Before you proceede for any further, you must sure in your system has been installed bind and the dns server work properly. Read this first Setting Local DNS Server.
First step check samba, openldap, smbldap-tool, etc
# rpm -qa|grep samba
system-config-samba-1.2.21-1
samba-common-3.0.8-0.pre1.3
samba-swat-3.0.8-0.pre1.3
samba-3.0.8-0.pre1.3
samba-client-3.0.8-0.pre1.3
and now we must check if samba has been configured to support ldap (openldap)
# smbd -b | grep -i ldap
HAVE_LDAP_H
HAVE_LDAP
HAVE_LDAP_DOMAIN2HOSTLIST
HAVE_LDAP_INIT
HAVE_LDAP_INITIALIZE
HAVE_LDAP_SET_REBIND_PROC
HAVE_LIBLDAP
LDAP_SET_REBIND_PROC_ARGS
pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_guest rpc_lsa rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_samr idmap_ldap idmap_tdb auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin
and check openldap also
# rpm -qa|grep openldap
openldap-2.2.13-2
openldap-devel-2.2.13-2
openldap-clients-2.2.13-2
openldap-servers-2.2.13-2
check smbldap-tool (you can find it with google, this tool will help you to manage the user and group in ldap database)
# rpm -qa|grep smbldap
smbldap-tools-0.9.1-1.1.fc3.rf
second step, we create pdc with samba server.
#vi /etc/samba/smb.conf
[global]
workgroup = ngoprek
netbios name = ldap
security = user
os level = 80
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
logon script = %U.bat
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok =yes
writable = no
share modes = no
[profiles]
path = /home/profiles
browseable = no
guest ok =yes
========================
create any directories that you defined in smb.conf
#mkdir /home/netlogon
#mkdir /home/profiles
#chmod 1757 /home/profiles
third step, copy schema samba and configure the ldap system
# cp /usr/share/doc/samba-3.0.8/LDAP/samba.schema /etc/openldap/schema/
edit slapd.conf file , add this line :
include /etc/openldap/schema/samba/schema
sambaSID eq index
sambaPrimaryGroupSID eq index
sambaDomainName eq index
default sub
edit the smb.conf, add this following line :
*********************************************
passdb backend = ldapsam:ldap://localhost
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
ldap admin dn = cn=manager,dc=ngoprek,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=ngoprek,dc=com
ldap ssl = no
idmap backend = ldap:ldap://localhost
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind nested group = no
ea support = yes
map acl inherit = yes
************************************************
Get the local SID number for your system, and add this value to your smbldap.conf (/etc/smbldaptools/smbldap.conf)
# net getlocalsid
SID for domain LDAP is: S-1-5-21-1248593040-3758704328-558284137
*************************************************
#vi /etc/smbldap-tools/smbldap.conf
sambaDomain="ngoprek"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify="require"
cafile="/etc/smbldap-tools/ca.pem"
clientcert="/etc/smbldap-tools/smbldap-tools.pem"
clientkey="/etc/smbldap-tools/smbldap-tools.key"
suffix="dc=ngoprek,dc=com"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=ngoprek,${suffix}"
scope="sub"
hash_encrypt="CLEARTEXT"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\LDAP\%U"
userProfile="\\LDAP\profiles\%U"
userHomeDrive="P:"
userScript="%U.bat"
mailDomain="ngoprek.com"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
***********************************************
edit file smbldap_bind.conf
slaveDN="cn=Manager,dc=ngoprek,dc=com"
slavePw="rahasia"
masterDN="cn=Manager,dc=ngoprek,dc=com"
masterPw="rahasia"
***********************************************************************
restart samba service
# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
add the ldap password for your samba service
# smbpasswd -w rahasia
Setting stored password for "cn=manager,dc=ngoprek,dc=com" in rahasias.tdb
start the ldap service
# /etc/init.d/ldap start
Checking configuration files for : config file testing succeeded
Starting slapd: [ OK ]
Ok, now you are ready to manage user and group using smbldap-tools
#smbldap-populate
***************************************************************
/usr/sbin/smbldap-populate
Populating LDAP directory for domain ngoprek
(S-1-5-21-1248593040-3758704328-558284137)
(using builtin directory structure)
adding new entry: dc=ngoprek,dc=com
adding new entry: ou=Users,dc=ngoprek,dc=com
adding new entry: ou=Groups,dc=ngoprek,dc=com
adding new entry: ou=Computers,dc=ngoprek,dc=com
adding new entry: ou=Idmap,dc=ngoprek,dc=com
adding new entry: uid=root,ou=Users,dc=ngoprek,dc=com
adding new entry: uid=nobody,ou=Users,dc=ngoprek,dc=com
adding new entry: cn=Domain Admins,ou=Groups,dc=ngoprek,dc=com
adding new entry: cn=Domain Users,ou=Groups,dc=ngoprek,dc=com
adding new entry: cn=Domain Guests,ou=Groups,dc=ngoprek,dc=com
adding new entry: cn=Domain Computers,ou=Groups,dc=ngoprek,dc=com
adding new entry: cn=Administrators,ou=Groups,dc=ngoprek,dc=com
adding new entry: cn=Account Operators,ou=Groups,dc=ngoprek,dc=com
adding new entry: cn=Print Operators,ou=Groups,dc=ngoprek,dc=com
adding new entry: cn=Replicators,ou=Groups,dc=ngoprek,dc=com
adding new entry: sambaDomainName=ngoprek,dc=ngoprek,dc=com already exist. Updating it...
Please provide a password for the domain root:
Changing password for root
New password :
Retype new password :
************************************************************
last step, we create user and computer for the use.
#smbldap-useradd -a someone
#smbldap-passwd someone
Changing password for someone
New password :
Retype new password :
***************************************
# smbldap-useradd -w bubucomp
to check your ldap system, use ldapsearch -x or use slapcat, you will meet some entertaining output.
Tentang PTC
Kebanyakan dari kita masih kebingungan dengan istilah PTC (Paid To Click) padahal sudah lama sekali Program ini muncul di dunia cyber in...
-
Salman Al Farisi memang sudah waktunya menikah. Seorang wanita anshar yang dikenalnya sebagai wanita mukminah lagi shalihah juga telah menga...
-
gak sengaja lagi browsing-browsing eh ketemu sama link ini http://dimassasongko.blogs.friendster.com/buku_harian_dimas/curhat/index.ht...
No comments:
Post a Comment