搭建SAMBA环境并使用户可以通过访问网页CHANGEPASSWORD修改密码

yum install samba

vim /etc/samba/smb.conf

[global]
        workgroup = MYGROUP
        security = user
        map to guest = bad user
        log file = /var/log/samba/log.%m
        max log size = 50
#       passdb backend = tdbsam
        pam password change = no
        passdb backend = smbpasswd
        smb passwd file = /usr/local/samba/smbpasswd

#[公共栏]
#path = /data/samba/public
#public = yes
#read only = yes
#write list = @xzb,@hr,@zongcaiban,guzhaohui

[5-交换空间]
path = /data/samba/exchange
public = yes
writable = yes
create mode = 1777
directory mode = 1777

[2-xx科技]
comment = "xx科技文件共享服务器"
path= /data/xxxsheng
public = no
valid users = @zongcaiban,@12xmb,@cpyfb,@cpxtb,@yunyingbu
printable = no
write list = @12xmb,@cpyfb,@cpxtb,@yunyingbu
vfs objects = recycle
recycle:exclude_dir = /home/recycle
recycle:exclude = *.tmp, *.bak, *.o, *.obj, *log, ~$*, *.~??, *.trace
recycle:touch_mtime = yes
recycle:repository = /data/deleted/public
recycle:versions = yes
recycle:keeptree = yes
recycle:maxsize = 0

文件夹全部给777权限，后面用samba来灵活控制权限。

vim add_smb_user.sh

#!/bin/bash
# FileName: add_smb_user.sh
# Useage : sh add_smb_user.sh userlistfile / username:groupname
 
#批量添加用户
add_list(){
	#从userlist中读取用户帐号并循环添加
	cat $1 | while read username_groupname
	do
		username=`echo $username_groupname |awk -F ':' '{print $1}'`
		groupname=`echo $username_groupname |awk -F ':' '{print $2}'`
		groupadd -f $groupname
		useradd -g $groupname $username -s /sbin/nologin
		#添加系统账户和密码 密码和账户名相同
		echo  "$username" | passwd --stdin $username
		#添加samba账户和密码 密码和账户名相同
		(echo $username; echo $username) | smbpasswd -as $username
		if [ 0 = $? ];then
			echo  "$username 系统及samba添加成功!"
		else
			echo  "$username 系统或samba添加成功!"
		fi
	done
}
#单个添加用户
add_one() {
	username=`echo $1 |awk -F ':' '{print $1}'`
	groupname=`echo $1 |awk -F ':' '{print $2}'`
	groupadd -f $groupname
	useradd -g $groupname $username -s /sbin/nologin
	#添加系统账户和密码 密码和账户名相同
	echo  "$username" | passwd --stdin $username &
	#添加samba账户和密码 密码和账户名相同
#	echo  "$username\n$username" | smbpasswd -a $username -s
	(echo $username; echo $username) | smbpasswd -as $username
	if [ 0 = $? ];then
		echo  "$username 系统及samba添加成功!"
	else
		echo  "$username 系统或samba添加失败!"
	fi
}
# 先确认系统安装了samba，如果没有就安装 
#which smbpasswd || apt install -y samba
#如果参数1是文件那么执行批量添加，否则就单个添加
if [ ! -z $1 ];then 
	test -f $1 && (add_list $1) || (add_one $1)  
echo ""&&tail -n5 /etc/passwd &&echo ""&& tail -n5 /etc/shadow &&echo ""&&tail -n5 /usr/local/samba/smbpasswd
	exit 0
else
	echo "参数1未找到。用法： $0 userlistfile / username:groupname"
echo ""&&tail -n5 /etc/passwd &&echo ""&& tail -n5 /etc/shadow &&echo ""&&tail -n5 /usr/local/samba/smbpasswd
	exit 1
fi

用户名文件users.txt

zousiyu:ysylb
zhaolimin:ysylb
liyan:ysylb
yangriwei:cpyfb
qinpengfei:cpyfb
wuyuanhang:12xmb

脚本可以读取文件，批量增加用户，也可以单独增加某个人如

sh add_smb_user.sh user001:group001

注：这里创建samba账户时必须设置系统账户密码，以及smb账户密码

因为changepassword更改密码的机制是，先修改系统账户密码，然后将系统账户密码同步到 /usr/local/samba/smbpasswd SMB密码库文件下。

安装CHANGEPASSWORD程序实现客户端更改密码

上传文件

解压changepassword-0.9.tar.gz并上传到服务器

# tar -zxvf changepassword-0.9.tar.gz

# cd changepassword-0.9

• 安装依赖包

# cd  smbencrypt/

# tar -xzvf libdes-4.04b.tar.gz

# cd des/

# make

# cp libdes.a ../

# cd ../..

• 编译安装CHANGEPASSWORD

创建目录

# mkdir -p /usr/local/apache/htdocs/samba

# mkdir -p /usr/local/samba/s

编译

# ./configure -enable-cgidir=/usr/local/apache/htdocs/samba -enable-language=Chinese -enable-smbpasswd=/usr/local/samba/smbpasswd -disable-squidpasswd  -enable-logo=samba/logo.jpg

注：-enable-cgidir=...                     

# 自定义apache根目录路径

  -enable-language=Chinese                

# 设置页面为简体中文

  -enable-smbpasswd=/etc/samba/smbpasswd  

# 自定义samba密码的库文件

  -disable-squidpasswd                    

# 禁用squid

  -enable-logo=...

# 设置web根目录logo文件,此处的相对路径对应的是apache根目录也就是 samba/logo.jpg对应/usr/local/apache/htdocs/samba/logo.jpg

复制附件中的logo.jpg文件到/usr/local/apache/htdocs/samba/目录

# make && make install

• 安装APR

tar zxvf apr-1.4.6.tar.gz  

cd apr-1.4.6  

./configure --prefix=/usr/local/apr  

make  

make install

如果在编译中出现如下报错

/bin/rm: cannot remove `libtoolT': No such file or directory  编辑文件：vim configure--->将 RM='$RM'修改为 RM='$RM -f'即可。

• 安装APR-UTIL

tar zxvf apr-util-1.5.1.tar.gz  

cd apr-util-1.5.1  

./configure --with-apr=/usr/local/apr  

make  

make install

• 安装APACHE

#tar zxvf httpd-2.2.23.tar.gz  

#cd httpd-2.2.23  

#./configure --prefix=/usr/local/apache --enable-dav --enable-so --enable-maintainer-mode --with-apr=/usr/local/apr/bin/apr-1-config --with-apr-util=/usr/local/apr/bin/apu-1-config  

#make  

#make install

• 设置APACHE支持CGI模块

直接解压文中附件里的httpd.conf复制替换/usr/local/apache/conf/httpd.conf

详情如下：

# vi /usr/local/apache/conf/httpd.conf

搜索cgi 去掉如**释：

--------------

#LoadModule cgid_module modules/mod_cgid.so  #####这个当时没有

AddHandler cgi-script .cgi

--------------

搜索 DocumentRoot,在/usr/local/apache/htdocs类目下找到Options选项，修改为：

--------------

Options Indexes FollowSymLinks ExecCGI

--------------

ServerName  127.0.0.1:80

-----------------

重启服务

# /usr/local/apache/bin/apachectl restart