Samba Primary Domain Controller with LDAP ( Thay the Active Directory )

Normal 0 false false false EN-US X-NONE X-NONE

Samba PDC with LDAP

Edit  /etc/hosts

[root@server ~]# vi /etc/hosts

192.168.1.1 server server.abc.com

Install those following packages below.

[root@server ~]# yum install samba samba-client openldap openldap-clients open-ldap-servers nss_ldap perl-LDAP

perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm
perl-Digest-SHA1-2.11-1.2.1.i386.rpm
perl-Jcode-2.06-1.el5.rf.i386.rpm
perl-LDAP-0.33-3.fc6.noarch.rpm
perl-Unicode-Map-0.112-1.el5.rf.i386.rpm
perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm
perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm
perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm
phpldapadmin-1.1.0.7.tar.gz
smbldap-tools-0.9.5-1.noarch.rpm

[root@server smbldap]# rpm -ivh perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm
warning: perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm: Header V3 DSA signature:
NOKEY key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Crypt-SmbHash ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Digest-SHA1-2.11-1.2.1.i386.rpm
Preparing... ########################################### [100%]
1:perl-Digest-SHA1 ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Jcode-2.06-1.el5.rf.i386.rpm
warning: perl-Jcode-2.06-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY key
ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Jcode ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-Map-0.112-1.el5.rf.i386.rpm
warning: perl-Unicode-Map-0.112-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKE
Y key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-Map ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm
warning: perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm: Header V3 DSA signature:
NOKEY key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-String ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm
warning: perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKE
Y key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-Map8 ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm
warning: perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm: Header V3 DSA signatur
e: NOKEY key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-MapUTF8 ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh smbldap-tools-0.9.5-1.noarch.rpm
warning: smbldap-tools-0.9.5-1.noarch.rpm: Header V3 DSA signature: NOKEY key I
D 75fe0a51
Preparing... ########################################### [100%]
1:smbldap-tools ########################################### [100%]
[root@server smbldap]#

Edit slap.conf

[root@server ~]#slappasswd

[root@server ~]# vi /etc/openldap/slapd.conf

Add this line at the end of schema category.

include /etc/openldap/schema/samba.schema

database bdb
suffix "dc=abc dc=com"
rootdn "cn=root dc=abc dc=com"
rootpw {SSHA}ernicO/fWeCi5g2GFqaB/JGqZXj7Hmj3

Get the SID and copy it.

[root@server ~]# net getlocalsid
SID for domain SERVER is: S-1-5-21-1082253588-3757474382-3995049807
[root@server ~]#

Edit smbldap.conf

[root@server ~]# vi /etc/smbldap-tools/smbldap.conf

SID="S-1-5-21-1082253588-3757474382-3995049807″

sambaDomain="ABC"

#slaveLDAP="ldap.iallanis.info" #### Comment this line
#slavePort="389″ #### Comment this line too.

masterLDAP="server.abc.com"
masterPort="389″

ldapTLS="0″ # Switch this line from 1 to 0

suffix="dc=abc dc=com"

userSmbHome="\SERVER\%U"

userProfile="\SERVERprofiles\%U"

mailDomain="abc.com"

Edit smbldap_bind.conf and this file has to be looked like this.

[root@server ~]# vi /etc/smbldap-tools/smbldap_bind.conf

#slaveDN="cn=Manager dc=iallanis dc=info"
#slavePw="secret"
masterDN="cn=root dc=abc dc=com"
masterPw="root123″ #### That s the same of rootpw entry into slap.conf

[root@server ~]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@server ~]# chown ldap.ldap /var/lib/ldap/

[root@server ~]# cp /usr/share/doc/samba-3.0.33/LDAP/samba.schema /etc/openldap/
schema/

[root@server ~]# chmod 600 /etc/smbldap-tools/smbldap_bind.conf

[root@server ~]# service ldap start
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
[root@server ~]#

[root@server ~]# chkconfig ldap on

[root@server openldap]# vi base.ldif

dn: dc=abc dc=com
objectclass: dcObject
objectclass: organization
dc: abc
o: PDC

dn: cn=root dc=abc dc=com
objectclass: organizationalRole
cn: root

Apply this configuration so-creating these rules above through this following commnand.

[root@server openldap]# ldapadd -x -W -D ‘cn=root dc=abc dc=com -f base.ldif
Enter LDAP Password:
adding new entry "dc=abc dc=com"

adding new entry "cn=root dc=abc dc=com"

[root@server openldap]#

The next step is very interesting. You either copy a smb.conf template and modify and you want or create a new from scratch.

[root@server ~]# cp /usr/share/doc/smbldap-tools-0.9.5/smb.conf /etc/samba/smb.conf

or

[root@server ~]# cd /etc/samba/
[root@server samba]# mv smb.conf smb.conf.OLD
[root@server samba]# vi smb.conf

[global]
workgroup = ABC
netbios name = SERVER
security=user
domain master = yes
domain logons = yes
ldap suffix = dc=abc dc=com
ldap admin dn = cn=root dc=abc dc=com
passdb backend = ldapsam:ldap://server.abc.com/
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Machines
passwd program = /usr/sbin/smbldap-useradd %u
unix password sync = yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g ‘%g ‘%u

[netlogon]
path=/home/samba/netlogon
read only=yes
browseable=no

[profiles]
path=/home/samba/profiles
read only=no
writeable=yes
guest ok=yes
create mask = 0600
create directory = 0700

[homes]
browseable=no
writeable=yes
guest ok=no

[root@server samba]# smbpasswd -W root123
Setting stored password for "cn=root dc=abc dc=com" in secrets.tdb
New SMB password:
Retype new SMB password:
[root@server samba]#

Creating the directories for profiles and netlogon.

[root@server samba]# mkdir /home/samba/{profiles netlogon} -p

Launch smbldap-populate

[root@server samba]# smbldap-populate
Populating LDAP directory for domain ABC (S-1-5-21-1082253588-3757474382-399
5049807)
(using builtin directory structure)

entry dc=abc dc=com already exist.
adding new entry: ou=Users dc=abc dc=com
adding new entry: ou=Groups dc=abc dc=com
adding new entry: ou=Computers dc=abc dc=com
adding new entry: ou=Idmap dc=abc dc=com
adding new entry: uid=root ou=Users dc=abc dc=com
adding new entry: uid=nobody ou=Users dc=abc dc=com
adding new entry: cn=Domain Admins ou=Groups dc=abc dc=com
adding new entry: cn=Domain Users ou=Groups dc=abc dc=com
adding new entry: cn=Domain Guests ou=Groups dc=abc dc=com
adding new entry: cn=Domain Computers ou=Groups dc=abc dc=com
adding new entry: cn=Administrators ou=Groups dc=abc dc=com
adding new entry: cn=Account Operators ou=Groups dc=abc dc=com
adding new entry: cn=Print Operators ou=Groups dc=abc dc=com
adding new entry: cn=Backup Operators ou=Groups dc=abc dc=com
adding new entry: cn=Replicators ou=Groups dc=abc dc=com
adding new entry: sambaDomainName=ABC dc=abc dc=com

Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:
[root@server samba]#

[root@server samba]# net groupmap list
Domain Admins (S-1-5-21-1082253588-3757474382-3995049807-512) -> 512
Domain Users (S-1-5-21-1082253588-3757474382-3995049807-513) -> 513
Domain Guests (S-1-5-21-1082253588-3757474382-3995049807-514) -> 514
Domain Computers (S-1-5-21-1082253588-3757474382-3995049807-515) -> 515
Administrators (S-1-5-32-544) -> 544
Account Operators (S-1-5-32-548) -> 548
Print Operators (S-1-5-32-550) -> 550
Backup Operators (S-1-5-32-551) -> 551
Replicators (S-1-5-32-552) -> 552
[root@server samba]#

Start smb service and make sure if it will be startedup on the boot.
[root@server samba]# service smb start

[root@server samba]# chkconfig smb on

Configuring /etc/ldap.conf and /etc/openldap/ldap.conf or you can get it running:

[root@server samba]# authconfig -enableldap -enableldapauth -ldapserver=server.abc.com -ldapbasedn=dc=abc dc=com -update

Add a user into the system

[root@server samba]# smbldap-useradd -a -m test -G "Domain Users"

[root@server samba]# smbldap-passwd test
Changing UNIX and samba passwords for test
New password:
Retype new password:

Now configure your windows into the Domain

 

 

 

 

stephaniejackson

Domain member server

pay to have a research paper done domain member, although similar to a separate server, is connected to a domain controller (either Windows or Samba) and is subject to domain security rules. An example of a domain member server could be a departmental server running Samba that has a machine account in the Primary Domain Controller (PDC). All the clients in the department are still authenticated with the PDC and include the desktop profiles and all the policy files. The difference is that the departmental server has the ability to control printers and shared network resources.

stephaniejackson

Secure read / write file and print server

A sample  write my essay uk configuration needed to implement a secure read / write print server. Setting the security to user directive forces Samba to authenticate client connections. Notice that the share [homes] does not have a force user or force group directive as if the resource has it

mariaalbert

Independent server

An independent write my essay for me server can be a workgroup server or a workgroup environment member. An independent server is not a domain controller and does not participate in a domain in any way. The following examples include several security configurations at the level of anonymous shared resources and a security configuration at the user level. For more information about security modes at the share and user level

clara albert

Types of Samba servers and the file

The Write my assignment configuration of Samba is very direct. All modifications to Samba are made in the configuration file /etc/samba/smb.conf. Although the default smb.conf file is well documented, it does not mention complex topics such as LDAP, Active Directory, and numerous implementations of domain controllers. The following sections describe the different ways in which a Samba server can be configured. Consider your needs and the required changes to the smb.conf file for a successful configuration.

judee

elliot

About month back one Write My Essay For Me in my college advised me to utilize Linux rather than Windows. To be reasonable subsequent to attempting this working framework I would prefer not to backpedal to Windows. Linux is considerably more agreeable for me and to a great degree quicker, less demanding in overseeing. I trust I won't have any issues with my root account, however in the event that I will I most likely utilize this article.

thesis help

I don t understand what is the sense of all this.

essay writer

essay writer

It is very dificult to understand this symbols.

bibi

anh cho em hỏi làm sao thay đổi SambaPrimaryDomainSID???

Nguyên nhân do nâng cấp sever từ RH 4 lên RH 5 khi cấu hình smb ldap quyên thay đổi sid nên giờ tao user thì Samba PrimaryDomainSID và domainSID khác nhau nên không logon được...

Lê Cường Quốc

Bạn dùng lệnh này để tạo account có quyền Domain Admins nè
smbldap-useradd -a -G "Domain Admins" engineering quocle

vodanh

Ah A.nguyen oi sao mih log vo domain bang user root thi khong co quyen gi ca no chi quuyen user ma thui