Differences between revisions 1 and 3 (spanning 2 versions)
Revision 1 as of 2007-05-03 00:53:09
Size: 4975
Editor: ?BobBobly
Comment:
Revision 3 as of 2007-05-03 01:16:04
Size: 5179
Editor: ?BobBobly
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
How to create samba3 PDC with ldap backend = How to create samba3 PDC with ldap backend =
Line 3: Line 3:
 1.execute - aptitude install slapd
 a)Enter password for ldap (password)
 2.execute - aptitude install apache-ssl
 a)Enter your country code (US)
 b)Enter the name of your state (Utah)
 c)Enter the name of your city (Salt Lake City)
 d)Enter your organization (buster.lan)
 e)Enter your OU name (ITT)
 f)Enter your host name (pdc.buster.lan)
 g)Enter the contact email (root@buster.lan)
 3.execute - wget http://www.nomis52.net/data/mkntpwd.tar.gz
 4.execute - tar zxvf mkntpwd.tar.gz
 5.execute - cd mkntpwd
 6.execute - make
 7.execute - cp mkntpwd /usr/local/bin/
 8.execute - aptitude install phpldapadmin make gcc libc-dev samba samba-doc
 a)Enter your domain name (buster.lan)
 b)Answer NO to whether you want to modify smb.conf
 9.execute - cd /usr/share/doc/samba-doc/examples/LDAP
 10.execute - gunzip samba.schema.gz
 11.execute - cp samba.schema /etc/ldap/schema/
 12.execute - vim /etc/ldap/slapd.conf
 13.add this line after the other include lines:
== Install LDAP ==
{{{
aptitude install slapd
}}}
 Enter password for the ldap admin when prompted

== Install PHPLDAPADMIN web interface ==
{{{
execute - aptitude install apache-ssl phpldapadmin
}}}
Enter your country code when prompted ex. US
Enter the name of your state when prompted ex. Utah
Enter the name of your city when prompted ex. Salt Lake City
Enter your organization when prompted ex. buster.lan
Enter your OU name when prompted ex. ITT
Enter your host name when prompted ex. pdc.buster.lan
Enter the contact email when prompted ex. root@buster.lan

== Install MKNTPWD ==
{{{
wget http://www.nomis52.net/data/mkntpwd.tar.gz
tar zxvf mkntpwd.tar.gz
cd mkntpwd
make
cp mkntpwd /usr/local/bin/
}}}

== Install Samba ==
{{{
aptitude install make gcc libc-dev samba samba-doc
}}}
Enter your domain name when prompted ex. buster.lan
Answer NO when asked whether you want to modify smb.conf or not
{{{
cd /usr/share/doc/samba-doc/examples/LDAP
gunzip samba.schema.gz
cp samba.schema /etc/ldap/schema/
vim /etc/ldap/slapd.conf
}}}
add this line after the other include lines:
{{{
Line 27: Line 45:
 14.execute - /etc/init.d/slapd restart
 15.open a webbrowser and go to: https://pdc/phhldapadmin/ replacing pdc with your server name
 16.login with the following user and password:
}}}
Now
restart LDAP
{{{
/etc/init.d/slapd restart
}}}
open a webbrowser and go to: https://pdc/phhldapadmin/ (replace pdc with your server name or IP)
login with the following user:
{{{
Line 31: Line 54:
password (replace with your password)
 17.
expand the root node and then click on “Create new entry here”
 18.select OU and click “proceed”
 19.enter users for the OU name and click “Create object”
 20.repeat 17-19 and create two other OUs called “groups” and “machines”
 21.execute - vim /et c/samba/smb.conf
 22.replace passdb backend=tdsam with:
}}}
use the password entered when
you installed LDAP
expand the root node and then click on “Create new entry here”
select OU and click “proceed”
enter users for the OU name and click “Create object”
repeat the previous three steps and create two other OUs called “groups” and “machines”
{{{
vim /et c/samba/smb
.conf
}}}
find:
{{{
passdb backend=tdsam
}}}
and replace it
with:
{{{
Line 51: Line 82:
 23.execute - testparm
 24.make sure testparm executed successfully
 25.execute - smbpasswd -w password
 26.execute - /etc/init.d/samba restart
 27.go back to phpldapadmin and verify that the DomainName record exists below the root
 28.create the following Samba3 Mappings under the groups OU:
}}}

make sure testparm executed successfully:
{{{
testparm
}}}

{{{
smbpasswd -w password
/etc/init.d/samba restart
}}}

Log back into phpldapadmin and verify that the DomainName record exists below the root
create the following Samba3 Mappings under the groups OU:

How to create samba3 PDC with ldap backend

Install LDAP

aptitude install slapd 
  • Enter password for the ldap admin when prompted

Install PHPLDAPADMIN web interface

execute - aptitude install apache-ssl phpldapadmin

Enter your country code when prompted ex. US Enter the name of your state when prompted ex. Utah Enter the name of your city when prompted ex. Salt Lake City Enter your organization when prompted ex. buster.lan Enter your OU name when prompted ex. ITT Enter your host name when prompted ex. pdc.buster.lan Enter the contact email when prompted ex. root@buster.lan

Install MKNTPWD

wget http://www.nomis52.net/data/mkntpwd.tar.gz
tar zxvf mkntpwd.tar.gz
cd mkntpwd
make
cp mkntpwd /usr/local/bin/

Install Samba

aptitude install make gcc libc-dev samba samba-doc

Enter your domain name when prompted ex. buster.lan Answer NO when asked whether you want to modify smb.conf or not

cd /usr/share/doc/samba-doc/examples/LDAP
gunzip samba.schema.gz
cp samba.schema /etc/ldap/schema/
vim /etc/ldap/slapd.conf

add this line after the other include lines:

include         /etc/ldap/schema/samba.schema

Now restart LDAP

/etc/init.d/slapd restart

open a webbrowser and go to: https://pdc/phhldapadmin/ (replace pdc with your server name or IP) login with the following user:

cn=admin,dc=buster,dc=lan

use the password entered when you installed LDAP expand the root node and then click on “Create new entry here” select OU and click “proceed” enter users for the OU name and click “Create object” repeat the previous three steps and create two other OUs called “groups” and “machines”

vim /et c/samba/smb.conf

find:

passdb backend=tdsam

and replace it with:

passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=nomis52,dc=net
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=nomis52,dc=net
ldap delete dn = no

# be a PDC
domain logons = yes

# allow user privileges
enable privileges = yes

make sure testparm executed successfully:

testparm

smbpasswd -w password
/etc/init.d/samba restart

Log back into phpldapadmin and verify that the ?DomainName record exists below the root create the following Samba3 Mappings under the groups OU:

Unix/Windows Name GID SID ending number admins 20000 512 users 20001 513 guests 2002 514

  • 29.execute - aptitude install libnss-ldap a)Enter the server name as ldap://127.0.0.1/ b)put in the search base dc=buster,dc=lan (replace with your domain structure) c)put in the samba version as 3 d)enter the admin profile as cn=admin,dc=buster,dc=lan (replcae with your domain structure) e)enter the admin password (password) f)accept with OK 30.execute - vim /etc/nsswitch.conf 31.add “ldap” after every compat 32.execute - getent group 33.verify that users, guests, and admins exist 34.execute - aptitude install libpam-ldap a)yes b)no c)cn=admin,dc=buster,dc=lan (replace with your domain structure) d)enter your password (password) 35.execute - vim /etc/pam.d/common-account 36.add the following to the end of the file:

account sufficient pam_ldap.so account required pam_unix.so try_first_pass

  • 37.execute - vim /etc/pam.d/common-auth 38.add the following to the end of the password required pam_unix.so:

pam_unix.so --add the following line before the password required pam_unix.so pam_unix.so: password sufficient pam_ldap.so

  • 39.execute - /etc/init.d/ssh restart (if ssh is installed) 40.execute - /etc/init.d/samba restart 41.execute - aptitude install nscd 42.execute - vim /etc/samba/smb.conf 43.add the following line to the file:

ldap password sync=yes

  • 44.go back to phpldapadmin and create the following Samba3 Users under the users OU:

First Name Last Name username UID SID ending Group admins Home Directory Domain Admin adminstrator 10000 21000 admins /home/buster/adminstrator (your) (name) (username) 10001 21001 admins /home/buster/(username)

  • 45.execute - getent passwd 46.verify the new users created are listed 47.execute - mkdir /home/buster 48.execute - mkdir /home/buster/adminstrator 49.execute - mkdir /home/buster/(username) 50.execute - cp /etc/skel/.* /home/buster/(username) 51.execute - chown -R (username):users /home/buster/(username) 52.go back to phpldapadmin and create the a Samba3 machines under the machines OU:

Machine Name UID (machinename)$ 30000

  • 53.execute - smbpwd -a root 54.enter your root password (password) 55.go to your windows machine and right-click on mycomputer and select properties 56.on the name tab select change 57.select the domain radio button and enter buster.lan and click ok 58.enter root for the username 59.enter your password (password) 60.you should see a welcome to the buster.lan domain message and then reboot and you can log in using user from your LDAP database.