Samba Ldap Rhel4

  • 981 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
981
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
36
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Samba and LDAP in 30 Minutes Configuring LDAP and a Samba-PDC on RHEL4 by Jens Kühnel Bad Vilbel, Germany freelance SuSE- and RedHat-Trainer book author „Samba 3 - Wanderer zwischen den Welten“ Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 2. Overview ● LDAP – Schema – slapd.conf ● smbldap-tools – smbldap_conf.pm – smbldap-populate.pl ● Samba – smb.conf Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 3. LDAP-Schema ● The „Building-Plan“ has to be updated cp /usr/share/doc/samba-3.0.*/LDAP/samba.schema /etc/openldap/schema/samba.schema ● Add the Schema to /etc/openldap/slapd.conf include /etc/openldap/schema/samba.schema Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 4. Add Access-Rights in slapd.conf access to attrs=userPassword,sambaLMPassword, sambaNTPassword,shadowLastChange by dn.children="ou=admin,dc=example,dc=com" write by self write by anonymous auth by * none access to * by dn.children="ou=admin,dc=example,dc=com" write by * read Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 5. suffix and root Account in slapd.conf ● Adjust suffix and rootdn: suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" ● Use the programm slappasswd to create password-hash: rootpw {SSHA}GLYiF62wn1O6iHYJCHDriCSjFGj Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 6. Speedup with Indexing ● Indexing improves Speed index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 7. Smbldap-tools ● Put in File ~/.rpmmarcos: %_solve_pkgsdir http://192.168.0.2/rhel4/RedHat/RPMS/ %_solve_name_fmt %{?_solve_pkgsdir}%%{NAME}- %%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm ● Installing smbldap-tools rpm -ivh --aid http://www.kuehnel.org/smbldap-tools.rpm Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 8. Smbldap_conf.pm ● Change the SID – Take the output of net getlocalsid and add it like: $SID='S-1-5-21-3516781642-1962875130-3438800523'; ● Change Suffix and Login – $suffix – $binddn – $bindpasswd Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 9. Start LDAP and populate ● Start LDAP /etc/init.d/ldap start ● Create the LDAP-Groups and -Users smbldap-populate.pl Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 10. Create a Admin-Account-File ldapadd -cxW -D „cn=Manager,dc=....“ Password: securePassword dn: ou=admin,dc=example,dc=com objectclass: organizationalUnit ou: admin dn: cn=samba,ou=admin,dc=example,dc=com objectclass: person cn: samba sn: Samba-Admin-User userPassword: verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 11. Using LDAP as a Auth-Source ● Authconfig – Add LDAP as both User- and Password-Source authconfig --enableldap --enableldapauth --ldapserver=127.0.0.1 --ldapbasedn=dc=example,dc=com Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 12. Adding Samba ● Adjusting the following options – Workgroup=Domainname – Ldap admin=cn=samba,ou=admin,.... – Ldap suffix=.... ● Add the following options: – Passdb backend=ldapsam:ldap://127.0.0.1/ – Domain master = yes – Domain logon = yes – Ldap {group,user,machine} suffix = ou={Groups,People,Computers} Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 13. Automatic Adding to the LDAP ● add user script = /usr/sbin/smbldap-useradd.pl -m %u ● delete user script = /usr/sbin/smbldap-userdel.pl -r %u ● add machine script = /usr/sbin/smbldap-useradd.pl -w %u ● add group script = /usr/sbin/smbldap-groupadd.pl -a %g ● delete group script = /usr/sbin/smbldap-groupscript.pl %g ● add user to group script = /usr/sbin/smbldap-groupmod.pl -m %u %g ● delete user from group script = /usr/sbin/smbldap- groupmod.pl -x %u %g Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 14. LDAP-Password ● Giving Samba the right to write into the LDAP- Directory ● smbpasswd -w verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 15. Ready to join ● Old version you need root with a SMB password ● With newer Versions you need to add rights to your account Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia