BackUp сервер в домене на SAMBA

Для бэкапирования больших объёмов информации можно использовать связку из установленной программы на серверах Cobian BackUp 10 и обычного системного блока с дополнительно подключенными винчестерами. Для уменьшения загруженности сети, можно объеденить сервера в гигабитную сеть установив по две сетевые карточки на каждый сервер. Бэкап сервер это расшаренные папки- поднимаем CentOS и настраиваем SAMBA.

Вот конфигурационные файлы моего сервера:

[root@backup samba]# cat smb.conf
[global]
dos charset = CP866
unix charset = UTF-8
display charset = LOCALE
workgroup = ZAV
netbios name = backup
server string = BACKUP SERVER
log file = /var/log/samba/samba.log
max log size = 50
hosts allow = 110.11.224. 192.167.0. 192.168.1. 127.
security = ads
nt acl support = yes
realm = ZAV.LOC
password server = zav-zf.zav.loc
encrypt passwords = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind refresh tickets = true
winbind offline logon = true
winbind enum groups = yes
winbind enum users = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = true
template homedir = /home/%D/%U
template shell = /bin/bash
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
interfaces = eth0 eth1 lo
client use spnego = yes
client signing = yes
local master = no
os level = 33
domain master = no
preferred master = no
name resolve order = hosts wins lmhosts bcast
wins server = 110.11.224.2
dns proxy = no
case sensitive = no
use sendfile = yes
restrict anonymous = no
domain master = no
preferred master = no
max protocol = NT
acl compatibility = winnt
ldap ssl = No


[other]
comment = other backup files
path = /backup/other
browseable = yes
public = yes
writable = yes
write list = administrator, adm
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
read only = no


[full1]
comment = Full backup first week
path = /backup/full1
browseable = yes
public = yes
writable = yes
write list = administrator, adm
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
read only = no


[full2]
comment = Full backup second week
path = /backup/full2
browseable = yes
public = yes
writable = yes
write list = administrator, adm
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
read only = no


[dif1]
comment = Differential backup first week
path = /backup/dif1
browseable = yes
public = yes
writable = yes
write list = administrator, adm
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
read only = no


[dif2]
comment = Differential backup second week
path = /backup/dif2
browseable = yes
public = yes
writable = yes
write list = administrator, adm
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
read only = no


[root@backup samba]# cat smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator adm


[root@backup etc]# cat krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log


[libdefaults]
default_realm = ZAV.LOC
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 240h
forwardable = yes


[realms]
ZAV.LOC = {
kdc = zav-zpd.zav.loc
kdc = zav-zf.zav.loc
admin_server = zav-pd.zav.loc
default_domain = zav.loc
}


[domain_realm]
.zav.loc = ZAV.LOC
zav.loc = ZAV.LOC


[appdefaults]
pam = {
debug = true
ticket_lifetime = 360000
renew_lifetime = 360000
forwardable = true
krb4_convert = false
}


[root@backup etc]# cat nsswitch.conf


passwd: files nisplus winbind
shadow: files nisplus winbind
group: files nisplus winbind


hosts: files nisplus dns


bootparams: nisplus [NOTFOUND=return] files


ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files


netgroup: nisplus


publickey: nisplus


automount: files nisplus
aliases: files nisplus


[root@backup pam.d]# cat system-auth-winbind
#%PAM-1.0
auth required pam_securetty.so
auth required pam_nologin.so
auth sufficient pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login
auth include system-auth-use_first_pass
account sufficient pam_winbind.so
account include system-auth
password sufficient pam_winbind.so
password include system-auth-use_first_pass
# We use pam_mkhomedir to create home dirs for incoming domain users
# Note used umask, it will result in rwxr-x--x access rights
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077

Комментариев нет:

Отправить комментарий