|
Size: 4975
Comment:
|
Size: 5179
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| How to create samba3 PDC with ldap backend | = How to create samba3 PDC with ldap backend = |
| Line 3: | Line 3: |
| 1.execute - aptitude install slapd a)Enter password for ldap (password) 2.execute - aptitude install apache-ssl a)Enter your country code (US) b)Enter the name of your state (Utah) c)Enter the name of your city (Salt Lake City) d)Enter your organization (buster.lan) e)Enter your OU name (ITT) f)Enter your host name (pdc.buster.lan) g)Enter the contact email (root@buster.lan) 3.execute - wget http://www.nomis52.net/data/mkntpwd.tar.gz 4.execute - tar zxvf mkntpwd.tar.gz 5.execute - cd mkntpwd 6.execute - make 7.execute - cp mkntpwd /usr/local/bin/ 8.execute - aptitude install phpldapadmin make gcc libc-dev samba samba-doc a)Enter your domain name (buster.lan) b)Answer NO to whether you want to modify smb.conf 9.execute - cd /usr/share/doc/samba-doc/examples/LDAP 10.execute - gunzip samba.schema.gz 11.execute - cp samba.schema /etc/ldap/schema/ 12.execute - vim /etc/ldap/slapd.conf 13.add this line after the other include lines: |
== Install LDAP == {{{ aptitude install slapd }}} Enter password for the ldap admin when prompted == Install PHPLDAPADMIN web interface == {{{ execute - aptitude install apache-ssl phpldapadmin }}} Enter your country code when prompted ex. US Enter the name of your state when prompted ex. Utah Enter the name of your city when prompted ex. Salt Lake City Enter your organization when prompted ex. buster.lan Enter your OU name when prompted ex. ITT Enter your host name when prompted ex. pdc.buster.lan Enter the contact email when prompted ex. root@buster.lan == Install MKNTPWD == {{{ wget http://www.nomis52.net/data/mkntpwd.tar.gz tar zxvf mkntpwd.tar.gz cd mkntpwd make cp mkntpwd /usr/local/bin/ }}} == Install Samba == {{{ aptitude install make gcc libc-dev samba samba-doc }}} Enter your domain name when prompted ex. buster.lan Answer NO when asked whether you want to modify smb.conf or not {{{ cd /usr/share/doc/samba-doc/examples/LDAP gunzip samba.schema.gz cp samba.schema /etc/ldap/schema/ vim /etc/ldap/slapd.conf }}} add this line after the other include lines: {{{ |
| Line 27: | Line 45: |
| 14.execute - /etc/init.d/slapd restart 15.open a webbrowser and go to: https://pdc/phhldapadmin/ replacing pdc with your server name 16.login with the following user and password: |
}}} Now restart LDAP {{{ /etc/init.d/slapd restart }}} open a webbrowser and go to: https://pdc/phhldapadmin/ (replace pdc with your server name or IP) login with the following user: {{{ |
| Line 31: | Line 54: |
| password (replace with your password) 17.expand the root node and then click on “Create new entry here” 18.select OU and click “proceed” 19.enter users for the OU name and click “Create object” 20.repeat 17-19 and create two other OUs called “groups” and “machines” 21.execute - vim /et c/samba/smb.conf 22.replace passdb backend=tdsam with: |
}}} use the password entered when you installed LDAP expand the root node and then click on “Create new entry here” select OU and click “proceed” enter users for the OU name and click “Create object” repeat the previous three steps and create two other OUs called “groups” and “machines” {{{ vim /et c/samba/smb.conf }}} find: {{{ passdb backend=tdsam }}} and replace it with: {{{ |
| Line 51: | Line 82: |
| 23.execute - testparm 24.make sure testparm executed successfully 25.execute - smbpasswd -w password 26.execute - /etc/init.d/samba restart 27.go back to phpldapadmin and verify that the DomainName record exists below the root 28.create the following Samba3 Mappings under the groups OU: |
}}} make sure testparm executed successfully: {{{ testparm }}} {{{ smbpasswd -w password /etc/init.d/samba restart }}} Log back into phpldapadmin and verify that the DomainName record exists below the root create the following Samba3 Mappings under the groups OU: |
How to create samba3 PDC with ldap backend
Install LDAP
aptitude install slapd
- Enter password for the ldap admin when prompted
Install PHPLDAPADMIN web interface
execute - aptitude install apache-ssl phpldapadmin
Enter your country code when prompted ex. US Enter the name of your state when prompted ex. Utah Enter the name of your city when prompted ex. Salt Lake City Enter your organization when prompted ex. buster.lan Enter your OU name when prompted ex. ITT Enter your host name when prompted ex. pdc.buster.lan Enter the contact email when prompted ex. root@buster.lan
Install MKNTPWD
wget http://www.nomis52.net/data/mkntpwd.tar.gz tar zxvf mkntpwd.tar.gz cd mkntpwd make cp mkntpwd /usr/local/bin/
Install Samba
aptitude install make gcc libc-dev samba samba-doc
Enter your domain name when prompted ex. buster.lan Answer NO when asked whether you want to modify smb.conf or not
cd /usr/share/doc/samba-doc/examples/LDAP gunzip samba.schema.gz cp samba.schema /etc/ldap/schema/ vim /etc/ldap/slapd.conf
add this line after the other include lines:
include /etc/ldap/schema/samba.schema
Now restart LDAP
/etc/init.d/slapd restart
open a webbrowser and go to: https://pdc/phhldapadmin/ (replace pdc with your server name or IP) login with the following user:
cn=admin,dc=buster,dc=lan
use the password entered when you installed LDAP expand the root node and then click on “Create new entry here” select OU and click “proceed” enter users for the OU name and click “Create object” repeat the previous three steps and create two other OUs called “groups” and “machines”
vim /et c/samba/smb.conf
find:
passdb backend=tdsam
and replace it with:
passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=nomis52,dc=net ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=nomis52,dc=net ldap delete dn = no # be a PDC domain logons = yes # allow user privileges enable privileges = yes
make sure testparm executed successfully:
testparm
smbpasswd -w password /etc/init.d/samba restart
Log back into phpldapadmin and verify that the ?DomainName record exists below the root create the following Samba3 Mappings under the groups OU:
Unix/Windows Name GID SID ending number admins 20000 512 users 20001 513 guests 2002 514
- 29.execute - aptitude install libnss-ldap a)Enter the server name as ldap://127.0.0.1/ b)put in the search base dc=buster,dc=lan (replace with your domain structure) c)put in the samba version as 3 d)enter the admin profile as cn=admin,dc=buster,dc=lan (replcae with your domain structure) e)enter the admin password (password) f)accept with OK 30.execute - vim /etc/nsswitch.conf 31.add “ldap” after every compat 32.execute - getent group 33.verify that users, guests, and admins exist 34.execute - aptitude install libpam-ldap a)yes b)no c)cn=admin,dc=buster,dc=lan (replace with your domain structure) d)enter your password (password) 35.execute - vim /etc/pam.d/common-account 36.add the following to the end of the file:
account sufficient pam_ldap.so account required pam_unix.so try_first_pass
- 37.execute - vim /etc/pam.d/common-auth 38.add the following to the end of the password required pam_unix.so:
pam_unix.so --add the following line before the password required pam_unix.so pam_unix.so: password sufficient pam_ldap.so
- 39.execute - /etc/init.d/ssh restart (if ssh is installed) 40.execute - /etc/init.d/samba restart 41.execute - aptitude install nscd 42.execute - vim /etc/samba/smb.conf 43.add the following line to the file:
ldap password sync=yes
- 44.go back to phpldapadmin and create the following Samba3 Users under the users OU:
First Name Last Name username UID SID ending Group admins Home Directory Domain Admin adminstrator 10000 21000 admins /home/buster/adminstrator (your) (name) (username) 10001 21001 admins /home/buster/(username)
- 45.execute - getent passwd 46.verify the new users created are listed 47.execute - mkdir /home/buster 48.execute - mkdir /home/buster/adminstrator 49.execute - mkdir /home/buster/(username) 50.execute - cp /etc/skel/.* /home/buster/(username) 51.execute - chown -R (username):users /home/buster/(username) 52.go back to phpldapadmin and create the a Samba3 machines under the machines OU:
Machine Name UID (machinename)$ 30000
- 53.execute - smbpwd -a root 54.enter your root password (password) 55.go to your windows machine and right-click on mycomputer and select properties 56.on the name tab select change 57.select the domain radio button and enter buster.lan and click ok 58.enter root for the username 59.enter your password (password) 60.you should see a welcome to the buster.lan domain message and then reboot and you can log in using user from your LDAP database.