|
Size: 5169
Comment:
|
Size: 5116
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 11: | Line 11: |
| execute - aptitude install apache-ssl phpldapadmin | aptitude install apache-ssl phpldapadmin |
| Line 34: | Line 34: |
| a)Enter your domain name (buster.lan) b)Answer NO to whether you want to modify smb.conf 9.execute - cd /usr/share/doc/samba-doc/examples/LDAP 10.execute - gunzip samba.schema.gz 11.execute - cp samba.schema /etc/ldap/schema/ 12.execute - vim /etc/ldap/slapd.conf 13.add this line after the other include lines: |
Enter your domain name when prompted ex. buster.lan Answer NO when asked whether you want to modify smb.conf or not {{{ cd /usr/share/doc/samba-doc/examples/LDAP gunzip samba.schema.gz cp samba.schema /etc/ldap/schema/ vim /etc/ldap/slapd.conf }}} add this line after the other include lines: {{{ |
| Line 42: | Line 45: |
| 14.execute - /etc/init.d/slapd restart 15.open a webbrowser and go to: https://pdc/phhldapadmin/ replacing pdc with your server name 16.login with the following user and password: |
}}} Now restart LDAP {{{ /etc/init.d/slapd restart }}} open a webbrowser and go to: https://pdc/phhldapadmin/ (replace pdc with your server name or IP) login with the following user: {{{ |
| Line 46: | Line 54: |
| password (replace with your password) 17.expand the root node and then click on “Create new entry here” 18.select OU and click “proceed” 19.enter users for the OU name and click “Create object” 20.repeat 17-19 and create two other OUs called “groups” and “machines” 21.execute - vim /et c/samba/smb.conf 22.replace passdb backend=tdsam with: |
}}} use the password entered when you installed LDAP expand the root node and then click on “Create new entry here” select OU and click “proceed” enter users for the OU name and click “Create object” repeat the previous three steps and create two other OUs called “groups” and “machines” {{{ vim /et c/samba/smb.conf }}} find: {{{ passdb backend=tdsam }}} and replace it with: {{{ |
| Line 66: | Line 82: |
| 23.execute - testparm 24.make sure testparm executed successfully 25.execute - smbpasswd -w password 26.execute - /etc/init.d/samba restart 27.go back to phpldapadmin and verify that the DomainName record exists below the root 28.create the following Samba3 Mappings under the groups OU: |
}}} |
| Line 73: | Line 84: |
| Unix/Windows Name GID SID ending number admins 20000 512 users 20001 513 guests 2002 514 29.execute - aptitude install libnss-ldap a)Enter the server name as ldap://127.0.0.1/ b)put in the search base dc=buster,dc=lan (replace with your domain structure) c)put in the samba version as 3 d)enter the admin profile as cn=admin,dc=buster,dc=lan (replcae with your domain structure) e)enter the admin password (password) f)accept with OK 30.execute - vim /etc/nsswitch.conf 31.add “ldap” after every compat 32.execute - getent group 33.verify that users, guests, and admins exist 34.execute - aptitude install libpam-ldap a)yes b)no c)cn=admin,dc=buster,dc=lan (replace with your domain structure) d)enter your password (password) 35.execute - vim /etc/pam.d/common-account 36.add the following to the end of the file: |
make sure testparm executes successfully: {{{ testparm }}} Set the samba password and restart samba {{{ smbpasswd -w password /etc/init.d/samba restart }}} Log back into phpldapadmin and verify that the DomainName record exists below the root create the following Samba3 Mappings under the groups OU: Unix/Windows Name GID SID ending number admins 20000 512 users 20001 513 guests 20002 514 {{{ aptitude install libnss-ldap }}} Enter the server name as ldap://127.0.0.1/ when prompted put in the search base as dc=buster,dc=lan (replace with your domain structure) put in the samba version as 3 enter the admin profile as cn=admin,dc=buster,dc=lan (replcae with your domain structure) enter the admin password accept with OK {{{ vim /etc/nsswitch.conf }}} add “ldap” after every compat verify that users, guests, and admins exist by executing: {{{ getent group }}} {{{ aptitude install libpam-ldap }}} Answer yes Answer no Enter the admin profile - cn=admin,dc=buster,dc=lan (replace with your domain structure) Enter your admin password {{{ vim /etc/pam.d/common-account }}} add the following to the end of the file: {{{ |
| Line 105: | Line 138: |
| 37.execute - vim /etc/pam.d/common-auth 38.add the following to the end of the password required pam_unix.so: pam_unix.so --add the following line before the password required pam_unix.so pam_unix.so: |
}}} {{{ vim /etc/pam.d/common-auth }}} add the following line to the beginning of the file: {{{ |
| Line 110: | Line 146: |
| 39.execute - /etc/init.d/ssh restart (if ssh is installed) 40.execute - /etc/init.d/samba restart 41.execute - aptitude install nscd 42.execute - vim /etc/samba/smb.conf 43.add the following line to the file: |
}}} restart ssh and samaba {{{ execute - /etc/init.d/ssh restart (if ssh is installed) execute - /etc/init.d/samba restart }}} install nscd {{{ aptitude install nscd vim /etc/samba/smb.conf }}} add the following line to the file: {{{ |
| Line 116: | Line 160: |
| }}} log back into phpldapadmin and create the following Samba3 Users under the users OU: First Name Last Name username UID SID ending Group Home Directory Domain Admin adminstrator 10000 21000 admins /home/buster/adminstrator (your) (name) (username) 10001 21001 admins /home/buster/(username) |
|
| Line 117: | Line 166: |
| 44.go back to phpldapadmin and create the following Samba3 Users under the users OU: First Name Last Name username UID SID ending Group admins Home Directory Domain Admin adminstrator 10000 21000 admins /home/buster/adminstrator (your) (name) (username) 10001 21001 admins /home/buster/(username) 45.execute - getent passwd 46.verify the new users created are listed 47.execute - mkdir /home/buster 48.execute - mkdir /home/buster/adminstrator 49.execute - mkdir /home/buster/(username) 50.execute - cp /etc/skel/.* /home/buster/(username) 51.execute - chown -R (username):users /home/buster/(username) 52.go back to phpldapadmin and create the a Samba3 machines under the machines OU: |
verify the new users are in the database: {{{ getent passwd }}} |
| Line 148: | Line 171: |
| Machine Name UID (machinename)$ 30000 53.execute - smbpwd -a root 54.enter your root password (password) 55.go to your windows machine and right-click on mycomputer and select properties 56.on the name tab select change 57.select the domain radio button and enter buster.lan and click ok 58.enter root for the username 59.enter your password (password) 60.you should see a welcome to the buster.lan domain message and then reboot and you can log in using user from your LDAP database. |
create home directory {{{ mkdir /home/buster mkdir /home/buster/(username) cp /etc/skel/.* /home/buster/(username) chown -R (username):users /home/buster/(username) }}} log back into phpldapadmin and create the a Samba3 machines under the machines OU: Machine Name UID (machinename)$ 30000 {{{ smbpwd -a root }}} enter your root password go to your windows machine and right-click on mycomputer and select properties on the name tab select change select the domain radio button and enter buster.lan and click ok enter root for the username enter your root password you should see a welcome to the buster.lan domain message and then reboot and you can log in using user from your LDAP database. |
How to create samba3 PDC with ldap backend
Install LDAP
aptitude install slapd
- Enter password for the ldap admin when prompted
Install PHPLDAPADMIN web interface
aptitude install apache-ssl phpldapadmin
Enter your country code when prompted ex. US Enter the name of your state when prompted ex. Utah Enter the name of your city when prompted ex. Salt Lake City Enter your organization when prompted ex. buster.lan Enter your OU name when prompted ex. ITT Enter your host name when prompted ex. pdc.buster.lan Enter the contact email when prompted ex. root@buster.lan
Install MKNTPWD
wget http://www.nomis52.net/data/mkntpwd.tar.gz tar zxvf mkntpwd.tar.gz cd mkntpwd make cp mkntpwd /usr/local/bin/
Install Samba
aptitude install make gcc libc-dev samba samba-doc
Enter your domain name when prompted ex. buster.lan Answer NO when asked whether you want to modify smb.conf or not
cd /usr/share/doc/samba-doc/examples/LDAP gunzip samba.schema.gz cp samba.schema /etc/ldap/schema/ vim /etc/ldap/slapd.conf
add this line after the other include lines:
include /etc/ldap/schema/samba.schema
Now restart LDAP
/etc/init.d/slapd restart
open a webbrowser and go to: https://pdc/phhldapadmin/ (replace pdc with your server name or IP) login with the following user:
cn=admin,dc=buster,dc=lan
use the password entered when you installed LDAP expand the root node and then click on “Create new entry here” select OU and click “proceed” enter users for the OU name and click “Create object” repeat the previous three steps and create two other OUs called “groups” and “machines”
vim /et c/samba/smb.conf
find:
passdb backend=tdsam
and replace it with:
passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=nomis52,dc=net ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=nomis52,dc=net ldap delete dn = no # be a PDC domain logons = yes # allow user privileges enable privileges = yes
make sure testparm executes successfully:
testparm
Set the samba password and restart samba
smbpasswd -w password /etc/init.d/samba restart
Log back into phpldapadmin and verify that the ?DomainName record exists below the root create the following Samba3 Mappings under the groups OU:
Unix/Windows Name GID SID ending number admins 20000 512 users 20001 513 guests 20002 514
aptitude install libnss-ldap
Enter the server name as ldap://127.0.0.1/ when prompted put in the search base as dc=buster,dc=lan (replace with your domain structure) put in the samba version as 3 enter the admin profile as cn=admin,dc=buster,dc=lan (replcae with your domain structure) enter the admin password accept with OK
vim /etc/nsswitch.conf
add “ldap” after every compat
verify that users, guests, and admins exist by executing:
getent group
aptitude install libpam-ldap
Answer yes Answer no Enter the admin profile - cn=admin,dc=buster,dc=lan (replace with your domain structure) Enter your admin password
vim /etc/pam.d/common-account
add the following to the end of the file:
account sufficient pam_ldap.so account required pam_unix.so try_first_pass
vim /etc/pam.d/common-auth
add the following line to the beginning of the file:
password sufficient pam_ldap.so
restart ssh and samaba
execute - /etc/init.d/ssh restart (if ssh is installed) execute - /etc/init.d/samba restart
install nscd
aptitude install nscd vim /etc/samba/smb.conf
add the following line to the file:
ldap password sync=yes
log back into phpldapadmin and create the following Samba3 Users under the users OU: First Name Last Name username UID SID ending Group Home Directory Domain Admin adminstrator 10000 21000 admins /home/buster/adminstrator (your) (name) (username) 10001 21001 admins /home/buster/(username)
verify the new users are in the database:
getent passwd
create home directory
mkdir /home/buster mkdir /home/buster/(username) cp /etc/skel/.* /home/buster/(username) chown -R (username):users /home/buster/(username)
log back into phpldapadmin and create the a Samba3 machines under the machines OU:
Machine Name UID (machinename)$ 30000
smbpwd -a root
enter your root password
go to your windows machine and right-click on mycomputer and select properties on the name tab select change select the domain radio button and enter buster.lan and click ok enter root for the username enter your root password you should see a welcome to the buster.lan domain message and then reboot and you can log in using user from your LDAP database.