Debian GNU Linux 6

Debian GNU/Linux 6.0 Squeeze - Samba Server - Samba PDC #1 - Configure Domain Controler : Serv...
file:///C:/Users/usuari1/Documents/curs2011-2012/ldap/note.htm
(4) Configure Virtual Hostings 11 SUSE Linux Enterprise Server (5) Configure SSL Server World Introductions Histories Links Contact us (6) Configure WebDAV (7) Install SpeedyCGI Debian 6.0 SSL Certificates Create (8) Enable suEXEC LVM Management GetEnable proxy_http (9) Debian 6.0 Volumes (1) Physical Install(2) Volume Groups Debian (10) Basic Auth + LDAP Initial (3) analyzer Volumes Settings (11) Log Logical - Visitors (1) - Admin User (12) Log analyzer - AWstats Clamav SetAnti-Virus (2) Mail - SquirrelMail (13) Web Set Command Alias (3) Mail - RoundCube (14) Web Networking (4) Services (5) Update System (6) Configure vim (7) Configure sudo NTP Server SSH Server (1) Password Authentication (2) Keys Authentication (3) SFTP DNS Server (1) Install BIND (2) Set Zones (3) Check working (4) Set CNAME (5) Config as a Slave Server DHCP Server Virtualization KVM (1) Install KVM (2) Create virtual machine #1 (3) Create virtual machine #2 (4) Create virtual machine #3 (5) Operations NFS Server NIS Server (1) Configure NIS Server
4982 / 4079885
1 de 15
31/07/2011 12:40
(2) Configure NIS Client LDAP Server (1) Configure LDAP Server (2) Configure LDAP Client WEB Server Database (1) Install MySQL (2) Operate from Web Browser FTP Server (1) Install Vsftpd (2) Install ProFTPD (3) Install Pure-FTPd (4) FTP Client - FileZilla (5) Vsftpd over TLS/SSL (6) ProFTPD over TLS/SSL (7) Pure-FTPd over TLS/SSL MAIL Server (1) Install/Configure Postfix (2) Install/Configure Dovecot (3) Configure Client (4) Configure SSL (5) Virtual Domains (6) Run with Clamav - ClamSMTP (7) Log Analyzer - pflogsumm (8) Log Analyzer - MailGraph (9) Log Analyzer - AWstats Samba Server (1) Create Fully Accessed Directory (2) Create Limited Directory (3) Install SWAT (4) Samba PDC #1 - Config server (5) Samba PDC #2 - Config client (6) Samba BDC Proxy Server (1) Install Squid (2) Run with Clamav - SquidClamav (3) Run with SquidGuard
2 de 15
31/07/2011 12:40
(4) Configure as a Reverse Proxy Desktop Env (1) Configure Desktop Environment (2) Install VNC Server Others Other OS
Samba PDC#1 - Configure Domain Controler 2011/03/12 Build Primary Domain Controller with Samba + OpenLDAP. LDAP Server is required to be running on your LAN and also the server you'd like to build as a PDC need to be a LDAP Client. [1] Chane OpenLDAP server's settings. root@master:~# aptitude -y install samba-doc
root@master:~# cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/ root@master:~#
3 de 15
31/07/2011 12:40
gzip -d /etc/ldap/schema/samba.schema.gz root@master:~# vi schema_convert.conf
# create new include /etc/ldap/schema/core.schema include /etc/ldap/schema/collective.schema include /etc/ldap/schema/corba.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/duaconf.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/samba.schema
root@master:~# mkdir -p ./tmp/ldif_output root@master:~# slapcat -f schema_convert.conf -F ./tmp/ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > ./tmp/cn=samba.ldif root@master:~# vi ./tmp/cn=samba.ldif
# line 1,3: change ( remove "{12}" ) dn: cn=samba,cn=schema,cn=config objectClass: olcSchemaConfig

4 de 15 31/07/2011 12:40
cn: samba # remove these lines below ( placed at the bottom ) structuralObjectClass: olcSchemaConfig entryUUID: bd8a7a82-3cb8-102f-8d5f-070b4e5d16f8 creatorsName: cn=config createTimestamp: 20100815125953Z entryCSN: 20100815125953.198505Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20100815125953Z root@master:~# ldapadd -Y EXTERNAL -H ldapi:/// -f ./tmp/cn=samba.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=samba,cn=schema,cn=config" root@master:~# vi samba_indexes.ldif
# create new dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq
5 de 15 31/07/2011 12:40
olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub
root@master:~# ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={1}hdb,cn=config" root@master:~# /etc/init.d/slapd restart Stopping OpenLDAP: slapd. Starting OpenLDAP: slapd. [2] Change Samba's settings. Samba PDC is also a LDAP Client. root@lan:~# aptitude -y install smbldap-tools
root@lan:~# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak root@lan:~# cp /usr/share/doc/smbldap-tools/examples/smb.conf /etc/samba/smb.conf root@lan:~# vi /etc/samba/smb.conf
# line 3: change workgroup name to any one you like
6 de 15
31/07/2011 12:40
workgroup = ServerWorld
# line 12: make it comment # min passwd length = 3 # line 22: change ldap passwd sync = yes
# line 33,34: change Dos charset = CP932 Unix charset = UTF-8
# line 47: specify ldap server passdb backend = ldapsam: ldap://10.0.0.100/
# line 48: change LDAP admin DN (LDAP server's one) ldap admin dn = cn=admin,dc=server,dc=world
# line 50: change LDAP suffix (LDAP server's one)

7 de 15 31/07/2011 12:40
ldap suffix = dc=server,dc=world ldap group suffix = ou= groups ldap user suffix = ou= people
# line 60: uncomment delete group script = /usr/sbin/smbldap-groupdel "%g" # line 64: add (specify admin user), no SSL set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' admin users = domainadm ldap ssl = no
root@lan:~# mkdir /home/netlogon root@lan:~# /etc/init.d/samba restart Stopping Samba daemons: nmbd smbd. Starting Samba daemons: nmbd smbd. root@lan:~# smbpasswd -W # add LDAP admin's password Setting stored password for "cn=admin,dc=server,dc=world" in secrets.tdb New SMB password:
8 de 15 31/07/2011 12:40
# LDAP admin password Retype new SMB password: root@lan:~# gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz root@lan:~# perl /usr/share/doc/smbldap-tools/configure.pl $# is no longer supported at /usr/share/doc/smbldap-tools/configure.pl line 314. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=smbldap-tools script configuration -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Before starting, check . if your samba controller is up and running. . if the domain SID is defined (you can get it with the 'net getlocalsid') . you can leave the configuration using the Crtl-c key combination . empty value can be set with the "." character -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Looking for configuration files... Samba Configuration File Path [/etc/samba/smb.conf] > # Enter
The default directory in which the smbldap configuration files are stored is shown. If you need to change this, enter the full directory path, then press enter to continue. Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] > # Enter -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Let's start configuring the smbldap-tools scripts ...
9 de 15
31/07/2011 12:40
. workgroup name: name of the domain Samba act as a PDC workgroup name [ServerWorld] > # Enter . netbios name: netbios name of the samba controler netbios name [PDC-SRV] > # Enter . logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:' logon drive [H:] > # Enter . logon home: home directory location (for Win95/98 or NT Workstation). (use %U as username) Ex:'\\PDC-SRV\%U' logon home (press the "." character if you don't want homeDirectory) [\\PDC-SRV\%U] > . # input a period . logon path: directory where roaming profiles are stored. Ex:'\\PDC-SRV\profiles\%U' logon path (press the "." character if you don't want roaming profile) [\\PDC-SRV\profiles\%U] > . # input a period . home directory prefix (use %U as username) [/home/%U] > # Enter . default users' homeDirectory mode [700] > # Enter . default user netlogon script (use %U as username) [logon.bat] > # Enter default password validation time (time in days) [45] > # Enter
10 de 15
31/07/2011 12:40
. ldap suffix [dc=server,dc=world] > # Enter . ldap group suffix [ou=groups] > # Enter . ldap user suffix [ou=people] > # Enter . ldap machine suffix [ou=Computers] > # Enter . Idmap suffix [ou=Idmap] > # Enter . sambaUnixIdPooldn: object where you want to store the next uidNumber and gidNumber available for new users and groups sambaUnixIdPooldn object (relative to ) [sambaDomainName=ServerWorld] > # Enter . ldap master server: IP adress or DNS name of the master (writable) ldap server ldap master server [10.0.0.100] > # Enter . ldap master port [389] > # Enter . ldap master bind dn [cn=admin,dc=server,dc=world] > # Enter . ldap master bind password [] > # LDAP admin password . ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one ldap slave server [10.0.0.100] > # specify LDAP slave's IP (Enter with empy if none)
11 de 15
31/07/2011 12:40
. ldap slave port [389] > # Enter . ldap slave bind dn [cn=admin,dc=server,dc=world] > # Enter . ldap slave bind password [] > # Input if there is, if not input the same one with master . ldap tls support (1/0) [0] > # Enter . SID for domain SERVERWORLD: SID of the domain (can be obtained with 'net getlocalsid PDC-SRV') SID for domain SERVERWORLD [S-1-5-21-2752024775-1437179205-4226352253] > # Enter . unix password encryption: encryption used for unix passwords unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > MD5 # MD5 . default user gidNumber [513] > # Enter . default computer gidNumber [515] > # Enter . default login shell [/bin/bash] > # Enter . default skeleton directory [/etc/skel] > # Enter . default domain name to append to mail adress [] > # Enter
12 de 15
31/07/2011 12:40
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Use of uninitialized value $# in concatenation (.) or string at /usr/share/doc/smbldap-tools/configure.pl line 314, <STDIN> line 33. backup old configuration files: /etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old /etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old writing new configuration file: /etc/smbldap-tools/smbldap.conf done. /etc/smbldap-tools/smbldap_bind.conf done. root@lan:~# smbldap-populate Populating LDAP directory for domain ServerWorld (S-1-5-21-2752024775-1437179205-4226352253) (using builtin directory structure) entry dc=server,dc=world already exist. entry ou=people,dc=server,dc=world already exist. entry ou=groups,dc=server,dc=world already exist. adding new entry: ou=Computers,dc=server,dc=world adding new entry: ou=Idmap,dc=server,dc=world adding new entry: uid=root,ou=people,dc=server,dc=world adding new entry: uid=nobody,ou=people,dc=server,dc=world adding new entry: cn=Domain Admins,ou=groups,dc=server,dc=world adding new entry: cn=Domain Users,ou=groups,dc=server,dc=world adding new entry: cn=Domain Guests,ou=groups,dc=server,dc=world adding new entry: cn=Domain Computers,ou=groups,dc=server,dc=world adding new entry: cn=Administrators,ou=groups,dc=server,dc=world adding new entry: cn=Account Operators,ou=groups,dc=server,dc=world adding new entry: cn=Print Operators,ou=groups,dc=server,dc=world adding new entry: cn=Backup Operators,ou=groups,dc=server,dc=world adding new entry: cn=Replicators,ou=groups,dc=server,dc=world entry sambaDomainName=ServerWorld,dc=server,dc=world already exist. Updating it... Please provide a password for the domain root: Changing UNIX and samba passwords for root New password: # set root password
13 de 15
31/07/2011 12:40
Retype new password: # add admin user that is define in smb.conf root@lan:~# smbldap-groupadd -a domainadm root@lan:~# smbldap-useradd -am -g domainadm domainadm root@lan:~# smbldap-passwd domainadm Changing UNIX and samba passwords for domainadm New password: Retype new password: root@lan:~# su - domainadm # try to switch to added user domainadm@lan:/$ # done Samba Server Fully accessed dir Limited dir Install SWAT Samba PDC#1 Samba PDC#2 Samba BDC
14 de 15
31/07/2011 12:40
Copyright 2007-2011 Server World All Rights Reserved.
15 de 15
31/07/2011 12:40

Debian GNU Linux 6

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Debian GNU Linux 6

Enviado por

Direitos autorais:

Formatos disponíveis

Debian GNU/Linux 6.0 Squeeze - Samba Server - Samba PDC #1 - Configure Domain Controler : Serv...

root@master:~# cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/ root@master:~#

gzip -d /etc/ldap/schema/samba.schema.gz root@master:~# vi schema_convert.conf

# line 1,3: change ( remove "{12}" ) dn: cn=samba,cn=schema,cn=config objectClass: olcSchemaConfig

olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub

root@lan:~# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak root@lan:~# cp /usr/share/doc/smbldap-tools/examples/smb.conf /etc/samba/smb.conf root@lan:~# vi /etc/samba/smb.conf

# line 3: change workgroup name to any one you like

# line 33,34: change Dos charset = CP932 Unix charset = UTF-8

# line 47: specify ldap server passdb backend = ldapsam: ldap://10.0.0.100/

# line 50: change LDAP suffix (LDAP server's one)

Copyright 2007-2011 Server World All Rights Reserved.

Você também pode gostar