samba Account with LDAP in Centos 6
Posted 01-09-2012 at 08:07 AM by unni.kpr@gmail.com
Please Help I am using Centos 6. I wanted to configure samba to use ldap account as i am using LDAP for SVN .
Regards
Unnikrishnan P R
unni.kpr@gmail.com
Thanks in Advance
Regards
Unnikrishnan P R
unni.kpr@gmail.com
Thanks in Advance
Total Comments 1
Comments
-
Can do
install the smbldap-tools and all is good
[root@dir ~]# cd tmp
[root@dir tmp]# rpm2cpio ~/samba-3.5.4-68.el6.x86_64.rpm | cpio -id
[root@dir tmp]# cp ./etc/openldap/schema/samba.schema /etc/openldap/schema/
[root@dir tmp]# vi schema_convert.conf
# create new
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/samba.schema
[root@dir tmp]# mkdir ldif_output
[root@dir tmp]# slapcat -f schema_convert.conf -F ./ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > ./cn=samba.ldif
[root@dir tmp]# vi cn=samba.ldif
# line 1,3: change ( remove "{12}" )
dn: cn=samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: samba
# remove these lines below ( placed at the bottom )
structuralObjectClass: olcSchemaConfig
entryUUID: 761ed782-e76d-102f-94de-7784c8a781ec
creatorsName: cn=config
createTimestamp: 20110320184149Z
entryCSN: 20110320184149.954974Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20110320184149Z
[root@dir tmp]# ldapadd -Y EXTERNAL -H ldapi:/// -f cn=samba.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=samba,cn=schema,cn=config"
[root@dir tmp]# vi samba_indexes.ldif
# create new
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub
[root@dir tmp]# ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
[root@dir tmp]# cd
[root@dir ~]# rm -rf tmp
[root@dir ~]# /etc/rc.d/init.d/slapd restart
Stopping slapd: [ OK ]
Starting slapd: [ OK ]
[2] Change Samba settings. This Samba PDC server need to be a LDAP Client.
[root@lan ~]# yum --enablerepo=epel -y install smbldap-tools # install from EPEL
[root@lan ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@lan ~]# cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf
[root@lan ~]# vi /etc/samba/smb.conf
# line 3: change workgroup name to any one
workgroup = ServerWorld
# line 12: make it comment
#min passwd length = 3
# line 22: change
ldap passwd sync = yes
# line 33,34: change
Dos charset = CP932
Unix charset = UTF-8
# line 47: specify LDAP server
passdb backend = ldapsam:ldap://10.0.0.39/
# line 48: change LDAP admin DN (LDAP server's one)
ldap admin dn = cn=admin,dc=server,dc=world
# line 50: change LDAP suffix (LDAP server's one)
ldap suffix = dc=server,dc=world
ldap group suffix = ou=groups
ldap user suffix = ou=people
# line 60: uncomment
delete group script = /usr/sbin/smbldap-groupdel "%g"
# near line 64: add (specify admin user, no SSL)
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
admin users = domain-admin
ldap ssl = no
[root@lan ~]# mkdir /home/netlogon
[root@lan ~]# /etc/rc.d/init.d/smb restart
Shutting down SMB services: [ OK ]
Starting SMB services: [ OK ]
[root@lan ~]# /etc/rc.d/init.d/nmb restart
Shutting down NMB services: [ OK ]
Starting NMB services: [ OK ]
[root@lan ~]# smbpasswd -W # add LDAP admin's password
Setting stored password for "cn=admin,dc=server,dc=world" in secrets.tdb
New SMB password:# LDAP admin password
Retype new SMB password:
Run to configure smbldap tools
[root@lan ~]# perl /usr/share/doc/smbldap-tools-*/configure.pl
-------------------------------------------------------------------------------------------------------------
But it seems like a time waste.. instead any one can use the script that i created in
http://www.linuxquestions.org/questi...entos-6-34327/Posted 01-17-2012 at 05:28 AM by unni.kpr@gmail.com