Samba Ldap Rhel4
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Samba Ldap Rhel4

on

  • 1,699 views

 

Statistics

Views

Total Views
1,699
Views on SlideShare
1,690
Embed Views
9

Actions

Likes
0
Downloads
34
Comments
0

2 Embeds 9

http://www.slideshare.net 8
http://health.medicbd.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Samba Ldap Rhel4 Presentation Transcript

  • 1. Samba and LDAP in 30 Minutes Configuring LDAP and a Samba-PDC on RHEL4 by Jens Kühnel Bad Vilbel, Germany freelance SuSE- and RedHat-Trainer book author „Samba 3 - Wanderer zwischen den Welten“ Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 2. Overview ● LDAP – Schema – slapd.conf ● smbldap-tools – smbldap_conf.pm – smbldap-populate.pl ● Samba – smb.conf Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 3. LDAP-Schema ● The „Building-Plan“ has to be updated cp /usr/share/doc/samba-3.0.*/LDAP/samba.schema /etc/openldap/schema/samba.schema ● Add the Schema to /etc/openldap/slapd.conf include /etc/openldap/schema/samba.schema Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 4. Add Access-Rights in slapd.conf access to attrs=userPassword,sambaLMPassword, sambaNTPassword,shadowLastChange by dn.children="ou=admin,dc=example,dc=com" write by self write by anonymous auth by * none access to * by dn.children="ou=admin,dc=example,dc=com" write by * read Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 5. suffix and root Account in slapd.conf ● Adjust suffix and rootdn: suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" ● Use the programm slappasswd to create password-hash: rootpw {SSHA}GLYiF62wn1O6iHYJCHDriCSjFGj Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 6. Speedup with Indexing ● Indexing improves Speed index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 7. Smbldap-tools ● Put in File ~/.rpmmarcos: %_solve_pkgsdir http://192.168.0.2/rhel4/RedHat/RPMS/ %_solve_name_fmt %{?_solve_pkgsdir}%%{NAME}- %%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm ● Installing smbldap-tools rpm -ivh --aid http://www.kuehnel.org/smbldap-tools.rpm Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 8. Smbldap_conf.pm ● Change the SID – Take the output of net getlocalsid and add it like: $SID='S-1-5-21-3516781642-1962875130-3438800523'; ● Change Suffix and Login – $suffix – $binddn – $bindpasswd Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 9. Start LDAP and populate ● Start LDAP /etc/init.d/ldap start ● Create the LDAP-Groups and -Users smbldap-populate.pl Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 10. Create a Admin-Account-File ldapadd -cxW -D „cn=Manager,dc=....“ Password: securePassword dn: ou=admin,dc=example,dc=com objectclass: organizationalUnit ou: admin dn: cn=samba,ou=admin,dc=example,dc=com objectclass: person cn: samba sn: Samba-Admin-User userPassword: verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 11. Using LDAP as a Auth-Source ● Authconfig – Add LDAP as both User- and Password-Source authconfig --enableldap --enableldapauth --ldapserver=127.0.0.1 --ldapbasedn=dc=example,dc=com Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 12. Adding Samba ● Adjusting the following options – Workgroup=Domainname – Ldap admin=cn=samba,ou=admin,.... – Ldap suffix=.... ● Add the following options: – Passdb backend=ldapsam:ldap://127.0.0.1/ – Domain master = yes – Domain logon = yes – Ldap {group,user,machine} suffix = ou={Groups,People,Computers} Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 13. Automatic Adding to the LDAP ● add user script = /usr/sbin/smbldap-useradd.pl -m %u ● delete user script = /usr/sbin/smbldap-userdel.pl -r %u ● add machine script = /usr/sbin/smbldap-useradd.pl -w %u ● add group script = /usr/sbin/smbldap-groupadd.pl -a %g ● delete group script = /usr/sbin/smbldap-groupscript.pl %g ● add user to group script = /usr/sbin/smbldap-groupmod.pl -m %u %g ● delete user from group script = /usr/sbin/smbldap- groupmod.pl -x %u %g Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 14. LDAP-Password ● Giving Samba the right to write into the LDAP- Directory ● smbpasswd -w verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • 15. Ready to join ● Old version you need root with a SMB password ● With newer Versions you need to add rights to your account Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia