Samba Primary Domain Controller with LDAP ( Thay the Active Directory )

Normal 0 false false false EN-US X-NONE X-NONE

Samba PDC with LDAP

Edit  /etc/hosts

[root@server ~]# vi /etc/hosts

192.168.1.1 server server.abc.com

Install those following packages below.

[root@server ~]# yum install samba samba-client openldap openldap-clients open-ldap-servers nss_ldap perl-LDAP

perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm
perl-Digest-SHA1-2.11-1.2.1.i386.rpm
perl-Jcode-2.06-1.el5.rf.i386.rpm
perl-LDAP-0.33-3.fc6.noarch.rpm
perl-Unicode-Map-0.112-1.el5.rf.i386.rpm
perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm
perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm
perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm
phpldapadmin-1.1.0.7.tar.gz
smbldap-tools-0.9.5-1.noarch.rpm

[root@server smbldap]# rpm -ivh perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm
warning: perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm: Header V3 DSA signature:
NOKEY key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Crypt-SmbHash ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Digest-SHA1-2.11-1.2.1.i386.rpm
Preparing... ########################################### [100%]
1:perl-Digest-SHA1 ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Jcode-2.06-1.el5.rf.i386.rpm
warning: perl-Jcode-2.06-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY key
ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Jcode ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-Map-0.112-1.el5.rf.i386.rpm
warning: perl-Unicode-Map-0.112-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKE
Y key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-Map ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm
warning: perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm: Header V3 DSA signature:
NOKEY key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-String ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm
warning: perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKE
Y key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-Map8 ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm
warning: perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm: Header V3 DSA signatur
e: NOKEY key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-MapUTF8 ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh smbldap-tools-0.9.5-1.noarch.rpm
warning: smbldap-tools-0.9.5-1.noarch.rpm: Header V3 DSA signature: NOKEY key I
D 75fe0a51
Preparing... ########################################### [100%]
1:smbldap-tools ########################################### [100%]
[root@server smbldap]#

Edit slap.conf

[root@server ~]#slappasswd

[root@server ~]# vi /etc/openldap/slapd.conf

Add this line at the end of schema category.

include /etc/openldap/schema/samba.schema

database bdb
suffix "dc=abc dc=com"
rootdn "cn=root dc=abc dc=com"
rootpw {SSHA}ernicO/fWeCi5g2GFqaB/JGqZXj7Hmj3

Get the SID and copy it.

[root@server ~]# net getlocalsid
SID for domain SERVER is: S-1-5-21-1082253588-3757474382-3995049807
[root@server ~]#

Edit smbldap.conf

[root@server ~]# vi /etc/smbldap-tools/smbldap.conf

SID="S-1-5-21-1082253588-3757474382-3995049807″

sambaDomain="ABC"

#slaveLDAP="ldap.iallanis.info" #### Comment this line
#slavePort="389″ #### Comment this line too.

masterLDAP="server.abc.com"
masterPort="389″

ldapTLS="0″ # Switch this line from 1 to 0

suffix="dc=abc dc=com"

userSmbHome="\SERVER\%U"

userProfile="\SERVERprofiles\%U"

mailDomain="abc.com"

Edit smbldap_bind.conf and this file has to be looked like this.

[root@server ~]# vi /etc/smbldap-tools/smbldap_bind.conf

#slaveDN="cn=Manager dc=iallanis dc=info"
#slavePw="secret"
masterDN="cn=root dc=abc dc=com"
masterPw="root123″ #### That s the same of rootpw entry into slap.conf

[root@server ~]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@server ~]# chown ldap.ldap /var/lib/ldap/

[root@server ~]# cp /usr/share/doc/samba-3.0.33/LDAP/samba.schema /etc/openldap/
schema/

[root@server ~]# chmod 600 /etc/smbldap-tools/smbldap_bind.conf

[root@server ~]# service ldap start
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
[root@server ~]#

[root@server ~]# chkconfig ldap on

[root@server openldap]# vi base.ldif

dn: dc=abc dc=com
objectclass: dcObject
objectclass: organization
dc: abc
o: PDC

dn: cn=root dc=abc dc=com
objectclass: organizationalRole
cn: root

Apply this configuration so-creating these rules above through this following commnand.

[root@server openldap]# ldapadd -x -W -D ‘cn=root dc=abc dc=com -f base.ldif
Enter LDAP Password:
adding new entry "dc=abc dc=com"

adding new entry "cn=root dc=abc dc=com"

[root@server openldap]#

The next step is very interesting. You either copy a smb.conf template and modify and you want or create a new from scratch.

[root@server ~]# cp /usr/share/doc/smbldap-tools-0.9.5/smb.conf /etc/samba/smb.conf

or

[root@server ~]# cd /etc/samba/
[root@server samba]# mv smb.conf smb.conf.OLD
[root@server samba]# vi smb.conf

[global]
workgroup = ABC
netbios name = SERVER
security=user
domain master = yes
domain logons = yes
ldap suffix = dc=abc dc=com
ldap admin dn = cn=root dc=abc dc=com
passdb backend = ldapsam:ldap://server.abc.com/
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Machines
passwd program = /usr/sbin/smbldap-useradd %u
unix password sync = yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g ‘%g ‘%u

[netlogon]
path=/home/samba/netlogon
read only=yes
browseable=no

[profiles]
path=/home/samba/profiles
read only=no
writeable=yes
guest ok=yes
create mask = 0600
create directory = 0700

[homes]
browseable=no
writeable=yes
guest ok=no

[root@server samba]# smbpasswd -W root123
Setting stored password for "cn=root dc=abc dc=com" in secrets.tdb
New SMB password:
Retype new SMB password:
[root@server samba]#

Creating the directories for profiles and netlogon.

[root@server samba]# mkdir /home/samba/{profiles netlogon} -p

Launch smbldap-populate

[root@server samba]# smbldap-populate
Populating LDAP directory for domain ABC (S-1-5-21-1082253588-3757474382-399
5049807)
(using builtin directory structure)

entry dc=abc dc=com already exist.
adding new entry: ou=Users dc=abc dc=com
adding new entry: ou=Groups dc=abc dc=com
adding new entry: ou=Computers dc=abc dc=com
adding new entry: ou=Idmap dc=abc dc=com
adding new entry: uid=root ou=Users dc=abc dc=com
adding new entry: uid=nobody ou=Users dc=abc dc=com
adding new entry: cn=Domain Admins ou=Groups dc=abc dc=com
adding new entry: cn=Domain Users ou=Groups dc=abc dc=com
adding new entry: cn=Domain Guests ou=Groups dc=abc dc=com
adding new entry: cn=Domain Computers ou=Groups dc=abc dc=com
adding new entry: cn=Administrators ou=Groups dc=abc dc=com
adding new entry: cn=Account Operators ou=Groups dc=abc dc=com
adding new entry: cn=Print Operators ou=Groups dc=abc dc=com
adding new entry: cn=Backup Operators ou=Groups dc=abc dc=com
adding new entry: cn=Replicators ou=Groups dc=abc dc=com
adding new entry: sambaDomainName=ABC dc=abc dc=com

Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:
[root@server samba]#

[root@server samba]# net groupmap list
Domain Admins (S-1-5-21-1082253588-3757474382-3995049807-512) -> 512
Domain Users (S-1-5-21-1082253588-3757474382-3995049807-513) -> 513
Domain Guests (S-1-5-21-1082253588-3757474382-3995049807-514) -> 514
Domain Computers (S-1-5-21-1082253588-3757474382-3995049807-515) -> 515
Administrators (S-1-5-32-544) -> 544
Account Operators (S-1-5-32-548) -> 548
Print Operators (S-1-5-32-550) -> 550
Backup Operators (S-1-5-32-551) -> 551
Replicators (S-1-5-32-552) -> 552
[root@server samba]#

Start smb service and make sure if it will be startedup on the boot.
[root@server samba]# service smb start

[root@server samba]# chkconfig smb on

Configuring /etc/ldap.conf and /etc/openldap/ldap.conf or you can get it running:

[root@server samba]# authconfig -enableldap -enableldapauth -ldapserver=server.abc.com -ldapbasedn=dc=abc dc=com -update

Add a user into the system

[root@server samba]# smbldap-useradd -a -m test -G "Domain Users"

[root@server samba]# smbldap-passwd test
Changing UNIX and samba passwords for test
New password:
Retype new password:

Now configure your windows into the Domain

 

 

 

 

asianfanfics

thanks your sites!

I hope you continue to have such quality articles to share with everyone! I believe a lot of people will be like to read this article! asianfanfics

togel

master

Rumus Mix Parlay I really Appreciate your kindness for sharing this information. It helps so many people out there who looking for this.
I hope you keep doing this good work, sincerely thank you

bloxorz

online

It's been a long time since I read a good article and such a meaning! I hope you will continue to write articles like these for hobbyists!

bloxorz

usps tracking

thank you

I like your blog, it gives me a lot of knowledge and understanding.

color switch

Online Assignment Help

Online Assignment Help

You have nicely designed website. Like your website our website help students in their assignment related issues. Students often feel issues in writing assignment, so to make students comfortable in assignment we help them to write their assignments. If ever you feel any problem in writing something you can visit Online Assignment Help .

urdu news Important

urdu news

Pakistan News:Pakistan Latest & Breaking News updates on Politics, Current Affairs, Sports, Entertainment, Technology & Business News.

Subway Surfers

Apk hacked

Subway Surfers Apk hacked Free Download Subway for Andorid new version subway World Travel to the mystical.

run 3

I think this is an informative post and it is very useful and knowledgeable.

I think this is an informative post and it is very useful and knowledgeable. I really enjoyed reading this post. 
 

micheal carleone

slatter

Avengers Infinity War drift. Avengers has a wide fan following and Marvel has effectively made their character into saints Like Thanos Online Store and numerous that is the reason individuals get a kick out of the chance to resemble their legends

IktrdrgeWew

Wew Wew

Cialis Without A Doctor's Prescription cialis diario compra does cialis cause gout preis cialis 20mg schweiz cialis for sale in europa cialis pills boards generic cialis 20mg tablets Buy Cialis Without A Doctor Prescription
Database error

ERROR From DB mySQL

DB Error: Database query failed!
» Error No: 1062
» Error detail: Duplicate entry '11700399' for key 'PRIMARY'
» Query: INSERT INTO bd_estore_online_users (id,store_id,sid,uid,username,usertype,ip,last_updated,last_page) VALUES (NULL,'9412','04ggb3vsglcquqmmv4jif6nvc4','0','Guest','0','54.162.15.31','2018-09-21 03:21:34','/a234892/samba-primary-domain-controller-with-ldap-thay-the-active-directory.html')