------------------------------------------------------------------------------------
|
|
#smbclient //localhost/testsambauser -Utestsambauser
Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#smbclient //192.168.16.3/testsambauser -Utestsambauser
# ############################################################################## # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but # prefer Crypt::SmbHash library with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) # but prefer Crypt:: libraries with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" ... -- ВСТАВКА -- 228,1 99% Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) [root@linux3:~]# smbclient //192.168.16.3/testsambauser -Utestsambauser Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) [root@linux3:~]# ----------------------------------------------------------------------------------------------------- |
|
#less /var/log/secure
|
|
#q
bash: q: command not found |
|
#smbclient //192.168.16.3/testsambauser -Utestsambauser
# just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Password: Anonymous login successful Domain=[MYDCLOCAL] OS=[Unix] Server=[Samba 3.0.24-1.110asp] tree connect failed: NT_STATUS_ACCESS_DENIED |
|
#smbclient //192.168.16.3/testsambauser
Password: Anonymous login successful Domain=[MYDCLOCAL] OS=[Unix] Server=[Samba 3.0.24-1.110asp] tree connect failed: NT_STATUS_ACCESS_DENIED |
|
#su - testsambauser
Server Comment
--------- -------
LINUX3 Samba Server
Workgroup Master
--------- -------
MYDCLOCAL LINUX3
SVSLOCAL DEBIAN2
TECH DEBIAN
TECHLOCAL DEBIAN1
-bash-3.00$ exit
logout
|
|
#smbclient //192.168.16.3/testsambauser -U testsambauser
Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#ldappasswd -x -D "cn=admin,dc=mydc,dc=local" -w rootpass -s rootpass uid=testt,ou=U
ssh 127.0.0.1 -l testt
sers,dc=mydc,dc=local
|
|
#ldappasswd -x -D "cn=admin,dc=mydc,dc=local" -w rootpass -s rootpass uid=testt,ou=
|
|
#smbclient //192.168.16.3/testsambauser -U testsambauser
Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#smbldap-passwd --help
# Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 (c) Jerome Tournier - IDEALX 2004 (http://www.idealx.com)- Licensed under the GPL Usage: /usr/sbin/smbldap-passwd [options] [username] -h, -?, --help show this help message -s update only samba password -u update only UNIX password |
|
#smbldap-passwd testsambauser
Changing UNIX password for testsambauser New password: Retype new password: |
|
#smbclient //192.168.16.3/testsambauser -U testsambauser
Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#smbclient -L //192.168.16.3 -U testsambauser
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#ssh 127.0.0.1 -l testsambauser
# . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 testsambauser@127.0.0.1's password: Permission denied, please try again. testsambauser@127.0.0.1's password: Permission denied, please try again. testsambauser@127.0.0.1's password: Permission denied (publickey,gssapi-with-mic,password). |
|
#ssh 127.0.0.1 -l testuser
testuser@127.0.0.1's password: Last login: Fri Dec 14 12:53:13 2007 from localhost.localdomain -bash-3.00$ exit logout Connection to 127.0.0.1 closed. |
|
#slapcat | grep testsambauser
# . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 dn: uid=testsambauser,ou=Users,dc=mydc,dc=local cn: testsambauser sn: testsambauser givenName: testsambauser uid: testsambauser homeDirectory: /home/testsambauser |
|
#slapcat | less
|
|
#smbclient -L //192.168.16.3 -U testuser
Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#smbldap-
# Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 smbldap-groupadd smbldap-groupshow smbldap-tools.spec smbldap-userinfo smbldap-groupdel smbldap-passwd smbldap-useradd smbldap-usermod smbldap-groupmod smbldap-populate smbldap-userdel smbldap-usershow |
|
#smbldap-passwd testuser
Changing UNIX password for testuser New password: Retype new password: |
|
#smbclient -L //192.168.16.3 -U testuser
Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#ssh 127.0.0.1 -l testuser
LINUX3 Samba Server
Workgroup Master
--------- -------
MYDCLOCAL LINUX3
SVSLOCAL DEBIAN2
TECH DEBIAN
TECHLOCAL DEBIAN1
WORKGROUP STUDENT1
-bash-3.00$ exit
logout
Connection to 127.0.0.1 closed.
|
|
#man smbclient
|
|
#man smbclient
|
|
#smbclient -L //192.168.16.3 rootpass -Utestuser
rootpass: Not enough '\' characters in service
Использование: [-?] [-?EgV] [-?EgV] [-?EgVNkP] [-?|--help] [--usage] [-R|--name-resolve NAME-RESOLVE-ORDER]
[-M|--message HOST] [-I|--ip-address IP] [-E|--stderr] [-L|--list HOST]
[-t|--terminal CODE] [-m|--max-protocol LEVEL] [-T|--tar <c|x>IXFqgbNan]
[-D|--directory DIR] [-c|--command STRING] [-b|--send-buffer BYTES]
[-p|--port PORT] [-g|--grepable] [-d|--debuglevel DEBUGLEVEL]
[-s|--configfile CONFIGFILE] [-l|--log-basename LOGFILEBASE]
[-V|--version] [-O|--socket-options SOCKETOPTIONS]
[-n|--netbiosname NETBIOSNAME] [-W|--workgroup WORKGROUP]
[-i|--scope SCOPE] [-U|--user USERNAME] [-N|--no-pass] [-k|--kerberos]
[-A|--authentication-file FILE] [-S|--signing on|off|required]
[-P|--machine-pass] service <password>
|
|
#smbclient -L //192.168.16.3 -Utestuser rootpass
rootpass: Not enough '\' characters in service
Использование: [-?] [-?EgV] [-?EgV] [-?EgVNkP] [-?|--help] [--usage] [-R|--name-resolve NAME-RESOLVE-ORDER]
[-M|--message HOST] [-I|--ip-address IP] [-E|--stderr] [-L|--list HOST]
[-t|--terminal CODE] [-m|--max-protocol LEVEL] [-T|--tar <c|x>IXFqgbNan]
[-D|--directory DIR] [-c|--command STRING] [-b|--send-buffer BYTES]
[-p|--port PORT] [-g|--grepable] [-d|--debuglevel DEBUGLEVEL]
[-s|--configfile CONFIGFILE] [-l|--log-basename LOGFILEBASE]
[-V|--version] [-O|--socket-options SOCKETOPTIONS]
[-n|--netbiosname NETBIOSNAME] [-W|--workgroup WORKGROUP]
[-i|--scope SCOPE] [-U|--user USERNAME] [-N|--no-pass] [-k|--kerberos]
[-A|--authentication-file FILE] [-S|--signing on|off|required]
[-P|--machine-pass] service <password>
|
|
#smbclient -L \\192.168.16.3 -Utestuser rootpass
rootpass: Not enough '\' characters in service
Использование: [-?] [-?EgV] [-?EgV] [-?EgVNkP] [-?|--help] [--usage] [-R|--name-resolve NAME-RESOLVE-ORDER]
[-M|--message HOST] [-I|--ip-address IP] [-E|--stderr] [-L|--list HOST]
[-t|--terminal CODE] [-m|--max-protocol LEVEL] [-T|--tar <c|x>IXFqgbNan]
[-D|--directory DIR] [-c|--command STRING] [-b|--send-buffer BYTES]
[-p|--port PORT] [-g|--grepable] [-d|--debuglevel DEBUGLEVEL]
[-s|--configfile CONFIGFILE] [-l|--log-basename LOGFILEBASE]
[-V|--version] [-O|--socket-options SOCKETOPTIONS]
[-n|--netbiosname NETBIOSNAME] [-W|--workgroup WORKGROUP]
[-i|--scope SCOPE] [-U|--user USERNAME] [-N|--no-pass] [-k|--kerberos]
[-A|--authentication-file FILE] [-S|--signing on|off|required]
[-P|--machine-pass] service <password>
|
|
#smbclient -L \\192.168.16.3 -U testuser rootpass
rootpass: Not enough '\' characters in service
Использование: [-?] [-?EgV] [-?EgV] [-?EgVNkP] [-?|--help] [--usage] [-R|--name-resolve NAME-RESOLVE-ORDER]
[-M|--message HOST] [-I|--ip-address IP] [-E|--stderr] [-L|--list HOST]
[-t|--terminal CODE] [-m|--max-protocol LEVEL] [-T|--tar <c|x>IXFqgbNan]
[-D|--directory DIR] [-c|--command STRING] [-b|--send-buffer BYTES]
[-p|--port PORT] [-g|--grepable] [-d|--debuglevel DEBUGLEVEL]
[-s|--configfile CONFIGFILE] [-l|--log-basename LOGFILEBASE]
[-V|--version] [-O|--socket-options SOCKETOPTIONS]
[-n|--netbiosname NETBIOSNAME] [-W|--workgroup WORKGROUP]
[-i|--scope SCOPE] [-U|--user USERNAME] [-N|--no-pass] [-k|--kerberos]
[-A|--authentication-file FILE] [-S|--signing on|off|required]
[-P|--machine-pass] service <password>
|
|
#smbclient -L \\192.168.16.3 -U testuser rootpass -d 5
INFO: Current debug levels:
all: True/5
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
...
[-M|--message HOST] [-I|--ip-address IP] [-E|--stderr] [-L|--list HOST]
[-t|--terminal CODE] [-m|--max-protocol LEVEL] [-T|--tar <c|x>IXFqgbNan]
[-D|--directory DIR] [-c|--command STRING] [-b|--send-buffer BYTES]
[-p|--port PORT] [-g|--grepable] [-d|--debuglevel DEBUGLEVEL]
[-s|--configfile CONFIGFILE] [-l|--log-basename LOGFILEBASE]
[-V|--version] [-O|--socket-options SOCKETOPTIONS]
[-n|--netbiosname NETBIOSNAME] [-W|--workgroup WORKGROUP]
[-i|--scope SCOPE] [-U|--user USERNAME] [-N|--no-pass] [-k|--kerberos]
[-A|--authentication-file FILE] [-S|--signing on|off|required]
[-P|--machine-pass] service <password>
|
|
#smbclient \\192.168.16.3\testuser -U testuser rootpass -d 5
\192.168.16.3testuser: Not enough '\' characters in service
Использование: [-?] [-?EgV] [-?EgV] [-?EgVNkP] [-?|--help] [--usage] [-R|--name-resolve NAME-RESOLVE-ORDER]
[-M|--message HOST] [-I|--ip-address IP] [-E|--stderr] [-L|--list HOST]
[-t|--terminal CODE] [-m|--max-protocol LEVEL] [-T|--tar <c|x>IXFqgbNan]
[-D|--directory DIR] [-c|--command STRING] [-b|--send-buffer BYTES]
[-p|--port PORT] [-g|--grepable] [-d|--debuglevel DEBUGLEVEL]
[-s|--configfile CONFIGFILE] [-l|--log-basename LOGFILEBASE]
[-V|--version] [-O|--socket-options SOCKETOPTIONS]
[-n|--netbiosname NETBIOSNAME] [-W|--workgroup WORKGROUP]
[-i|--scope SCOPE] [-U|--user USERNAME] [-N|--no-pass] [-k|--kerberos]
[-A|--authentication-file FILE] [-S|--signing on|off|required]
[-P|--machine-pass] service <password>
|
|
#smbclient //192.168.16.3/testuser -U testuser
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#less /var/log/messages
|
|
#less /var/log/samba/smbd.log
|
|
#less /var/log/samba/smbd.log
|
|
#less /var/log/samba/log.smbd
|
|
#smbclient //192.168.16.3/testuser -U testuser -p rootpass
Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#smbclient \\\\192.168.16.3\\testuser -Utestuser
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#rpm -qa | grep samba
############################################################################## # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but # prefer Crypt::SmbHash library with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) # but prefer Crypt:: libraries with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" # comment out the following line to get rid of the default banner ... -- ВСТАВКА -- 228,1 99% Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) [root@linux3:~]# smbclient //192.168.16.3/testsambauser -Utestsambauser Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) [root@linux3:~]# ----------------------------------------------------------------------------------------------------- |
|
#smbpasswd -a testuser
# Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 New SMB password: Retype new SMB password: Added user testuser. |
|
#smbclient \\\\192.168.16.3\\testuser -Utestuser
Password: session setup failed: Call timed out: server did not respond after 20000 milliseconds |
|
#smbclient \\\\192.168.16.3\\testuser -Utestuser
# (typically a replication directory)
# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
Password:
Domain=[MYDCLOCAL] OS=[Unix] Server=[Samba 3.0.24-1.110asp]
smb: \> ls
. D 0 Fri Dec 14 12:06:00 2007
.. D 0 Fri Dec 14 15:36:35 2007
64253 blocks of size 16384. 61266 blocks available
smb: \> quit
|
|
#testparm -sv | less
|
|
#ls /etc/sa
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 samba/ sane.d/ |
|
#ls /etc/sa
samba/ sane.d/ |
|
#ls /etc/samba/
lmhosts secrets.tdb smb.conf smb.conf.rpmnew smbusers |
|
#ls -lh /etc/samba/
# prefer Crypt::SmbHash library with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) # but prefer Crypt:: libraries with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" # comment out the following line to get rid of the default banner # no_banner="1" итого 40K ... -- ВСТАВКА -- 228,1 99% Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) [root@linux3:~]# smbclient //192.168.16.3/testsambauser -Utestsambauser Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) [root@linux3:~]# ----------------------------------------------------------------------------------------------------- |
|
#ls -lht /etc/samba/
итого 40K -rw-r--r-- 1 root root 12K Дек 14 16:01 smb.conf -rw------- 1 root root 8,0K Дек 14 02:02 secrets.tdb -rw-r--r-- 1 root root 20 Фев 12 2007 lmhosts -rw-r--r-- 1 root root 9,6K Фев 12 2007 smb.conf.rpmnew -rw-r--r-- 1 root root 97 Фев 12 2007 smbusers |
|
#cat /etc/samba/smbusers
# Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest |
|
#ls -l /var/lib/s
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 scrollkeeper/ slocate/ |
|
#smbclient \\\\192.168.16.3\\testuser -Utestuser
Password:
Domain=[MYDCLOCAL] OS=[Unix] Server=[Samba 3.0.24-1.110asp]
smb: \>
smb: \>
smb: \>
smb: \> ls -la
NT_STATUS_NO_SUCH_FILE listing \-la
64253 blocks of size 16384. 61264 blocks available
smb: \> exut
exut: command not found
smb: \> exit
|
|
#smbclient \\\\192.168.16.3\\testsambauser -Utestsambauser
Password: session setup failed: NT_STATUS_LOGON_FAILURE |
|
#smbpasswd -a testsambauser
############################################################################## # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but # prefer Crypt::SmbHash library with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) # but prefer Crypt:: libraries with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" # comment out the following line to get rid of the default banner ... -- ВСТАВКА -- 228,1 99% Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) [root@linux3:~]# smbclient //192.168.16.3/testsambauser -Utestsambauser Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) [root@linux3:~]# ----------------------------------------------------------------------------------------------------- |
|
#smbclient \\\\192.168.16.3\\testsambauser -Utestsambauser
# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
Password:
Domain=[MYDCLOCAL] OS=[Unix] Server=[Samba 3.0.24-1.110asp]
smb: \> ls
. D 0 Fri Dec 14 16:07:51 2007
.. D 0 Fri Dec 14 15:36:35 2007
.bash_history H 214 Fri Dec 14 16:07:51 2007
64253 blocks of size 16384. 61264 blocks available
smb: \> exit
|
# Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest
| Время первой команды журнала | 15:37:25 2007-12-14 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 16:29:06 2007-12-14 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 101 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 42.57 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 0.99 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 0.86 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 1.95 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008