Samba Primary Domain Controller with LDAP ( Thay the Active Directory )

Normal 0 false false false EN-US X-NONE X-NONE

Samba PDC with LDAP

Edit  /etc/hosts

[root@server ~]# vi /etc/hosts

192.168.1.1 server server.abc.com

Install those following packages below.

[root@server ~]# yum install samba samba-client openldap openldap-clients open-ldap-servers nss_ldap perl-LDAP

perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm
perl-Digest-SHA1-2.11-1.2.1.i386.rpm
perl-Jcode-2.06-1.el5.rf.i386.rpm
perl-LDAP-0.33-3.fc6.noarch.rpm
perl-Unicode-Map-0.112-1.el5.rf.i386.rpm
perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm
perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm
perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm
phpldapadmin-1.1.0.7.tar.gz
smbldap-tools-0.9.5-1.noarch.rpm

[root@server smbldap]# rpm -ivh perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm
warning: perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm: Header V3 DSA signature:
NOKEY key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Crypt-SmbHash ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Digest-SHA1-2.11-1.2.1.i386.rpm
Preparing... ########################################### [100%]
1:perl-Digest-SHA1 ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Jcode-2.06-1.el5.rf.i386.rpm
warning: perl-Jcode-2.06-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY key
ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Jcode ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-Map-0.112-1.el5.rf.i386.rpm
warning: perl-Unicode-Map-0.112-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKE
Y key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-Map ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm
warning: perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm: Header V3 DSA signature:
NOKEY key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-String ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm
warning: perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKE
Y key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-Map8 ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm
warning: perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm: Header V3 DSA signatur
e: NOKEY key ID 6b8d79e6
Preparing... ########################################### [100%]
1:perl-Unicode-MapUTF8 ########################################### [100%]
[root@server smbldap]#

[root@server smbldap]# rpm -ivh smbldap-tools-0.9.5-1.noarch.rpm
warning: smbldap-tools-0.9.5-1.noarch.rpm: Header V3 DSA signature: NOKEY key I
D 75fe0a51
Preparing... ########################################### [100%]
1:smbldap-tools ########################################### [100%]
[root@server smbldap]#

Edit slap.conf

[root@server ~]#slappasswd

[root@server ~]# vi /etc/openldap/slapd.conf

Add this line at the end of schema category.

include /etc/openldap/schema/samba.schema

database bdb
suffix "dc=abc dc=com"
rootdn "cn=root dc=abc dc=com"
rootpw {SSHA}ernicO/fWeCi5g2GFqaB/JGqZXj7Hmj3

Get the SID and copy it.

[root@server ~]# net getlocalsid
SID for domain SERVER is: S-1-5-21-1082253588-3757474382-3995049807
[root@server ~]#

Edit smbldap.conf

[root@server ~]# vi /etc/smbldap-tools/smbldap.conf

SID="S-1-5-21-1082253588-3757474382-3995049807″

sambaDomain="ABC"

#slaveLDAP="ldap.iallanis.info" #### Comment this line
#slavePort="389″ #### Comment this line too.

masterLDAP="server.abc.com"
masterPort="389″

ldapTLS="0″ # Switch this line from 1 to 0

suffix="dc=abc dc=com"

userSmbHome="\SERVER\%U"

userProfile="\SERVERprofiles\%U"

mailDomain="abc.com"

Edit smbldap_bind.conf and this file has to be looked like this.

[root@server ~]# vi /etc/smbldap-tools/smbldap_bind.conf

#slaveDN="cn=Manager dc=iallanis dc=info"
#slavePw="secret"
masterDN="cn=root dc=abc dc=com"
masterPw="root123″ #### That s the same of rootpw entry into slap.conf

[root@server ~]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@server ~]# chown ldap.ldap /var/lib/ldap/

[root@server ~]# cp /usr/share/doc/samba-3.0.33/LDAP/samba.schema /etc/openldap/
schema/

[root@server ~]# chmod 600 /etc/smbldap-tools/smbldap_bind.conf

[root@server ~]# service ldap start
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
[root@server ~]#

[root@server ~]# chkconfig ldap on

[root@server openldap]# vi base.ldif

dn: dc=abc dc=com
objectclass: dcObject
objectclass: organization
dc: abc
o: PDC

dn: cn=root dc=abc dc=com
objectclass: organizationalRole
cn: root

Apply this configuration so-creating these rules above through this following commnand.

[root@server openldap]# ldapadd -x -W -D ‘cn=root dc=abc dc=com -f base.ldif
Enter LDAP Password:
adding new entry "dc=abc dc=com"

adding new entry "cn=root dc=abc dc=com"

[root@server openldap]#

The next step is very interesting. You either copy a smb.conf template and modify and you want or create a new from scratch.

[root@server ~]# cp /usr/share/doc/smbldap-tools-0.9.5/smb.conf /etc/samba/smb.conf

or

[root@server ~]# cd /etc/samba/
[root@server samba]# mv smb.conf smb.conf.OLD
[root@server samba]# vi smb.conf

[global]
workgroup = ABC
netbios name = SERVER
security=user
domain master = yes
domain logons = yes
ldap suffix = dc=abc dc=com
ldap admin dn = cn=root dc=abc dc=com
passdb backend = ldapsam:ldap://server.abc.com/
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Machines
passwd program = /usr/sbin/smbldap-useradd %u
unix password sync = yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g ‘%g ‘%u

[netlogon]
path=/home/samba/netlogon
read only=yes
browseable=no

[profiles]
path=/home/samba/profiles
read only=no
writeable=yes
guest ok=yes
create mask = 0600
create directory = 0700

[homes]
browseable=no
writeable=yes
guest ok=no

[root@server samba]# smbpasswd -W root123
Setting stored password for "cn=root dc=abc dc=com" in secrets.tdb
New SMB password:
Retype new SMB password:
[root@server samba]#

Creating the directories for profiles and netlogon.

[root@server samba]# mkdir /home/samba/{profiles netlogon} -p

Launch smbldap-populate

[root@server samba]# smbldap-populate
Populating LDAP directory for domain ABC (S-1-5-21-1082253588-3757474382-399
5049807)
(using builtin directory structure)

entry dc=abc dc=com already exist.
adding new entry: ou=Users dc=abc dc=com
adding new entry: ou=Groups dc=abc dc=com
adding new entry: ou=Computers dc=abc dc=com
adding new entry: ou=Idmap dc=abc dc=com
adding new entry: uid=root ou=Users dc=abc dc=com
adding new entry: uid=nobody ou=Users dc=abc dc=com
adding new entry: cn=Domain Admins ou=Groups dc=abc dc=com
adding new entry: cn=Domain Users ou=Groups dc=abc dc=com
adding new entry: cn=Domain Guests ou=Groups dc=abc dc=com
adding new entry: cn=Domain Computers ou=Groups dc=abc dc=com
adding new entry: cn=Administrators ou=Groups dc=abc dc=com
adding new entry: cn=Account Operators ou=Groups dc=abc dc=com
adding new entry: cn=Print Operators ou=Groups dc=abc dc=com
adding new entry: cn=Backup Operators ou=Groups dc=abc dc=com
adding new entry: cn=Replicators ou=Groups dc=abc dc=com
adding new entry: sambaDomainName=ABC dc=abc dc=com

Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:
[root@server samba]#

[root@server samba]# net groupmap list
Domain Admins (S-1-5-21-1082253588-3757474382-3995049807-512) -> 512
Domain Users (S-1-5-21-1082253588-3757474382-3995049807-513) -> 513
Domain Guests (S-1-5-21-1082253588-3757474382-3995049807-514) -> 514
Domain Computers (S-1-5-21-1082253588-3757474382-3995049807-515) -> 515
Administrators (S-1-5-32-544) -> 544
Account Operators (S-1-5-32-548) -> 548
Print Operators (S-1-5-32-550) -> 550
Backup Operators (S-1-5-32-551) -> 551
Replicators (S-1-5-32-552) -> 552
[root@server samba]#

Start smb service and make sure if it will be startedup on the boot.
[root@server samba]# service smb start

[root@server samba]# chkconfig smb on

Configuring /etc/ldap.conf and /etc/openldap/ldap.conf or you can get it running:

[root@server samba]# authconfig -enableldap -enableldapauth -ldapserver=server.abc.com -ldapbasedn=dc=abc dc=com -update

Add a user into the system

[root@server samba]# smbldap-useradd -a -m test -G "Domain Users"

[root@server samba]# smbldap-passwd test
Changing UNIX and samba passwords for test
New password:
Retype new password:

Now configure your windows into the Domain

 

 

 

 

essay writer online

essay writer online

Those students who are searching for best essay help services providers in USA that provides college essay writing help for any subject. Students can hire best essay writers from us and our experts are available 24*7; you can contact us at any time as you want.

Brad Johnson

Best phone junk cleaner app

Love that information! Keep providing such information because many users are waiting for read some more interesting information to enhance their knowledge whereby I going to share about junk cleaner application for android mobile to clean you mobile completely.

Assignment Writing Help

Assignment Helper

Those students who are searching for assignment help services in USA can contact with our experts. We are best services providers over the country. Our experts are available round the clock, students can contact them at any time.

Microeconomics assignment

Microeconomics assignment

Students Assignment Help provide the expert and qualified assignment writers for microeconomics assignment Services. They are fluent in any academic writing and offers its best writing contribute to the students. We can deliver the assignments before the deadline. 

 

andrew symond

online assignment writer.

We provide online assignment help services by our top online assignment writer. Our writer graduate from top universty in singapore. 

petterson

nice

I really like the dear information you offer in your articles. I’m able to bookmark your site and show the kids check out up here generally. I am fairly positive there likely to be informed a great deal of new stuff here than anyone.

Buy Dissertation Online

Sheriff Robert Taylor

Coat Samishleather

the nest step may be very exciting. You both replica a smb.conf template and regulate and you need or create a brand new from scratch. Sheriff Robert Taylor Coat Samishleather

mike

slatter

This Samba Primary Domain Controller is extremely intriguing and astonishing to know it's exceptionally hard to comprehend what message was in it. Spectre 007 Daniel Craig Jacket

Assignment help

Assignment Help || AllAssignmnetHelp

Allassignmenthelp have well educated experts for writing assignment.Our assignment experts works hard to live up to the expectations and provide total peace of mind.We provide best assignment help.If you want any help related to assignment than contact our experts.

stephaniejackson

Domain member server

pay to have a research paper done domain member, although similar to a separate server, is connected to a domain controller (either Windows or Samba) and is subject to domain security rules. An example of a domain member server could be a departmental server running Samba that has a machine account in the Primary Domain Controller (PDC). All the clients in the department are still authenticated with the PDC and include the desktop profiles and all the policy files. The difference is that the departmental server has the ability to control printers and shared network resources.