Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
18 views8 pages

Samba Ldap

The document provides a comprehensive guide on installing and configuring Samba and OpenLDAP, including steps for setting up user groups and shared folders. It details commands for installing necessary packages, configuring LDAP settings, and modifying Samba configuration files. Additionally, it includes instructions for adding users and groups, as well as creating shared directories with appropriate permissions.

Uploaded by

6204576707rup
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views8 pages

Samba Ldap

The document provides a comprehensive guide on installing and configuring Samba and OpenLDAP, including steps for setting up user groups and shared folders. It details commands for installing necessary packages, configuring LDAP settings, and modifying Samba configuration files. Additionally, it includes instructions for adding users and groups, as well as creating shared directories with appropriate permissions.

Uploaded by

6204576707rup
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Table of Contents

Installing Samba.........................................................................................................................................2
Configure OpenLdap..................................................................................................................................2
Configure Samba........................................................................................................................................3
Configure smbldap Tools...........................................................................................................................7
Adding User Groups and Shared Folders..................................................................................................9
Installing Samba

Setting Rpmforge repository ..

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt


rpm -ivh http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

yum repolist

yum install openldap-servers nss_ldap samba httpd openssl mod_ssl mysql mysql-server php php-xml
php-ldap php-mysql php-pdo php-cli php-common smbldap-tools
perl-LDAP perl-Crypt-SmbHash smbldap-tools perl-Digest-SHA1 perl-Unicode-MapUTF8 openldap-
clients

Configure OpenLdap
mv -f /etc/openldap/slapd.conf /etc/openldap/slapd.conf.dist

Generate a master password to set up ldap


slappasswd
New password:
Re-enter new password:
{SSHA}et/Lp4/V1wigdaP0pfeQtQIpT1PPJY8+

Copy this ssha encrypted password we will use it in the configuretion

vi /etc/openldap/slapd.conf

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

access to
attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
by self write
by anonymous auth
by * none

access to *
by self write
by * read

database bdb
suffix "dc=sceh,dc=net"
rootdn "cn=Manager,dc=sceh,dc=net"
rootpw {SSHA}et/Lp4/V1wigdaP0pfeQtQIpT1PPJY8+
password-hash {SSHA}
directory /var/lib/ldap

index cn,sn,uid,displayName pres,sub,eq


index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub

cp /usr/share/doc/samba-3.*/LDAP/samba.schema /etc/openldap/schema/
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap /var/lib/ldap/DB_CONFIG
chmod 600 /var/lib/ldap/DB_CONFIG

vi init.ldif

dn: dc=sceh,dc=net
objectclass: dcObject
objectclass: organization
o: sceh
dc: sceh

vi root.ldif
dn: cn=root,dc=sceh,dc=net
objectclass: organizationalRole
cn: root

slapadd -l /etc/openldap/init.ldif
chown -R ldap:ldap /var/lib/ldap
chmod 600 /var/lib/ldap/*
slapcat

service ldap start


chkconfig ldap on
Configure Samba
mv /etc/samba/smb.conf /etc/samba/smb.conf.dist

vi /etc/samba/smb.conf

[global]

dos charset = 850


unix charset = ISO8859- 1
workgroup = SCEH
netbios name = SAMBA1
obey pam restrictions = Yes
password server = 192.168.1.55
passdb backend = ldapsam:ldap://127.0.0.1/
username map = /etc/samba/smbusers
log level = 2
log file = /var/log/samba/%m.log
unix extensions = No
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %g %u
delete user from group script = /usr/sbin/smbldap-groupmod -x %g %u
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
# logon script = logon.bat
logon path = \\%N\%U\profile
logon home = \\%N\%U
logon drive = Z:
domain logons = Yes
os level = 65
smb ports = 139
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = Yes
domain master = Yes
ldap admin dn = cn=Manager,dc=sceh,dc=net
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
# wins support = Yes
ldap suffix = dc=sceh,dc=net
ldap ssl = no
idmap backend = ldap://127.0.0.1/
idmap uid = 15000-20000
idmap gid = 15000-20000
recycle:touch = Yes
recycle:versions = Yes
recycle:maxsize = 0
recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??
recycle:excludedir = /tmp|/temp|/cache
recycle:noversions = *.doc|*.xls|*.ppt
recycle:repository = .Recycle/%U
recycle:keeptree = Yes
inherit acls = Yes
hosts allow = 192.168.1.
ea support = Yes
map acl inherit = Yes
store dos attributes = Yes
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
dos filemode = Yes
vfs objects = recycle
posix locking = no
nt acl support = yes

[homes]
comment = Home Directories
path = /home/%u
valid users = %S
writeable = yes
read only = No
browseable = No

[netlogon]
comment = Network Logon service
path = /home/netlogon
guest ok = Yes
browseable = no
read only = Yes

Configure smbldap Tools


cp /usr/share/doc/smbldap-tools-0.9.5/smbldap.conf /etc/smbldap-tools/smbldap.conf

net getlocalsid

vi /etc/smbldap-tools/smbldap.conf
# General Configuration

SID="S-1-5-21-2670368159-1018889019-89649393"
sambaDomain="SCEH"
# LDAP Configuration

slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
ldapSSL="0"
verify="require"
cafile="/etc/smbldap-tools/ca.pem"
clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"
suffix="dc=sceh,dc=net"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"

# Unix Accounts Configuration


userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="10950"

# SAMBA Configuration
userSmbHome=""
userProfile=""
userHomeDrive=""
userScript=""
mailDomain="sceh.net"

vi /etc/smbldap-tools/smbldap_bind.conf
slaveDN="cn=Manager,dc=sceh,dc=net"
slavePw="p4mail1server"
masterDN="cn=Manager,dc=sceh,dc=net"
masterPw="p4mail1server"

chmod 644 /etc/smbldap-tools/smbldap.conf


chmod 600 /etc/smbldap-tools/smbldap_bind.conf

authconfig-tui
[*] Use MD5 Passwords
[*] Use Shadow Passwords
[*] Use LDAP
[*] Use LDAP Authentication
[ ] Local authorization is sufficient

vi /etc/pam.d/system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so


auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so

vi /etc/nsswitch.conf

passwd: files ldap


shadow: files ldap
group: files ldap

hosts: files dns


bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus

testparm -v
smbpasswd -w p4mail1server
smbldap-populate

/etc/init.d/smb start
chkconfig smb on

Adding User Groups and Shared Folders


smbldap-useradd -a -G 'Domain Users' -m -s /bin/bash -d /home/user -F "" -P user
net groupmap list
If you want to add a group to LDAP/Samba, say for controlling which users can write/read files on a
share, and have it determine that by groups:
smbldap-groupadd -a account
add users to the group..
smbldap-groupmod -m nitin,test accounts

Now create shared directory for accounts group

mkdir /data/accounts
chown root.accounts /data/accounts
chmod 771 /data/accounts

Now add this in the samba configuration..


vi /etc/samba/smb.conf
[accounts]

comment = Account Department


path = /data/accounts
valid users = +accounts
admin users = nitin
write list = +accounts
read only = No
force create mode = 760
directory mask = 0750
force directory mode = 0750

You might also like