Professional Documents
Culture Documents
Samba LDAP PDC Complete Tutorial
Samba LDAP PDC Complete Tutorial
################################################################################
################################
Step 1: DNS Service
a. Install
#cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
192.168.44.150 server.hbn.local
server
127.0.0.1
localhost.localdomain localhost
::1
localhost6.localdomain6 localhost6
#yum install -y bind-chroot
#chmod 755 -R /var/named/
#cp /usr/share/doc/bind-*/sample/var/named/named.local /var/named/chroot/var/nam
ed/
#cp /usr/share/doc/bind-*/sample/var/named/named.root /var/named/chroot/var/name
d/
#cp /usr/share/doc/bind-*/sample/var/named/localhost.zone /var/named/chroot/var/
named/
#touch /var/named/chroot/etc/named.conf
#chkconfig --level 35 named on
#service named start
b.Configuration:
#vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
forwarders {203.162.0.181; 203.162.0.11; 210.245.0.11; 210.245.0.58; 208
.67.222.222; 208.67.220.220; 8.8.8.8; 8.8.4.4;};
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "44.168.192.in-addr.arpa" IN {
type master;
file "192.168.44.0.db";
};
zone "hbn.local" {
type master;
file "hbn.local";
};
save and quit
# cd /var/named/chroot/var/named/
#vim 192.168.44.0.db
$TTL
86400
@
IN
SOA
hbn.local. root.hbn.local.
1997022700 ;
28800
;
14400
;
3600000
;
86400 )
;
IN
NS
ns1.hbn.local.
100
IN
PTR
dns.hbn.local.
250
IN
PTR
#vim hbn.local
$TTL 14400
@
IN
SOA
IN
IN
root.hbn.local.
NS
NS
ftp
hbn.local.
localhost
mail
pop
smtp
www
dns
ldap
winxp
hbn.local.
IN
IN
IN
IN
IN
IN
IN
IN
IN
IN
IN
hbn.local.
14400
(
Serial
Refresh
Retry
Expire
Minimum
winxp.hbn.local.
hostmaster.hbn.local. (
2009102800
14400
3600
1209600
86400 )
hbn.local.
hbn.local.
A
A
A
A
A
A
A
A
A
A
MX
IN
192.168.44.150
192.168.44.150
127.0.0.1
192.168.44.150
192.168.44.150
192.168.44.150
192.168.44.150
192.168.44.150
192.168.44.150
192.168.44.250
10 mail
TXT
# vim /etc/resolv.conf
search hbn.local
nameserver 192.168.44.150
nameserver 192.168.44.2
c.Test:
# nslookup
> hbn.local
Server:
192.168.44.150
Address:
192.168.44.150#53
Name: hbn.local
Address: 192.168.44.150
> dns.hbn.local
Server:
192.168.44.150
Address:
192.168.44.150#53
Name: dns.hbn.local
Address: 192.168.44.150
> winxp.hbn.local
Server:
Address:
192.168.44.150
192.168.44.150#53
Name: winxp.hbn.local
Address: 192.168.44.250
> ldap.hbn.local
Server:
192.168.44.150
Address:
192.168.44.150#53
Name: ldap.hbn.local
Address: 192.168.44.150
> exit
################################################################################
################################
Step 2: PDC with LDAP - Samba
a.Install
Add Dag repository
#wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
#rpm --import RPM-GPG-KEY.dag.txt
#rm -f RPM-GPG-KEY.dag.txt
#vim /etc/yum.repos.d/dag.repo
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el5/en/$basearch/dag/
gpgcheck=1
enabled=0
#yum --enablerepo=dag install -y openldap openldap-clients openldap-devel openld
ap-servers openldap-clients compat-openldap python-ldap ldapjdk php-ldap nss_lda
p samba samba-common samba-client perl-Crypt-SmbHash perl-Digest-SHA1 perl-Jcode
perl-Unicode-Map perl-Unicode-Map8 perl-Unicode-MapUTF8 perl-Unicode-String smb
ldap-tools
#cp /usr/share/doc/samba-3.0.33/LDAP/samba.schema /etc/openldap/schema/
# cd /etc/openldap/
# vim slapd.conf
include
include
include
include
include
/etc/openldap/schema/core.schema
/etc/openldap/schema/cosine.schema
/etc/openldap/schema/inetorgperson.schema
/etc/openldap/schema/nis.schema
/etc/openldap/schema/samba.schema
/var/run/openldap/slapd.pid
/var/run/openldap/slapd.args
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
# Indices to maintain for this database
index
index
index
index
index
index
objectClass
eq,pres
ou,cn,mail,surname,givenname
eq,pres,sub
uidNumber,gidNumber,loginShell
eq,pres
uid,memberUid
eq,pres,sub
nisMapName,nisMapEntry
eq,pres,sub
sambaSID,sambaPrimaryGroupSID,sambaDomainName
database
suffix
rootdn
bdb
"dc=hbn,dc=local"
"cn=Manager,dc=hbn,dc=local"
rootpw
# rootpw
123456
directory
/var/lib/ldap
eq
{crypt}ijFYNcSNctBYg
by
by
by
by
dn="cn=smbldap-tools,ou=DSA,dc=hbn,dc=local" write
dn="uid=root,ou=People,dc=hbn,dc=local" write
self read
* none
# General Configuration
#
##############################################################################
SID="S-1-5-21-3926925045-1584093657-3115473201"
sambaDomain="hbn.local"
##############################################################################
#
# LDAP Configuration
#
##############################################################################
slaveLDAP="127.0.0.1"
# Slave LDAP port
slavePort="389"
# Master LDAP server: needed for write operations
masterLDAP="127.0.0.1"
# Master LDAP port
masterPort="389"
suffix="dc=hbn,dc=local"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=hbn.local,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
ldapTLS="0"
and
userSmbHome="\\PDC-SRV\%U"
userProfile="\\PDC-SRV\profiles\%U"
----------------------------------------------------------------------------------Samba config:
#vim /etc/samba/smb.conf
[global]
workgroup = hbn.local
netbios name = HBN
enable privileges = yes
#interfaces = 192.168.1.131
username map = /etc/samba/smbusers
server string = samba-ldap-pdc
security = user
script = logon.bat
drive =
home =
path =
new
new
new
new
new
new
new
new
new
new
new
new
new
new
new
new
new
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
entry:
dc=hbn,dc=local
ou=Users,dc=hbn,dc=local
ou=Groups,dc=hbn,dc=local
ou=Computers,dc=hbn,dc=local
ou=Idmap,dc=hbn,dc=local
uid=root,ou=Users,dc=hbn,dc=local
uid=nobody,ou=Users,dc=hbn,dc=local
cn=Domain Admins,ou=Groups,dc=hbn,dc=local
cn=Domain Users,ou=Groups,dc=hbn,dc=local
cn=Domain Guests,ou=Groups,dc=hbn,dc=local
cn=Domain Computers,ou=Groups,dc=hbn,dc=local
cn=Administrators,ou=Groups,dc=hbn,dc=local
cn=Account Operators,ou=Groups,dc=hbn,dc=local
cn=Print Operators,ou=Groups,dc=hbn,dc=local
cn=Backup Operators,ou=Groups,dc=hbn,dc=local
cn=Replicators,ou=Groups,dc=hbn,dc=local
sambaDomainName=hbn.local,dc=hbn,dc=local
# vim dsa.ldif
dn: ou=DSA,dc=hbn,dc=local
objectClass: top
objectClass: organizationalUnit
ou: DSA
description: security accounts for LDAP clients
dn: cn=samba,ou=DSA,dc=hbn,dc=local
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: sambasecretpwd
cn: samba
dn: cn=nssldap,ou=DSA,dc=hbn,dc=local
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: nssldapsecretpwd
cn: nssldap
dn: cn=smbtools,ou=DSA,dc=hbn,dc=local
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: smbtoolssecretpwd
cn: smbtools
# ldapadd -x -h localhost -D "cn=Manager,dc=hbn,dc=local" -f dsa.ldif -W
Enter LDAP Password:
adding new entry "ou=DSA,dc=hbn,dc=local"
adding new entry "cn=samba,ou=DSA,dc=hbn,dc=local"
adding new entry "cn=nssldap,ou=DSA,dc=hbn,dc=local"
adding new entry "cn=smbtools,ou=DSA,dc=hbn,dc=local"
#ldappasswd -x -h localhost -D "cn=Manager,dc=hbn,dc=local" -s password -W cn=sa
mba,ou=DSA,dc=hbn,dc=local
# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
Now create a samba user account for UNIX and SAMBA
# smbldap-useradd -a -m namhb
# smbldap-passwd namhb
Changing UNIX and samba passwords for namhb
New password:
Retype new password:
Now create a machine trust account
# smbldap-useradd -w winxp
Finish
Thanks