How to create samba3 PDC with ldap backend
Install LDAP
aptitude install slapd
- Enter password for the ldap admin when prompted
Install PHPLDAPADMIN web interface
execute - aptitude install apache-ssl phpldapadmin
Enter your country code when prompted ex. US Enter the name of your state when prompted ex. Utah Enter the name of your city when prompted ex. Salt Lake City Enter your organization when prompted ex. buster.lan Enter your OU name when prompted ex. ITT Enter your host name when prompted ex. pdc.buster.lan Enter the contact email when prompted ex. root@buster.lan
Install MKNTPWD
wget http://www.nomis52.net/data/mkntpwd.tar.gz tar zxvf mkntpwd.tar.gz cd mkntpwd make cp mkntpwd /usr/local/bin/
Install Samba
aptitude install make gcc libc-dev samba samba-doc
- a)Enter your domain name (buster.lan) b)Answer NO to whether you want to modify smb.conf 9.execute - cd /usr/share/doc/samba-doc/examples/LDAP 10.execute - gunzip samba.schema.gz 11.execute - cp samba.schema /etc/ldap/schema/ 12.execute - vim /etc/ldap/slapd.conf 13.add this line after the other include lines:
include /etc/ldap/schema/samba.schema
- 14.execute - /etc/init.d/slapd restart
15.open a webbrowser and go to: https://pdc/phhldapadmin/ replacing pdc with your server name 16.login with the following user and password:
cn=admin,dc=buster,dc=lan password (replace with your password)
- 17.expand the root node and then click on “Create new entry here” 18.select OU and click “proceed” 19.enter users for the OU name and click “Create object” 20.repeat 17-19 and create two other OUs called “groups” and “machines” 21.execute - vim /et c/samba/smb.conf 22.replace passdb backend=tdsam with:
passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=nomis52,dc=net ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=nomis52,dc=net ldap delete dn = no
# be a PDC domain logons = yes
# allow user privileges enable privileges = yes
- 23.execute - testparm 24.make sure testparm executed successfully 25.execute - smbpasswd -w password 26.execute - /etc/init.d/samba restart
27.go back to phpldapadmin and verify that the ?DomainName record exists below the root 28.create the following Samba3 Mappings under the groups OU:
Unix/Windows Name GID SID ending number admins 20000 512 users 20001 513 guests 2002 514
- 29.execute - aptitude install libnss-ldap a)Enter the server name as ldap://127.0.0.1/ b)put in the search base dc=buster,dc=lan (replace with your domain structure) c)put in the samba version as 3 d)enter the admin profile as cn=admin,dc=buster,dc=lan (replcae with your domain structure) e)enter the admin password (password) f)accept with OK 30.execute - vim /etc/nsswitch.conf 31.add “ldap” after every compat 32.execute - getent group 33.verify that users, guests, and admins exist 34.execute - aptitude install libpam-ldap a)yes b)no c)cn=admin,dc=buster,dc=lan (replace with your domain structure) d)enter your password (password) 35.execute - vim /etc/pam.d/common-account 36.add the following to the end of the file:
account sufficient pam_ldap.so account required pam_unix.so try_first_pass
- 37.execute - vim /etc/pam.d/common-auth 38.add the following to the end of the password required pam_unix.so:
pam_unix.so --add the following line before the password required pam_unix.so pam_unix.so: password sufficient pam_ldap.so
- 39.execute - /etc/init.d/ssh restart (if ssh is installed) 40.execute - /etc/init.d/samba restart 41.execute - aptitude install nscd 42.execute - vim /etc/samba/smb.conf 43.add the following line to the file:
ldap password sync=yes
- 44.go back to phpldapadmin and create the following Samba3 Users under the users OU:
First Name Last Name username UID SID ending Group admins Home Directory Domain Admin adminstrator 10000 21000 admins /home/buster/adminstrator (your) (name) (username) 10001 21001 admins /home/buster/(username)
- 45.execute - getent passwd 46.verify the new users created are listed 47.execute - mkdir /home/buster 48.execute - mkdir /home/buster/adminstrator 49.execute - mkdir /home/buster/(username) 50.execute - cp /etc/skel/.* /home/buster/(username) 51.execute - chown -R (username):users /home/buster/(username) 52.go back to phpldapadmin and create the a Samba3 machines under the machines OU:
Machine Name UID (machinename)$ 30000
- 53.execute - smbpwd -a root 54.enter your root password (password) 55.go to your windows machine and right-click on mycomputer and select properties 56.on the name tab select change 57.select the domain radio button and enter buster.lan and click ok 58.enter root for the username 59.enter your password (password) 60.you should see a welcome to the buster.lan domain message and then reboot and you can log in using user from your LDAP database.