INSTALLATION AND CONFIGURATION OF LDAP-SAMBA PDC
OPERATING SYSTEM = CENTOS 5.6
IP ADDRESS = 192.168.2.88
HOSTNAME = PDC.HBN.LOCAL
TASK:
TO ADD WINDOWS CLIENT TO LINUX
LDAP – PDC DOMAIN.
Step1: Disable FireWall, SeLinux
edit /etc/hosts file like:--
edit /etc/hosts file like:--
root@pdc ~]# cat /etc/hosts
192.168.2.88 pdc.hbn.local pdc
127.0.0.1 pdc.hbn.local pdc localhost.localdomain
localhost
::1 localhost6.localdomain6
localhost6
And
set ip address 192.168.2.88 and hostname –fqd should
be pdc.hbn.local
Vim
/etc/sysconfig/network :
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=pdc.hbn.local
Step 2: Install ldap with yum
yum -y install openldap-servers
openldap-clients:
Step3: [root@pdc ~]# slappasswd -s
password -h {MD5}
{MD5}X03MO1qnZdYdgyfeuILPmQ==
Step4: edit the
/etc/openldap/slapd.conf
[root@pdc ~]# vim
/etc/openldap/slapd.conf like:---
database bdb
suffix "dc=hbn,dc=local"
rootdn "cn=Manager,dc=hbn,dc=local"
# Cleartext passwords, especially for
the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for
details.
# Use of strong authentication
encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {MD5}X03MO1qnZdYdgyfeuILPmQ==
# The database directory MUST exist
prior to running slapd AND
# should only be accessible by the
slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# add at the bottom
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=hbn,dc=local" write
by anonymous auth
by * none
access to *
by dn="cn=Manager,dc=hbn,dc=local" write
by self write
by * read
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=hbn,dc=local" write
by anonymous auth
by * none
access to *
by dn="cn=Manager,dc=hbn,dc=local" write
by self write
by * read
Step5:
[root@pdc ~]#cp
/etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@pdc ~]#/etc/init.d/ldap start
[root@pdc ~]#chkconfig ldap on
[root@pdc ~]#cd /usr/share/openldap/migration
[root@pdc ~]#vim migrate_common.ph
[root@pdc ~]#/etc/init.d/ldap start
[root@pdc ~]#chkconfig ldap on
[root@pdc ~]#cd /usr/share/openldap/migration
[root@pdc ~]#vim migrate_common.ph
#search these lines and edit
like
# Default DNS domain
$DEFAULT_MAIL_DOMAIN =
"hbn.local";
# Default base
$DEFAULT_BASE =
"dc=hbn,dc=local";
Step6 : migrate the
credintials to main ldap base file
[root@pdc ~]#cd
/usr/share/openldap/migration
[root@pdc
migration]#./migrate_base.pl > base.ldif
[root@pdc migration]# ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f base.ldif
[root@pdc migration]# ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f base.ldif
Enter LDAP Password:
(enter LDAP password on step 3)
adding new entry
"dc=hbn,dc=local"
adding new entry
"ou=Hosts,dc=hbn,dc=local"
adding new entry
"ou=Rpc,dc=hbn,dc=local"
adding new entry
"ou=Services,dc=hbn,dc=local"
adding new entry
"nisMapName=netgroup.byuser,dc=hbn,dc=local"
adding new entry
"ou=Mounts,dc=hbn,dc=local"
adding new entry
"ou=Networks,dc=hbn,dc=local"
adding new entry
"ou=People,dc=hbn,dc=local"
adding new entry
"ou=Group,dc=hbn,dc=local"
adding new entry
"ou=Netgroup,dc=hbn,dc=local"
adding new entry
"ou=Protocols,dc=hbn,dc=local"
adding new entry
"ou=Aliases,dc=hbn,dc=local"
adding new entry
"nisMapName=netgroup.byhost,dc=hbn,dc=local"
Step7:
[root@pdc migration]#
useradd test1
[root@pdc migration]#
passwd test1
Changing password for
user test1.
New UNIX password:
BAD PASSWORD: it is
based on a dictionary word
Retype new UNIX
password:
passwd: all
authentication tokens updated successfully.
[root@pdc migration]#
useradd test2
[root@pdc migration]#
passwd test2
Changing password for
user test2.
New UNIX password:
BAD PASSWORD: it is
based on a dictionary word
Retype new UNIX
password:
passwd: all
authentication tokens updated successfully
[root@pdc migration]#
grep "x:[5-9][0-9][0-9]" /etc/passwd > passwd
[root@pdc migration]#
grep "x:[5-9][0-9][0-9]" /etc/group > group
[root@pdc migration]#
./migrate_passwd.pl passwd > passwd.ldif
[root@pdc migration]#
./migrate_group.pl group > group.ldif
[root@pdc migration]#
ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f passwd.ldif
Enter LDAP Password:
(enter LDAP password on step 3)
adding new entry
"uid=nfsnobody,ou=People,dc=hbn,dc=local"
adding new entry
"uid=sabhaskar,ou=People,dc=hbn,dc=local"
adding new entry
"uid=test1,ou=People,dc=hbn,dc=local"
adding new entry
"uid=test2,ou=People,dc=hbn,dc=local"
adding new entry
"uid=cent,ou=People,dc=hbn,dc=local"
adding new entry
"uid=fedora,ou=People,dc=hbn,dc=local"
[root@pdc migration]#
ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f group.ldif
Enter LDAP Password:
(enter LDAP password on step 3)
adding new entry
"cn=nfsnobody,ou=Group,dc=hbn,dc=local"
adding new entry
"cn=sabhaskar,ou=Group,dc=hbn,dc=local"
adding new entry
"cn=test1,ou=Group,dc=hbn,dc=local"
adding new entry
"cn=test2,ou=Group,dc=hbn,dc=local"
adding new entry
"cn=cent,ou=Group,dc=hbn,dc=local"
adding new entry
"cn=fedora,ou=Group,dc=hbn,dc=local"
Step8: samba installation
[root@pdc migration]#
yum -y install samba
Downloading Packages:
(1/4):
libsmbclient-3.0.33-3.39.el5_8.i386.rpm | 909 kB 00:02
(2/4):
samba-client-3.0.33-3.39.el5_8.i386.rpm | 5.7 MB 00:12
(3/4):
samba-common-3.0.33-3.39.el5_8.i386.rpm | 6.7 MB 00:15
(4/4):
samba-3.0.33-3.39.el5_8.i386.rpm | 16 MB
00:36
Complete!
[root@pdc migration]# cp
/usr/share/doc/samba-3.0.33/LDAP/samba.schema
/etc/openldap/schema/samba.schema
[root@pdc migration]#
vim /etc/openldap/slapd.conf
# add the line to this
file
include
/etc/openldap/schema/samba.schema
# and modify this line
in same file
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by dn="cn=Manager,dc=hbn,dc=local" write
by anonymous auth
by * none
by self write
by dn="cn=Manager,dc=hbn,dc=local" write
by anonymous auth
by * none
root@pdc migration]#
/etc/rc.d/init.d/ldap restart
Stopping slapd: [ OK ]
Starting slapd:
[ OK ]
Setup this LDAP-SAMBA PDC is openldap-client
[root@pdc migration]# setup
[root@pdc migration]# setup
select Authentication Configuration
check boxes: Use ldap and use ldap Authenication, MD5
change server to: 192.168.2.88
check boxes: Use ldap and use ldap Authenication, MD5
change server to: 192.168.2.88
and Base DN to: dc=hbn,dc=local
[root@pdc migration]# vim
/etc/pam.d/system-auth
#add this line
session optional pam_mkhomedir.so
skel=/etc/skel umask=077
____________________________________________________________-----
[root@pdc ~]# vim /etc/ldap.conf
(Add these line to file)
base dc=hbn,dc=local
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
uri ldap://192.168.2.88/
___________________________________________________________
Step9:
installation of smbldap tools , for
this task we need to install epel package on centos 5.6.
I manually download the epel package
from http://www.wiki.centos.org/
[root@pdc migration]# yum
--enablerepo=epel -y install smbldap-tools
[root@pdc migration]# mv
/etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@pdc migration]# cp
/usr/share/do
doc/ dogtail/
[root@pdc migration]# cp
/usr/share/doc/smbldap-tools-0.9.6/smb.conf /etc/samba/smb.conf
[root@pdc migration]#
service ldap restart
Stopping slapd:
[ OK ]
Starting slapd:
[ OK ]
[root@pdc migration]#
vim /etc/samba/smb.conf
(I just modify and add
few lines to this file)
____________________________________________________________________________________
[global]
passwd chat = "Changing *\nNew password*" %n\n
"*Retype new password*" %n\n"
preserve case = yes
admin users = admin
enable privileges = yes
delete user from group script =
/usr/sbin/smbldap-groupmod -x "%u" "%g"
show add printer wizard = yes
time server = Yes
passwd program = /usr/sbin/smbldap-passwd -u
"%u"
nt acl support = No
netbios name = PDC-SRV
printing = cups
ldap passwd sync = yes
logon script = logon.bat
min passwd length = 3
dos charset = CP932
workgroup = HBNLOCAL
os level = 65
ldap admin dn = cn=Manager,dc=hbn,dc=local
printcap name = cups
security = user
short preserve case = yes
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
add machine script = /usr/sbin/smbldap-useradd -t 0 -w
"%u"
delete user script = /usr/sbin/smbldap-userdel
"%u"
max log size = 100000
log level = 0
log file = /var/log/samba/log.%U
guest account = nobody
load printers = Yes
ldap user suffix = ou=People
add group script = /usr/sbin/smbldap-groupadd -p
"%g"
delete group script = /usr/sbin/smbldap-groupdel
"%g"
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
add user to group script = /usr/sbin/smbldap-groupmod -m
"%u" "%g"
mangling method = hash2
logon drive = H:
deadtime = 10
create mask = 0640
map to guest = Bad User
domain master = Yes
winbind trusted domains only = yes
encrypt passwords = Yes
winbind use default domain = yes
logon home = /home/netlogon
passdb backend = ldapsam:ldap://127.0.0.1/
case sensitive = no
wins support = yes
ldap machine suffix = ou=Computers
ldap group suffix = ou=Group
server string = Samba Server %v
ldap suffix = dc=hbn,dc=local
unix password sync = yes
logon path =
directory mask = 0750
add user script = /usr/sbin/smbldap-useradd -m
"%u"
set primary group script = /usr/sbin/smbldap-usermod -g
'%g' '%u'
syslog = 0
unix charset = UTF-8
preferred master = Yes
domain logons = Yes
#The shares should look
like this
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
[printers]
comment = Network Printers
#printer admin = @"Print
Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
# print command = /usr/bin/lpr -U%U@%M
-P%p -r %s
# lpq command = /usr/bin/lpq -U%U@%M
-P%p
# lprm command = /usr/bin/lprm -U%U@%M
-P%p %j
# lppause command = /usr/sbin/lpc
-U%U@%M hold %p %j
# lpresume command = /usr/sbin/lpc
-U%U@%M release %p %j
# queuepause command = /usr/sbin/lpc
-U%U@%M stop %p
# queueresume command = /usr/sbin/lpc
-U%U@%M start %p
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print
Operators"
write list = @"Print
Operators"
create mask = 0664
directory mask = 0775
[public]
path = /tmp
guest ok = yes
browseable = Yes
writable = yes
[root@pdc ~]# vim
/etc/smbldap-tools/smbldap_bind.conf
slaveDN="cn=Manager,dc=hbn,dc=local"
slavePw="password"
masterDN="cn=Manager,dc=hbn,dc=local"
masterPw="password"
_____________________________________________________________
[root@pdc migration]#
mkdir /home/netlogon
[root@pdc migration]#
chmod 777 /home/netlogon/
[root@pdc migration]#
service smb start
Starting SMB
services:
[ OK ]
Starting NMB
services:
[ OK ]
[root@pdc migration]#
smbpasswd -W
Setting stored password
for "cn=Manager,dc=hbn,dc=local" in secrets.tdb
New SMB password:
Retype new SMB password:
(I just set the ldap password only for this)
Step10:
root@pdc migration]# cd
/usr/share/doc/smbldap-tools-0.9.6/
[root@pdc
smbldap-tools-0.9.6]# chmod 777 configure.pl
[root@pdc
smbldap-tools-0.9.6]# ./configure.pl
(It will ask ldap server
details and samba details , just provide
the required )
Step 11:
[root@pdc
smbldap-tools-0.9.6]# smbldap-populate
Populating LDAP
directory for domain HBNLOCAL (S-1-5-21-3415407115-311491748-1151047458)
(using builtin directory
structure)
entry dc=hbn,dc=local
already exist.
entry
ou=People,dc=hbn,dc=local already exist.
entry
ou=Group,dc=hbn,dc=local already exist.
adding new entry:
ou=Computers,dc=hbn,dc=local
adding new entry:
ou=Idmap,dc=hbn,dc=local
adding new entry:
uid=root,ou=People,dc=hbn,dc=local
adding new entry:
uid=nobody,ou=People,dc=hbn,dc=local
adding new entry:
cn=Domain Admins,ou=Group,dc=hbn,dc=local
adding new entry:
cn=Domain Users,ou=Group,dc=hbn,dc=local
adding new entry:
cn=Domain Guests,ou=Group,dc=hbn,dc=local
adding new entry:
cn=Domain Computers,ou=Group,dc=hbn,dc=local
adding new entry:
cn=Administrators,ou=Group,dc=hbn,dc=local
adding new entry: cn=Account
Operators,ou=Group,dc=hbn,dc=local
adding new entry:
cn=Print Operators,ou=Group,dc=hbn,dc=local
adding new entry:
cn=Backup Operators,ou=Group,dc=hbn,dc=local
adding new entry:
cn=Replicators,ou=Group,dc=hbn,dc=local
entry
sambaDomainName=HBNLOCAL,dc=hbn,dc=local already exist. Updating it...
Please provide a
password for the domain root:
Changing UNIX and samba
passwords for root
New password:
Retype new
password:(same the ldap password only)
Step12:
(now creating users and
groups for windows machines )
[root@pdc
smbldap-tools-0.9.6]# smbldap-groupadd -a admin
[root@pdc
smbldap-tools-0.9.6]# smbldap-useradd -am -g admin admin
[root@pdc smbldap-tools-0.9.6]# smbldap-passwd
admin
[root@pdc
smbldap-tools-0.9.6]# smbldap-useradd -am -g admin bhaskar
[root@pdc
smbldap-tools-0.9.6]# smbldap-passwd bhaskar
####### the above
section completed the ldap-samba pdc server ###################333
Here I used windows xp
as client and given ip address 192.168.2.36
Machine name is clientxp
Add primary dns is
192.168.2.88 (ldap server)
Add wins is 192.168.2.88
(ldap server)
Steps->> right
click my computer >> properties>>computer name>>
Click change >>
when new window appears >> click more there you mention >>
hbn.local>>
Now provide samba domain
name which is in this case HBNLOCAL
It will ask smbldap user
name and password . I just enter bhaskar and its password .
The windows machine is
joined the LDAP-SAMBA PDC Server succefully.
No comments:
Post a Comment