0
Samba and LDAP
                                             in 30 Minutes
                                       Configuri...
Overview
      ●     LDAP
               –    Schema
               –    slapd.conf
      ●     smbldap-tools
            ...
LDAP-Schema
      ●     The „Building-Plan“ has to be updated
      cp /usr/share/doc/samba-3.0.*/LDAP/samba.schema 
     ...
Add Access-Rights in slapd.conf
      access to attrs=userPassword,sambaLMPassword,
        sambaNTPassword,shadowLastChan...
suffix and root Account
                                        in slapd.conf
      ●     Adjust suffix and rootdn:
      ...
Speedup with Indexing
      ●     Indexing improves Speed

      index sambaSID,sambaPrimaryGroupSID,sambaDomainName      ...
Smbldap-tools
      ●     Put in File ~/.rpmmarcos:
      %_solve_pkgsdir http://192.168.0.2/rhel4/RedHat/RPMS/
      %_so...
Smbldap_conf.pm
      ●     Change the SID
               –    Take the output of net getlocalsid and add it like:
       ...
Start LDAP and populate
      ●     Start LDAP
      /etc/init.d/ldap start
      ●     Create the LDAP-Groups and -Users
...
Create a Admin-Account-File
      ldapadd -cxW -D „cn=Manager,dc=....“
      Password: securePassword
      dn: ou=admin,d...
Using LDAP as a Auth-Source
      ●     Authconfig
               –    Add LDAP as both User- and Password-Source
      au...
Adding Samba
      ●     Adjusting the following options
               –    Workgroup=Domainname
               –    Ldap...
Automatic Adding to the LDAP
      ●     add user script = /usr/sbin/smbldap-useradd.pl -m %u
      ●     delete user scri...
LDAP-Password
      ●     Giving Samba the right to write into the LDAP-
            Directory
      ●     smbpasswd -w ve...
Ready to join
      ●     Old version you need root with a SMB password
      ●     With newer Versions you need to add ri...
Upcoming SlideShare
Loading in...5
×

Samba Ldap Rhel4

1,048

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,048
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
39
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Samba Ldap Rhel4"

  1. 1. Samba and LDAP in 30 Minutes Configuring LDAP and a Samba-PDC on RHEL4 by Jens Kühnel Bad Vilbel, Germany freelance SuSE- and RedHat-Trainer book author „Samba 3 - Wanderer zwischen den Welten“ Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  2. 2. Overview ● LDAP – Schema – slapd.conf ● smbldap-tools – smbldap_conf.pm – smbldap-populate.pl ● Samba – smb.conf Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  3. 3. LDAP-Schema ● The „Building-Plan“ has to be updated cp /usr/share/doc/samba-3.0.*/LDAP/samba.schema /etc/openldap/schema/samba.schema ● Add the Schema to /etc/openldap/slapd.conf include /etc/openldap/schema/samba.schema Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  4. 4. Add Access-Rights in slapd.conf access to attrs=userPassword,sambaLMPassword, sambaNTPassword,shadowLastChange by dn.children="ou=admin,dc=example,dc=com" write by self write by anonymous auth by * none access to * by dn.children="ou=admin,dc=example,dc=com" write by * read Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  5. 5. suffix and root Account in slapd.conf ● Adjust suffix and rootdn: suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" ● Use the programm slappasswd to create password-hash: rootpw {SSHA}GLYiF62wn1O6iHYJCHDriCSjFGj Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  6. 6. Speedup with Indexing ● Indexing improves Speed index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  7. 7. Smbldap-tools ● Put in File ~/.rpmmarcos: %_solve_pkgsdir http://192.168.0.2/rhel4/RedHat/RPMS/ %_solve_name_fmt %{?_solve_pkgsdir}%%{NAME}- %%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm ● Installing smbldap-tools rpm -ivh --aid http://www.kuehnel.org/smbldap-tools.rpm Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  8. 8. Smbldap_conf.pm ● Change the SID – Take the output of net getlocalsid and add it like: $SID='S-1-5-21-3516781642-1962875130-3438800523'; ● Change Suffix and Login – $suffix – $binddn – $bindpasswd Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  9. 9. Start LDAP and populate ● Start LDAP /etc/init.d/ldap start ● Create the LDAP-Groups and -Users smbldap-populate.pl Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  10. 10. Create a Admin-Account-File ldapadd -cxW -D „cn=Manager,dc=....“ Password: securePassword dn: ou=admin,dc=example,dc=com objectclass: organizationalUnit ou: admin dn: cn=samba,ou=admin,dc=example,dc=com objectclass: person cn: samba sn: Samba-Admin-User userPassword: verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  11. 11. Using LDAP as a Auth-Source ● Authconfig – Add LDAP as both User- and Password-Source authconfig --enableldap --enableldapauth --ldapserver=127.0.0.1 --ldapbasedn=dc=example,dc=com Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  12. 12. Adding Samba ● Adjusting the following options – Workgroup=Domainname – Ldap admin=cn=samba,ou=admin,.... – Ldap suffix=.... ● Add the following options: – Passdb backend=ldapsam:ldap://127.0.0.1/ – Domain master = yes – Domain logon = yes – Ldap {group,user,machine} suffix = ou={Groups,People,Computers} Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  13. 13. Automatic Adding to the LDAP ● add user script = /usr/sbin/smbldap-useradd.pl -m %u ● delete user script = /usr/sbin/smbldap-userdel.pl -r %u ● add machine script = /usr/sbin/smbldap-useradd.pl -w %u ● add group script = /usr/sbin/smbldap-groupadd.pl -a %g ● delete group script = /usr/sbin/smbldap-groupscript.pl %g ● add user to group script = /usr/sbin/smbldap-groupmod.pl -m %u %g ● delete user from group script = /usr/sbin/smbldap- groupmod.pl -x %u %g Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  14. 14. LDAP-Password ● Giving Samba the right to write into the LDAP- Directory ● smbpasswd -w verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  15. 15. Ready to join ● Old version you need root with a SMB password ● With newer Versions you need to add rights to your account Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×