Shulou(Shulou.com)06/03 Report--

Ldap+smb

Forget about Ldap installation.

Install smb

Yum install samba*-y

Yum install nscd*-y

Yum install nss-pam-ldapd-y

Yum install epel*-y

Yum install smbldap*-y

Install various matching packages above

Copy A smb package that supports ldap to / etc/openldap/scheme

Cp/usr/share/doc/samba-3.6.23/LDAP/samba.schema / etc/openldap/schema/

Chown ldap:ldap / etc/openldap/schema/-R

Setup

Vim / etc/openldap/slapd.conf

Add a row

Include / etc/openldap/schema/samba.schema

Modify index

Index objectClass,uidNumber,gidNumber eq

Index cn,sn,uid,displayName pres,sub,eq

Index memberUid,mail,givenname eq,subinitial

Index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq

Access toattrs=userPassword,sambaLMPassword,sambaNTPassword

By selfwrite

Byanonymous auth

By * none

Access to *

By * read

Change the ldap.conf file

Vim ldap.conf

#

# LDAP Defaults

#

# See ldap.conf (5) for details

# This file should be world readable but not worldwritable.

BASE dc=cxth,dc=com

# URI ldap://ldap.example.comldap://ldap-master.example.com:666

# SIZELIMIT 12

# TIMELIMIT 15

# DEREF never

# TLS_CACERTDIR / etc/openldap/cacerts

URI ldap://127.0.0.1/

# TLS_CACERTDIR / etc/openldap/cacerts

Nss_base_passwd ou=Users,dc=cxth,dc=com?one

Nss_base_passwd ou=Computers,dc=cxth,dc=com?one

Nss_base_shadow ou=Users,dc=cxth,dc=com?one

Nss_base_group ou=Groups,dc=cxth,dc=com?one

The ldap profile finishes restarting the service and viewing the port

Service slapd restart

Netstat-an | grep 389

Let's start configuring smb

Back up old files

Cp / etc/samba/smb.conf / etc/samba/backup_smb.conf

Copy the smb.conf under smbldap-tools to samba

Cp / usr/share/doc/smbldap-tools-0.9.6/smb.conf/etc/samba/

Cd / etc/samba

Vim smb.conf

[global]

Workgroup = cxth-pdc

Netbios name = PDC

Server string = Samba Server% v

Log file = / var/log/samba/log.%m

Security = user

Encrypt passwords = Yes

Obey pam restrictions = No

Ldap passwd sync = Yes

Log level = 3

Syslog = 0

Max log size = 100000

Time server = Yes

Socket options = TCP_NODELAY SO_RCVBUF=8192SO_SNDBUF=8192

Mangling method = hash3

Dos charset = UTF-8

Unix charset = UTF-8

Logon script =% U.bat

Logon drive = H:

Domain logons = Yes

Os level = 65

Preferred master = Yes

Domain master = Yes

Passdb backend = ldapsam:ldap://127.0.0.1/

Ldap admin dn = cn=Manager,dc=cxth,dc=com

Ldap suffix = dc=cxth,dc=com

Ldap group suffix = ou=Groups

Ldap user suffix = ou=Users

Ldap machine suffix = ou=Computers

Ldap ssl = off

Ldap delete dn = Yes

Add user script = / sbin/smbldap-useradd-m "% u"

Add machine script = / sbin/smbldap-useradd-t 0-w "% u"

Add group script = / sbin/smbldap-groupadd-p "% g"

Add user to group script = / sbin/smbldap-groupmod-m "% u"% g"

Delete user from group script = / sbin/smbldap-groupmod-x "% u"% g"

Set primary group script = / sbin/smbldap-usermod-gathers% g''% u'

# # Homes parameters##

[homes]

Comment = repertoire de% U,% u

Browseable = no

Writeable = yes

Read only = no

Force create mode = 0700

Create mode = 0700

Force directory mode = 0700

Directory mode = 700,

# # Netlogone parameters##

[netlogon]

Path = / home/netlogon/

Browseable = No

Read only = yes

# # Public parameters##

[public]

Comment = Public Directory

Path = / home/public/

Browseable = No

Writable = yes

Guest ok = yes

Create mask = 0777

The above is my own machine configuration. Here are the contents of the online documents.

# # Globalparameters##

[global]

Workgroup = easy-pdc

Netbios name = PDC

Server string = Samba Server% v

Log file = / var/log/samba/log.%m

Security = user

Encrypt passwords = Yes

Obey pam restrictions = No

Ldap passwd sync = Yes

Log level = 3

Syslog = 0

Max log size = 100000

Time server = Yes

Socket options = TCP_NODELAY SO_RCVBUF=8192SO_SNDBUF=8192

Mangling method = hash3

Dos charset = UTF-8

Unix charset = UTF-8

Logon script =% U.bat

Logon drive = H:

Domain logons = Yes

Os level = 65

Preferred master = Yes

Domain master = Yes

Continue the contents of the smb.conf file:

Detailed configuration content:

Passdb backend = ldapsam:ldap://127.0.0.1/

Ldap admin dn = cn=Manager,dc=easy,dc=com

Ldap suffix = dc=easy,dc=com

Ldap group suffix = ou=Groups

Ldap user suffix = ou=Users

Ldap machine suffix = ou=Computers

Ldap ssl = off

Ldap delete dn = Yes

Add user script = / sbin/smbldap-useradd-m "% u"

Add machine script = / sbin/smbldap-useradd-t 0-w "% u"

Add group script = / sbin/smbldap-groupadd-p "% g"

Add user to group script = / sbin/smbldap-groupmod-m "% u"% g"

Delete user from group script = / sbin/smbldap-groupmod-x "% u"% g"

Set primary group script = / sbin/smbldap-usermod-gathers% g''% u'

# # Homes parameters##

[homes]

Comment = repertoire de% U,% u

Browseable = no

Writeable = yes

Read only = no

Force create mode = 0700

Create mode = 0700

Force directory mode = 0700

Directory mode = 700,

# # Netlogone parameters##

[netlogon]

Path = / home/netlogon/

Browseable = No

Read only = yes

# # Public parameters##

[public]

Comment = Public Directory

Path = / home/public/

Browseable = No

Writable = yes

Guest ok = yes

Create mask = 0777

Create 2 directories

# mkdir / home/netlogon

# mkdir / home/public

# service smb start

Start the SMB service: [OK]

Start the NMB service: [OK]

# smbpasswd-w jinbiao (this jinbiao is the root password configured in sldap.conf)

Setting stored password for "cn=Manager,dc=easy,dc=com" in secrets.tdb

Use the testparm command to test whether the Samba server starts properly:

Detailed operation:

# testparm

Load smb config files from / etc/samba/smb.conf

Processing section "[homes]"

Processing section "[netlogon]"

Processing section "[public]"

Loaded services file OK.

Server role: ROLE_DOMAIN_PDC

Press enter to see a dump of your service definitions

The process of configuring and using Sambldap

Cd / usr/share/doc/smbldap-tools-0.9.6/

Chomd 777 / usr/share/doc/smbldap-tools-0.9.6/-R

. / configure.pl

There are two places you need to enter a password when running this command, that is, the root password in the sldap.conf above.

Running all the time is complete

Initialize the smbldap library

Smbldap-populate

Smbldap-populate

Populating LDAPdirectory for domain cxth-pdc (Smur1-5-21-3536009721-1653818412-2151149546)

(using builtindirectory structure)

Entrydc=cxth,dc=com already exist.

Adding new entry: ou=Users,dc=cxth,dc=com

Adding new entry:ou=Groups,dc=cxth,dc=com

Adding new entry:ou=Computers,dc=cxth,dc=com

Adding new entry:ou=Idmap,dc=cxth,dc=com

Adding new entry:uid=root,ou=Users,dc=cxth,dc=com

Adding new entry:uid=nobody,ou=Users,dc=cxth,dc=com

Adding new entry:cn=Domain Admins,ou=Groups,dc=cxth,dc=com

Adding new entry:cn=Domain Users,ou=Groups,dc=cxth,dc=com

Adding new entry:cn=Domain Guests,ou=Groups,dc=cxth,dc=com

Adding new entry:cn=Domain Computers,ou=Groups,dc=cxth,dc=com

Adding new entry:cn=Administrators,ou=Groups,dc=cxth,dc=com

Adding new entry:cn=Account Operators,ou=Groups,dc=cxth,dc=com

Adding new entry:cn=Print Operators,ou=Groups,dc=cxth,dc=com

Adding new entry:cn=Backup Operators,ou=Groups,dc=cxth,dc=com

Adding new entry:cn=Replicators,ou=Groups,dc=cxth,dc=com

Adding new entry:sambaDomainName=cxth-pdc,dc=cxth,dc=com

Please provide apassword for the domain root:

Changing UNIX andsamba passwords for root

New password:

Retype newpassword:

New passwordsdon't match!

You will be reminded to enter a new password and repeat it.

Smbldap-usershowuser1 View users

[root@localhostopenldap] # smbclient-L 192.168.6.59-U user2

ERROR: invalid DOScharset: 'dos charset' must not be UTF8, using (default value) CP850 instead.

Enter user2'spassword:

Session setupfailed: NT_STATUS_LOGON_FAILURE

The reason for the above error is that the password of user1 cannot be the password of the system.

Need to use

Smbpasswd-a user1

Smbldap_search_domain_info:Searching for: [& (objectClass=sambaDomain) (sambaDomainName=CXTH-PDC))]

Smbldap_open_connection:connection opened

Ldap_connect_system:successful connection to the LDAP server

New SMB password:

Retype new SMBpassword:

Smbldap_search_domain_info:Searching for: [& (objectClass=sambaDomain) (sambaDomainName=CXTH-PDC))]

Ldapsam_add_sam_account:User exists without samba attributes: adding them

Init_ldap_from_sam:Setting entry for user: user1

Ldapsam_add_sam_account:added: uid = = user1 in the LDAP database

Init_sam_from_ldap:Entry found for user: user1

Forcing PrimaryGroup to 'Domain Users' for user1

Init_ldap_from_sam:Setting entry for user: user1

Ldapsam_modify_entry:LDAP Password changed for user user1

Ldapsam_update_sam_account:successfully modified uid = user1 in the LDAP database

Added user user1.

Enter a smb login password for user1

Whether the test is successful or not

Smbclient-L192.168.6.59-U user1

ERROR: invalid DOScharset: 'dos charset' must not be UTF8, using (default value) CP850 instead.

Enter user1'spassword:

Domain= [CXTH-PDC] OS= [Unix] Server= [Samba 3.6.23-25.el6_7]

Sharename Type Comment

-

IPC$ IPC IPC Service (Samba Server 3.6.23-25.el6_7)

User1 Disk repertoire de user1, user1

Domain= [CXTH-PDC] OS= [Unix] Server= [Samba 3.6.23-25.el6_7]

Server Comment

--

Workgroup Master

--

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.