NiS, Samba + CUPs share

koni32 · 04-20-2019, 09:23 PM

#I apologize for this written 'poem', i can't find "/Hide"-option to hide some of my text here, like in this forum : "Reveal hidden contents"-part.

Hallo everyone,
have few questions about my tasks for school : NIS auth + Samba share + CUPs printer server (from Samba itself).
My systems are : VMs & normal PCs with CentOs 7 on server/client, no Win systems.

Foreword :

Quote:

I know that NIS is old system, but i need to use it as my First Task.

Started from beginning on NiS-server+NFS for sharing "Home"ies on server (base-tut's from here + Google), till now everything "works" fine, created groups/users and i can login on client-PCs with NIS-maps without any troubles. Commands like ypwhich,ypcat... works as well.

NiS Main function is that every user don't have own workplace, they all can login on any PC inside domain/network (something like vendor of a large media store). Finally got NiS/NFS worked in combination with AutoFS. All clients sync their Home-folders to server automatic when they login on any Client PC.

Now with Samba i got 50/50 worked for 'Virtual'-company with next departments/groups:
-Heads-where director and all admins from all departments/groups]
-ICT
-Mark
-Fin
-Pers
-Public Shared Folder - for everyone from this company
-Private Shared Folder - only for "Home"-folders from logged users.

Second Task is to export Samba-shared folders of every department from Server to Client PC, with AutoFS/automount. This is also done, but main trouble is that when for example ICT-admin logs into any client PC - he must see only his shared folders (Public, ICT and Heads-group > because he is admin of ICT-group), or when Marketing employee logs - he must see only Mark and Public-shares.

What i have (tried add "hide unreadable" and/or "access based share enum" options in smb.conf file) is when any user logs in - he see all shares in folder /Samba, which are mounted with AutoFS from Server to Client. But good news is, when i see shares in terminal with : smbclient -L "IP-server" -U "username" -> it shows only shares, where user is member, this is what i need in /Samba-folder.

My question is: is there any possibility to show on client PC limited User-specific Samba-shares through AutoFS? Something with {$USER}-depend script where system looks for options "Valid User" in smb.conf or in NiS-group files on UiD and GiD.

My config files on server :
auto.master

Quote:

/home auto.home --timeout=60 --ghost
/samba auto.samba --timeout=60 --ghost

auto.home

Quote:

* -rw,sync,rsize=16384,wsize=16384,hard,intr,file_mode=0600,dir_mode=0700 "ServerIP":/sambashare/private/&

auto.samba - added conf.lines to "Make"-file.

Quote:

Public_Share -fstype=cifs,rw,credentials=/root/.smb/.${USER},uid=${USER},gid=grpall,file_mode=0660,dir_mode=0770 ://"ServerIP"/public
Group_Heads -fstype=cifs,rw,credentials=/root/.smb/.${USER},uid=${USER},gid=grpheads,file_mode=0660,dir_mode=0770 ://"ServerIP"/groupheads
Group_ICT -fstype=cifs,rw,credentials=/root/.smb/.${USER},uid=${USER},gid=grpict,file_mode=0660,dir_mode=0770 ://"ServerIP"/groupict
Group_Mark -fstype=cifs,rw,credentials=/root/.smb/.${USER},uid=${USER},gid=grpmark,file_mode=0660,dir_mode=0770 ://"ServerIP"/groupmark
Group_Fin -fstype=cifs,rw,credentials=/root/.smb/.${USER},uid=${USER},gid=grpfin,file_mode=0660,dir_mode=0770 ://"ServerIP"/groupfin
Group_Pers -fstype=cifs,rw,credentials=/root/.smb/.${USER},uid=${USER},gid=grppers,file_mode=0660,dir_mode=0770 ://1"ServerIP"/grouppers

/etc/exports

Quote:

/sambashare/private 192.168.1.0/24(rw,sync)

Smb.conf

Quote:

[global]
workgroup = WORKGROUP
security = user
netbios name = nis.project
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
passwd program = /bin/yppasswd %u
domain logons = no
hosts allow = 192.168.1.
access based share enum = yes

[public]
path = /sambashare/public
comment = Public folder for Company
valid users = @grpall
write list = @grpall
force group = grpall
browseable = yes
writeable = yes
guest ok = no
read only = no
create mask = 0660
directory mask = 0770
hide unreadable = no

[groupheads]
path = /sambashare/groupheads
valid users = @grpheads
force group = grpheads
browseable = no
writeable = yes
guest ok = no
read only = no
create mask = 0660
directory mask = 0770
hide unreadable = yes

[groupict]
path = /sambashare/groupict
valid users = @grpict
force group = grpict
browseable = no
writeable = yes
guest ok = no
read only = no
create mask = 0660
directory mask = 0770
hide unreadable = yes
...and so on for other groups with their groupnames and permissions
[groupmark],[groupfin],[grouppers]

On client PCs: normal configuration for NiS,NFS like here descrypted.
Files "credentials" are stored in root-folder with "root:root 0400" permissions. As you can see in auto.samba file, with this configuration it works, but cant get it to work when "credentials" are stored on Server - AutoFS don't see them.

Hope that my Third Task - CUPs-server will be without troubles. Every department must have own printer which is not visible to others. Normally same configuration as above in smb.conf.

Thanks for reading this book

Will be very grateful for any help.
With best regards.