LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Blogs > unni.kpr@gmail.com
User Name
Password

Notices

  1. Old Comment

    samba Account with LDAP in Centos 6

    Can do

    install the smbldap-tools and all is good

    [root@dir ~]# cd tmp
    [root@dir tmp]# rpm2cpio ~/samba-3.5.4-68.el6.x86_64.rpm | cpio -id
    [root@dir tmp]# cp ./etc/openldap/schema/samba.schema /etc/openldap/schema/
    [root@dir tmp]# vi schema_convert.conf
    # create new
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/collective.schema
    include /etc/openldap/schema/corba.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/duaconf.schema
    include /etc/openldap/schema/dyngroup.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/java.schema
    include /etc/openldap/schema/misc.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/openldap.schema
    include /etc/openldap/schema/ppolicy.schema
    include /etc/openldap/schema/samba.schema
    [root@dir tmp]# mkdir ldif_output
    [root@dir tmp]# slapcat -f schema_convert.conf -F ./ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > ./cn=samba.ldif
    [root@dir tmp]# vi cn=samba.ldif
    # line 1,3: change ( remove "{12}" )
    dn: cn=samba,cn=schema,cn=config
    objectClass: olcSchemaConfig
    cn: samba
    # remove these lines below ( placed at the bottom )
    structuralObjectClass: olcSchemaConfig
    entryUUID: 761ed782-e76d-102f-94de-7784c8a781ec
    creatorsName: cn=config
    createTimestamp: 20110320184149Z
    entryCSN: 20110320184149.954974Z#000000#000#000000
    modifiersName: cn=config
    modifyTimestamp: 20110320184149Z
    [root@dir tmp]# ldapadd -Y EXTERNAL -H ldapi:/// -f cn=samba.ldif
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry "cn=samba,cn=schema,cn=config"
    [root@dir tmp]# vi samba_indexes.ldif
    # create new
    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    add: olcDbIndex
    olcDbIndex: uidNumber eq
    olcDbIndex: gidNumber eq
    olcDbIndex: loginShell eq
    olcDbIndex: uid eq,pres,sub
    olcDbIndex: memberUid eq,pres,sub
    olcDbIndex: uniqueMember eq,pres
    olcDbIndex: sambaSID eq
    olcDbIndex: sambaPrimaryGroupSID eq
    olcDbIndex: sambaGroupType eq
    olcDbIndex: sambaSIDList eq
    olcDbIndex: sambaDomainName eq
    olcDbIndex: default sub
    [root@dir tmp]# ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    modifying entry "olcDatabase={2}hdb,cn=config"
    [root@dir tmp]# cd
    [root@dir ~]# rm -rf tmp
    [root@dir ~]# /etc/rc.d/init.d/slapd restart
    Stopping slapd: [ OK ]
    Starting slapd: [ OK ]
    [2] Change Samba settings. This Samba PDC server need to be a LDAP Client.
    [root@lan ~]# yum --enablerepo=epel -y install smbldap-tools # install from EPEL
    [root@lan ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
    [root@lan ~]# cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf
    [root@lan ~]# vi /etc/samba/smb.conf
    # line 3: change workgroup name to any one
    workgroup = ServerWorld
    # line 12: make it comment
    #min passwd length = 3
    # line 22: change
    ldap passwd sync = yes
    # line 33,34: change
    Dos charset = CP932
    Unix charset = UTF-8
    # line 47: specify LDAP server
    passdb backend = ldapsam:ldap://10.0.0.39/
    # line 48: change LDAP admin DN (LDAP server's one)
    ldap admin dn = cn=admin,dc=server,dc=world
    # line 50: change LDAP suffix (LDAP server's one)
    ldap suffix = dc=server,dc=world
    ldap group suffix = ou=groups
    ldap user suffix = ou=people
    # line 60: uncomment
    delete group script = /usr/sbin/smbldap-groupdel "%g"
    # near line 64: add (specify admin user, no SSL)
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    admin users = domain-admin
    ldap ssl = no
    [root@lan ~]# mkdir /home/netlogon
    [root@lan ~]# /etc/rc.d/init.d/smb restart
    Shutting down SMB services: [ OK ]
    Starting SMB services: [ OK ]
    [root@lan ~]# /etc/rc.d/init.d/nmb restart
    Shutting down NMB services: [ OK ]
    Starting NMB services: [ OK ]
    [root@lan ~]# smbpasswd -W # add LDAP admin's password
    Setting stored password for "cn=admin,dc=server,dc=world" in secrets.tdb
    New SMB password:# LDAP admin password
    Retype new SMB password:

    Run to configure smbldap tools
    [root@lan ~]# perl /usr/share/doc/smbldap-tools-*/configure.pl


    -------------------------------------------------------------------------------------------------------------
    But it seems like a time waste.. instead any one can use the script that i created in

    http://www.linuxquestions.org/questi...entos-6-34327/
    Posted 01-17-2012 at 05:28 AM by unni.kpr@gmail.com unni.kpr@gmail.com is offline
  2. Old Comment

    LDAP SERVER on CENTOS 6

    I have this Working

    yum install openldap-server openldap-client

    slappasswd -- genarate a password

    /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}bdb.ldif (look for *dbd.ldif file to update password )

    add a line at lsat
    olcRootPW: <Password> <-- Keep the format

    change dc=my-domain,dc=com as u r DN like (cange Manager to desier auth name)

    etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}monitor.ldif (look for *monitor.ldif to update ) monitoring valuses chande DN and manager to sesierd..

    cp /usr/share/openldap-servers-2.4.19/ DB_CONFIG.example /var/lib/ldap/DB_CONFIG

    chown -R ldap:ldap /var/lib/ldap/
    Check for message
    # slaptest -u <--command
    config file testing succeeded

    install migration tools and create base.ldif file file and import


    SCRIPT TO MANAGE LDAP AND SAMAB USERS


    #!/bin/sh
    user_loop()
    {
    value_user=`expr $value_user + 1`
    getent passwd | cut -d: -f 3 | grep -x $value_user &> /dev/null
    if [ $? = 0 ]
    then
    user_loop
    echo $value_user > /root/.uid
    else
    pw_ldif
    gp_ldif
    adduser
    addgroup
    smb_add
    perm
    file_rm
    echo $value_user > /root/.uid
    fi
    }
    file_check()
    {
    if [ -f /root/.uid -a -f /root/.admin -a -f /root/.path -a -f /root/.dn ]
    then
    #echo Last UID : `cat /root/.uid`
    echo Ldap Admin Manager Name : `cat /root/.admin`
    echo Ldap DN Valuses "[dc=example,dc=com ]" : `cat /root/.dn`
    echo Ldap User Default Directory : `cat /root/.path`
    mkdir -p `cat /root/.path` &>/dev/null
    else
    echo 999 > /root/.uid
    read -p "Ldap Admin Manager Name :" nam
    echo $nam > /root/.admin
    read -p "Ldap DN Valuses [dc=example,dc=com ] :" dn
    echo $dn > /root/.dn
    read -p "Ldap User Default Directory [Enter Last without /]:" dir
    echo $dir > /root/.path
    fi
    }
    perm()
    {
    mkdir `cat /root/.path`/$u &> /dev/null
    chmod 2770 `cat /root/.path`/$u
    chown root:$u `cat /root/.path`/$u
    cp /home/$HOSTNAME/.* `cat /root/.path`/$u &>/dev/null
    }
    file_rm()
    {
    rm -rf /tmp/1.ldif /tmp/2.ldif
    }
    pw_ldif()
    {
    touch /tmp/1.ldif
    echo dn: uid=$u,ou=People,`cat /root/.dn` >> /tmp/1.ldif
    echo uid: $u >> /tmp/1.ldif
    echo cn: $u >> /tmp/1.ldif
    echo objectClass: account >> /tmp/1.ldif
    echo objectClass: posixAccount >> /tmp/1.ldif
    echo objectClass: top >> /tmp/1.ldif
    echo objectClass: shadowAccount >> /tmp/1.ldif
    echo userPassword: $p >> /tmp/1.ldif
    echo shadowLastChange: 15335 >> /tmp/1.ldif
    echo shadowMin: 0 >> /tmp/1.ldif
    echo shadowMax: 99999 >> /tmp/1.ldif
    echo shadowWarning: 7 >> /tmp/1.ldif
    echo loginShell: /bin/bash >> /tmp/1.ldif
    echo uidNumber: $value_user >> /tmp/1.ldif
    echo gidNumber: $value_user >> /tmp/1.ldif
    echo homeDirectory: `cat /root/.path`/$u >> /tmp/1.ldif
    }
    gp_ldif()
    {
    touch /tmp/2.ldif
    echo dn: cn=$u,ou=Group,`cat /root/.dn`>> /tmp/2.ldif
    echo objectClass: posixGroup >> /tmp/2.ldif
    echo objectClass: top >> /tmp/2.ldif
    echo cn: $u >> /tmp/2.ldif
    echo userPassword: {crypt}x >> /tmp/2.ldif
    echo gidNumber: $value_user >> /tmp/2.ldif
    }
    checkuid_f()
    {
    id $u &>/dev/null
    if [ $? = 0 ]
    then
    echo User Name $u Exist
    exit 0
    fi
    }
    checkuid_f_del()
    {
    id $u &>/dev/null
    if [ $? = 1 ]
    then
    echo User $u not Found in DataBase
    exit 0
    fi
    }
    adduser()
    {
    ldapadd -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l -f /tmp/1.ldif &>/dev/null
    }
    addgroup()
    {
    ldapadd -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l -f /tmp/2.ldif &>/dev/null
    }
    smb_add()
    {
    (echo $p;echo $p) | smbpasswd -a -s -U $u &>/dev/null
    smbpasswd -e $u &>/dev/null
    service smb restart &>/dev/null
    }
    input()
    {
    echo "Welcome to Ldap Admin"
    echo -e "---------------------\n"
    stty -echo
    read -p "Enter a valid Password for User [$u] :" p
    echo
    read -p "Ldap Password :" l
    stty echo
    echo
    ldapsearch -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l &> /dev/null
    if [ $? == 0 ]
    then
    checkuid_f
    main_pro
    else
    echo "Wrong Ldap Password"
    exit 0
    fi
    #echo -e "\n$u\n$p\n$l"
    }
    input_del()
    {
    echo "Welcome to Ldap Admin"
    echo -e "---------------------\n"
    stty -echo
    read -p "Enter a valid Password for User [$u] :" p
    echo
    read -p "Ldap Password :" l
    stty echo
    echo
    ldapsearch -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l &> /dev/null
    if [ $? == 0 ]
    then
    checkuid_f_del
    main_pro
    else
    echo "Wrong Ldap Password"
    exit 0
    fi
    #echo -e "\n$u\n$p\n$l"
    }

    # Delete Section
    #================================
    userdel()
    {
    read -p "Enable Recursion [yes/no]: " rec
    if [ $rec == yes -o $rec == y -o $rec == ye ]
    then
    smbpasswd -x $u
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "uid=$u,ou=People,`cat /root/.dn`" -w $l
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "cn=$u,ou=Group,`cat /root/.dn`" -w $l
    rm -rf `cat /root/.path`/$u
    else
    smbpasswd -x $u
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "uid=$u,ou=People,cn=`cat /root/.dn`" -w $l
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "cn=$u,ou=Group,cn=`cat /root/.dn`" -w $l
    fi
    }
    userdel_modify()
    {
    value_user=`id -u $u`
    smbpasswd -x $u &>/dev/null
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "uid=$u,ou=People,`cat /root/.dn`" -w $l
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "cn=$u,ou=Group,`cat /root/.dn`" -w $l
    }
    # MOdify User Section
    #====================================
    ## Main Section
    main_pro()
    {
    getent passwd | grep 1000 &> /dev/null
    if [ $? = 1 ]
    then
    useradd -u 1000 $HOSTNAME
    user_loop
    else
    value_user=1000
    echo $value_user > /root/.uid
    user_loop
    fi
    }
    main_section()
    {
    PS3="Select an option to Manage LDAP users : "
    select value in USERADD USERDEL PASSWORD; do
    case $value in
    USERADD)
    file_check
    input
    break;;
    USERDEL)
    file_check
    input_del
    userdel
    break;;
    PASSWORD)
    file_check
    input_del
    userdel_modify
    pw_ldif
    gp_ldif
    adduser
    addgroup
    smb_add
    perm
    file_rm
    break;;
    *)echo Invalid Choice; break;;
    esac
    done
    }
    if [ $# == 0 ]
    then
    echo Key in Required
    pgrep slapd &>/dev/null && pgrem smb &>/dev/null
    if [ $? = 1 ]
    then
    echo Samba or Ldap Server Not Running
    exit 0
    fi
    else
    u=$1
    pgrep slapd &>/dev/null && pgrep smb &>/dev/null
    if [ $? == 0 ]
    then
    getent passwd | grep 1000 >/dev/null
    if [ $? == 1 ]
    then
    useradd -u 1000 $HOSTNAME &>/dev/null
    echo Initial user was configured Please Re run
    else
    main_section
    fi
    else
    echo Samba or Ldap Server Not Running
    fi
    fi
    Posted 01-17-2012 at 05:17 AM by unni.kpr@gmail.com unni.kpr@gmail.com is offline

  



All times are GMT -5. The time now is 01:12 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration