Your SlideShare is downloading. ×
0
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Samba Ldap Rhel4
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Samba Ldap Rhel4

1,039

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,039
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
39
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Samba and LDAP in 30 Minutes Configuring LDAP and a Samba-PDC on RHEL4 by Jens Kühnel Bad Vilbel, Germany freelance SuSE- and RedHat-Trainer book author „Samba 3 - Wanderer zwischen den Welten“ Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 2. Overview ● LDAP – Schema – slapd.conf ● smbldap-tools – smbldap_conf.pm – smbldap-populate.pl ● Samba – smb.conf Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 3. LDAP-Schema ● The „Building-Plan“ has to be updated cp /usr/share/doc/samba-3.0.*/LDAP/samba.schema /etc/openldap/schema/samba.schema ● Add the Schema to /etc/openldap/slapd.conf include /etc/openldap/schema/samba.schema Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 4. Add Access-Rights in slapd.conf access to attrs=userPassword,sambaLMPassword, sambaNTPassword,shadowLastChange by dn.children="ou=admin,dc=example,dc=com" write by self write by anonymous auth by * none access to * by dn.children="ou=admin,dc=example,dc=com" write by * read Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 5. suffix and root Account in slapd.conf ● Adjust suffix and rootdn: suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" ● Use the programm slappasswd to create password-hash: rootpw {SSHA}GLYiF62wn1O6iHYJCHDriCSjFGj Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 6. Speedup with Indexing ● Indexing improves Speed index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 7. Smbldap-tools ● Put in File ~/.rpmmarcos: %_solve_pkgsdir http://192.168.0.2/rhel4/RedHat/RPMS/ %_solve_name_fmt %{?_solve_pkgsdir}%%{NAME}- %%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm ● Installing smbldap-tools rpm -ivh --aid http://www.kuehnel.org/smbldap-tools.rpm Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 8. Smbldap_conf.pm ● Change the SID – Take the output of net getlocalsid and add it like: $SID='S-1-5-21-3516781642-1962875130-3438800523'; ● Change Suffix and Login – $suffix – $binddn – $bindpasswd Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 9. Start LDAP and populate ● Start LDAP /etc/init.d/ldap start ● Create the LDAP-Groups and -Users smbldap-populate.pl Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 10. Create a Admin-Account-File ldapadd -cxW -D „cn=Manager,dc=....“ Password: securePassword dn: ou=admin,dc=example,dc=com objectclass: organizationalUnit ou: admin dn: cn=samba,ou=admin,dc=example,dc=com objectclass: person cn: samba sn: Samba-Admin-User userPassword: verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 11. Using LDAP as a Auth-Source ● Authconfig – Add LDAP as both User- and Password-Source authconfig --enableldap --enableldapauth --ldapserver=127.0.0.1 --ldapbasedn=dc=example,dc=com Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 12. Adding Samba ● Adjusting the following options – Workgroup=Domainname – Ldap admin=cn=samba,ou=admin,.... – Ldap suffix=.... ● Add the following options: – Passdb backend=ldapsam:ldap://127.0.0.1/ – Domain master = yes – Domain logon = yes – Ldap {group,user,machine} suffix = ou={Groups,People,Computers} Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 13. Automatic Adding to the LDAP ● add user script = /usr/sbin/smbldap-useradd.pl -m %u ● delete user script = /usr/sbin/smbldap-userdel.pl -r %u ● add machine script = /usr/sbin/smbldap-useradd.pl -w %u ● add group script = /usr/sbin/smbldap-groupadd.pl -a %g ● delete group script = /usr/sbin/smbldap-groupscript.pl %g ● add user to group script = /usr/sbin/smbldap-groupmod.pl -m %u %g ● delete user from group script = /usr/sbin/smbldap- groupmod.pl -x %u %g Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 14. LDAP-Password ● Giving Samba the right to write into the LDAP- Directory ● smbpasswd -w verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 15. Ready to join ● Old version you need root with a SMB password ● With newer Versions you need to add rights to your account Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia

×