Samba Ldap Rhel4
Upcoming SlideShare
Loading in...5
×
 

Samba Ldap Rhel4

on

  • 1,655 views

 

Statistics

Views

Total Views
1,655
Views on SlideShare
1,646
Embed Views
9

Actions

Likes
0
Downloads
34
Comments
0

2 Embeds 9

http://www.slideshare.net 8
http://health.medicbd.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Samba Ldap Rhel4 Samba Ldap Rhel4 Presentation Transcript

  • Samba and LDAP in 30 Minutes Configuring LDAP and a Samba-PDC on RHEL4 by Jens Kühnel Bad Vilbel, Germany freelance SuSE- and RedHat-Trainer book author „Samba 3 - Wanderer zwischen den Welten“ Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Overview ● LDAP – Schema – slapd.conf ● smbldap-tools – smbldap_conf.pm – smbldap-populate.pl ● Samba – smb.conf Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • LDAP-Schema ● The „Building-Plan“ has to be updated cp /usr/share/doc/samba-3.0.*/LDAP/samba.schema /etc/openldap/schema/samba.schema ● Add the Schema to /etc/openldap/slapd.conf include /etc/openldap/schema/samba.schema Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Add Access-Rights in slapd.conf access to attrs=userPassword,sambaLMPassword, sambaNTPassword,shadowLastChange by dn.children="ou=admin,dc=example,dc=com" write by self write by anonymous auth by * none access to * by dn.children="ou=admin,dc=example,dc=com" write by * read Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • suffix and root Account in slapd.conf ● Adjust suffix and rootdn: suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" ● Use the programm slappasswd to create password-hash: rootpw {SSHA}GLYiF62wn1O6iHYJCHDriCSjFGj Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Speedup with Indexing ● Indexing improves Speed index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Smbldap-tools ● Put in File ~/.rpmmarcos: %_solve_pkgsdir http://192.168.0.2/rhel4/RedHat/RPMS/ %_solve_name_fmt %{?_solve_pkgsdir}%%{NAME}- %%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm ● Installing smbldap-tools rpm -ivh --aid http://www.kuehnel.org/smbldap-tools.rpm Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Smbldap_conf.pm ● Change the SID – Take the output of net getlocalsid and add it like: $SID='S-1-5-21-3516781642-1962875130-3438800523'; ● Change Suffix and Login – $suffix – $binddn – $bindpasswd Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Start LDAP and populate ● Start LDAP /etc/init.d/ldap start ● Create the LDAP-Groups and -Users smbldap-populate.pl Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Create a Admin-Account-File ldapadd -cxW -D „cn=Manager,dc=....“ Password: securePassword dn: ou=admin,dc=example,dc=com objectclass: organizationalUnit ou: admin dn: cn=samba,ou=admin,dc=example,dc=com objectclass: person cn: samba sn: Samba-Admin-User userPassword: verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Using LDAP as a Auth-Source ● Authconfig – Add LDAP as both User- and Password-Source authconfig --enableldap --enableldapauth --ldapserver=127.0.0.1 --ldapbasedn=dc=example,dc=com Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Adding Samba ● Adjusting the following options – Workgroup=Domainname – Ldap admin=cn=samba,ou=admin,.... – Ldap suffix=.... ● Add the following options: – Passdb backend=ldapsam:ldap://127.0.0.1/ – Domain master = yes – Domain logon = yes – Ldap {group,user,machine} suffix = ou={Groups,People,Computers} Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Automatic Adding to the LDAP ● add user script = /usr/sbin/smbldap-useradd.pl -m %u ● delete user script = /usr/sbin/smbldap-userdel.pl -r %u ● add machine script = /usr/sbin/smbldap-useradd.pl -w %u ● add group script = /usr/sbin/smbldap-groupadd.pl -a %g ● delete group script = /usr/sbin/smbldap-groupscript.pl %g ● add user to group script = /usr/sbin/smbldap-groupmod.pl -m %u %g ● delete user from group script = /usr/sbin/smbldap- groupmod.pl -x %u %g Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • LDAP-Password ● Giving Samba the right to write into the LDAP- Directory ● smbpasswd -w verysecure Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia
  • Ready to join ● Old version you need root with a SMB password ● With newer Versions you need to add rights to your account Copyright Jens Kühnel Bad Vilbel Germany Linuxdays Ljubljana Slovenia