Linux - Dominio Samba - 5/7 - Settaggio con LDAP per creare dominio

Per la parte precedente 4/7 seguente cliccare qui

Per la parte seguente 6/7 seguente cliccare qui 

Vediamo come settare Samba per lavorare come Domain Controller:

1) cp /usr/share/doc/samba-*/LDAP/samba.schema /etc/openldap/schema/  
2) vim /etc/openldap/slapd.conf 

      include /etc/openldap/schema/core.schema
      include /etc/openldap/schema/cosine.schema
      include /etc/openldap/schema/inetorgperson.schema
      include /etc/openldap/schema/nis.schema
      # add
      include /etc/openldap/schema/samba.schema
      # add
      access to attrs=userPassword, sambaLMPassword,sambaNTPassword
      by self write
      by dn="cn=Manager,dc=instyle,dc=locale" write
      by anonymous auth
      by * none
 3) Riavviamo il servizio LDAP

      /etc/init.d/ldap restart 

4) Installiamo prima il repository centos epel e poi smbldap-tools

      rpm -Uvh

      (rpm -Uvh
     yum --enablerepo=epel -y install smbldap-tools # installare da EPEL

     mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

     cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf

     cd /usr/share/doc/smbldap-tools-*/

     chown 700 -R *.*

     vim /etc/samba/smb.conf

     # line 3: change workgroup name to any one
     workgroup = instyle

     # line 12: make it comment
     # min passwd length = 3

     # line 22: change
     ldap passwd sync = yes
     # line 33,34: change
     Dos charset = CP932
     Unix charset = UTF-8

     # line 48: change LDAP admin DN (LDAP server's one)
     passdb backend = ldapsam:ldap://
     ldap admin dn = cn=Manager, dc=instyle,dc=locale

     # line 50: change LDAP suffix (LDAP server's one)
        Verificare che i seguenti nomi siano corretti sennò non funziona

     ldap suffix = dc=instyle,dc=locale
     ldap group suffix = ou= Group
     ldap user suffix = ou= People
     ldap user suffix = ou= Hosts
     ldap idmap suffix = ou=Idmap

     # line 60: uncomment
     delete group script = /usr/sbin/smbldap-groupdel "%g"

     # line 64: add (specify admin user)
     set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
     admin users = admin
     Remmare le parti del file che si riferiscono alle stampanti da riga 67 in poi
     Remmare anche la parte relativa alla share pubblica /tmp

5) mkdir /home/netlogon

      mkdir /home/profiles

     /etc/init.d/smb restart

     dei log/comandi interessanti per trovare i problemi sono:


      service smb status

      tail -f /varl/log/samba

     smbpasswd -W # add LDAP admin's password

     Setting stored password for "cn=Manager,dc=instyle,dc=locale" in secrets.tdb
     New SMB password: # LDAP admin password

     Retype new SMB password:

6)   cd /usr/share/doc/smbldap-tools-0.9.*


     Use of $# is deprecated at /usr/share/doc/smbldap-tools-0.9.4/ line 314.
     smbldap-tools script configuration


     Before starting, check
     . if your samba controller is up and running.
     . if the domain SID is defined (you can get it with the 'net getlocalsid')

     . you can leave the configuration using the Crtl-c key combination
     . empty value can be set with the "." character
     Looking for configuration files...

     Samba Configuration File Path [/etc/samba/smb.conf] > # Enter

     The default directory in which the smbldap configuration files are stored is shown.
     If you need to change this, enter the full directory path, then press enter to continue.
     Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] >   # Enter

     Let's start configuring the smbldap-tools scripts ...

     . workgroup name: name of the domain Samba act as a PDC workgroup name [InstyleLocale] > # Enter
     . netbios name: netbios name of the samba controler netbios name [PDC-SRV] > # Enter
     . logon drive: local path to which the home directory will be connected (for NT  Workstations). Ex: 'H:'
     logon drive [H:] > # Enter
     . logon home: home directory location (for Win95/98 or NT Workstation).
     (use %U as username) Ex:'\\PDC-SRV\%U'
     logon home (press the "." character if you don't want homeDirectory) [\\PDC-SRV\%U] >
     # input a period
     . logon path: directory where roaming profiles are stored. Ex:'\\PDC-SRV\profiles\%U'
     logon path (press the "." character if you don't want roaming profile) [\\PDC-SRV\profiles\%U] > .  # input a period
     . home directory prefix (use %U as username) [/home/%U] > # Enter
     . default users' homeDirectory mode [700] > # Enter
     . default user netlogon script (use %U as username) [logon.bat] >  # Enter
     default password validation time (time in days) [45] > # Enter
     . ldap suffix [dc=instyle,dc=locale] > # Enter
     . ldap group suffix [ou=Group] > # Enter
     . ldap user suffix [ou=People] > # Enter
     . ldap machine suffix [ou=Computers] > # Enter
     . Idmap suffix [ou=Idmap] > # Enter
     . sambaUnixIdPooldn: object where you want to store the next uidNumber and gidNumber available for new users and groups sambaUnixIdPooldn object (relative to ) [sambaDomainName=ServerWorld] >  # Enter
     . ldap master server: IP adress or DNS name of the master (writable) ldap server
     ldap master server [] > # specify LDAP server's IP address (Enter with empy if local)
     . ldap master port [389] > # Enter
     . ldap master bind dn [cn=Manager,dc=instyle,dc=locale] >  # Enter
     . ldap master bind password [] > # LDAP admin password
     . ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
     ldap slave server [] > # specify LDAP slave's IP (Enter with empy if none)
     . ldap slave port [389] > # Enter
     . ldap slave bind dn [cn=Manager,dc=instyle,dc=locale] > # Enter
     . ldap slave bind password [] > # Input if there is, if not input the same one with master
     . ldap tls support (1/0) [0] > # Enter
     . SID for domain INSTYLELOCALE: SID of the domain (can be obtained with 'net getlocalsid PDC-SRV')
     SID for domain INSTYLELOCALE [S-1-5-21-2328488880-970186277-2112160582] >  # Enter
     . unix password encryption: encryption used for unix passwords
unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > MD5  # specify MD5
     . default user gidNumber [513] > # Enter
     . default computer gidNumber [515] > # Enter
     . default login shell [/bin/bash] > # Enter
     . default skeleton directory [/etc/skel] > # Enter
     . default domain name to append to mail adress [] > # Enter

     Use of uninitialized value in concatenation (.) or string at /usr/share/doc/smbldap-tools-     0.9.4/ line 314, line 33.
     backup old configuration files:
     writing new configuration file:
       /etc/smbldap-tools/smbldap.conf done.
       /etc/smbldap-tools/smbldap_bind.conf done.
7) smbldap-populate

       Populating LDAP directory for domain INSTYLELOCALE        (S-1-5-21-2328488880-970186277-2112160582)
       (using builtin directory structure)

       entry dc=instyle,dc=locale exist.
       entry ou=People,dc=dc=instyle,dc=locale already exist.
       entry ou=Group,dc=dc=instyle,dc=localealready exist.
       adding new entry: ou=Computers,dc=instyle,dc=locale
       adding new entry: ou=Idmap,dc=instyle,dc=locale
       adding new entry: uid=root,ou=People,dc=instyle,dc=locale
       adding new entry: uid=nobody,ou=People,dc=instyle,dc=locale
       adding new entry: cn=Domain Admins,ou=Group,dc=instyle,dc=locale
       adding new entry: cn=Domain Users,ou=Group,dc=instyle,dc=locale
       adding new entry: cn=Domain Guests,ou=Group,dc=instyle,dc=locale
       adding new entry: cn=Domain Computers,ou=Group,dc=instyle,dc=locale
       adding new entry: cn=Administrators,ou=Group,dc=instyle,dc=locale
       adding new entry: cn=Account Operators,ou=Group,dc=instyle,dc=locale
       adding new entry: cn=Print Operators,ou=Group,dc=instyle,dc=locale
       adding new entry: cn=Backup Operators,ou=Group,dc=instyle,dc=locale
       adding new entry: cn=Replicators,ou=Group,dc=instyle,dc=locale
       entry sambaDomainName=InstyleLocale,dc=instyle,dc=locale already exist. Updating it...

       Please provide a password for the domain root:
       Changing UNIX and samba passwords for root
       New password: # set root password

       Retype new password:

8) # add admin user that is define in smb.conf

       smbldap-groupadd -a admin

       smbldap-useradd -am -g admin admin

       smbldap-passwd admin

       Changing UNIX and samba passwords for admin
       New password:
       Retype new password:
       su - admin # try to switch to added user

       $ # done
 Per la parte precedente 4/7 seguente cliccare qui

Per la parte seguente 6/7 seguente cliccare qui