|
Samba can be configured to run as a domain controller and openldap is
used as a database backend to samba and LAM is just there to make
things easier with to integrate the two together with a web interface.
Name: Samba
HomePage: http://www.samba.org/ Function: Samba is a suite of programs that enables interoperability between Linux/Unix servers and Windows client
Name: OpenLDAP
HomePage: http://www.openldap.org/ Function: OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol
Name: LAM (ldap account manager)
HomePage: http://lam.sourceforge.net/ Function: LDAP Account Manager (LAM) is a webfrontend for managing accounts stored in an LDAP directory.
1. Firstly we need to get openLDAP working edit the ldap.conf nano /etc/openldap/ldap.conf
ldap.conf:
HOST mc1.fedora.directory.server
BASE dc=fedora,dc=directory,dc=server
|
2. We will have to add a samba schema at the top of the 'etc/openldap/slap.conf' file the schema's are listed just add this. make sure it is the last schema on the list.
slap.conf:
include /etc/openldap/schema/samba.schema
|
3. Then we'll need to copy the samba.schema file into the /etc/openldap/schema folder.
cp /usr/share/doc/samba-3.0.8/LDAP/samba.schema /etc/openldap/schema
4. Next we need to do some bdb database definitions. edit the slapd.conf file once more futher to the bottom this time you will find 'ldbm and/or bdb database definitions' under that replace it with.
nano /etc/openldap/slapd.conf
slapd.conf:
database bdb
suffix "dc=fedora,dc=directory,dc=server"
rootdn "uid=root,dc=fedora,dc=directory,dc=server"
rootpw |
5. Now we need to create a LDAP password so while in the command line type.
slappasswd
once you have entered your password you will end up with something like this
{SSHA}HLuLNn9wv8r9Qkgvh9qNWWZUupfro0+1
copy it and paste it in the 'etc/openldap/slapd.conf' were is says 'rootpw'. (as can be scene below)
nano /etc/openldap/slapd.conf
slapd.conf:
database bdb
suffix "dc=fedora,dc=directory,dc=server"
rootdn "uid=root,dc=fedora,dc=directory,dc=server"
rootpw {SSHA}HLuLNn9wv8r9Qkgvh9qNWWZUupfro0+1 |
6. We need to start the openLDAP service now
/etc/init.d/ldap start
 7. Now we have to add the LDAP entries file create a file in /tmp folder called domain.ldif then fill it with the following.
nano /tmp/domain.ldif
domain.ldif:
dn: dc=fedora,dc=directory,dc=server
objectclass: dcobject
objectClass: organization
o: Fedora Directory Server
dc: fedora |
8. Once you have made your domain.ldif file then run the following command.
/usr/bin/ldapadd -x -D 'uid=root,dc=fedora,dc=directory,dc=server' -W -f /tmp/domain.ldif
9. Now that OpenLDAP is up and going we need to LAM (LDAP Account Manager) working. Firstly we can do and download it from
http://lam.sourceforge.net
10. Next we place it in the root directory of our apache server '/var/www/html/' and unzip it.
cp ldap-account-manager-1.2.0.tar.gz /var/www/html/
cd /var/www/html/
gzip -d ldap-account-manager-1.2.0.tar.gz
tar –xf ldap-account-manager-1.2.0.tar 
11. Then we go into the config folder and run these two commands to make the require files.
cp config.cfg_sample config.cfg
cp lam.conf_sample lam.conf
12. Now we need to change permissions on some of the folders
chown apache:apache –R /var/www/html/ldap-account-manager-1.2.0
chmod a+w /var/www/html/ldap-account-manager-1.2.0/tmp
chmod a+w /var/www/html/ldap-account-manager-1.2.0/sess 
13. Then we can edit the lam.conf file we made last time.
nano /var/www/html/ldap-account-manager-1.2.0/config/lam.conf
lam.conf:
serverURL: ldap://localhost:389
# list of users who are allowed to use LDAP Account Manager
admins: cn=Manager,dc=fedora,dc=directory,dc=server
# password to change these preferences via webfrontend
passwd: lam
# suffix of tree view
treesuffix: dc=fedora,dc=directory,dc=server
# List of active account types.
activeTypes: user,group,host,smbDomain
types: suffix_user: ou=people,dc=fedora,dc=directory,dc=server
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
types: suffix_group: ou=groups,dc=fedora,dc=directory,dc=server
types: attr_group: #cn;#gidNumber;#memberUID;#description
types: modules_group: posixGroup,sambaGroupMapping
types: suffix_host: ou=machines,dc=fedora,dc=directory,dc=server
types: attr_host: #cn;#description;#uidNumber;#gidNumber
types: modules_host: account,posixAccount,sambaSamAccount
types: suffix_smbDomain: ou=domains,dc=fedora,dc=directory,dc=server
types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID
types: modules_smbDomain: sambaDomain
maxlistentries: 30
defaultLanguage: en_GB.utf8:UTF-8:English (Great Britain)
cachetimeout: 5
# Module settings
modules: posixAccount_minUID: 0
modules: posixAccount_maxUID: 30000
modules: posixAccount_minMachine: 50000
modules: posixAccount_maxMachine: 60000 modules: posixGroup_minGID: 0
modules: posixGroup_maxGID: 20000
modules: posixGroup_pwdHash: SSHA
modules: posixAccount_pwdHash: SSHA |
14. Replace the cmd.conf with the following
nano /etc/samba/smb.conf
smb.conf:
[global]
ldap user suffix = ou=people,dc=fedora,dc=directory,dc=server
ldap machine suffix = ou=machines,dc=fedora,dc=directory,dc=server
ldap group suffix = ou=group,dc=fedora,dc=directory,dc=server
ldap suffix = dc=fedora,dc=directory,dc=server
ldap admin dn = "uid=root,dc=fedora,dc=directory,dc=server"
encrypt passwords = yes
passdb backend = ldapsam:ldap://127.0.0.1
wins support = true
ldap delete dn = no
ldap passwd sync = yes
os level = 50
security = user
ldap replication sleep = 1000
[global]
;Basic server settings
netbios name = fedora
workgroup = fedora
comment = Samba %v Server
;Necessary for PDC to act as the domain and local master
encrypt passwords = yes
os level = 64
security = user
domain logons = yes
preferred master = yes
domain master = yes
local master = yes
;Where user profiles are stored
logon path = \\%L\profiles\%U
;Location of user's home directory and where it should be mounted
logon drive = M:
logon home = \\%L\%U\.profiles
;Sets the printing to CUPS
printing = cups
printcap = /etc/printcap
load printers = yes
;Other global options
socket options = TCP_NODELAY
map to guest = Bad User
;Acts as a WINS server
wins support = yes
deadtime = 15
;Necessary share for domain controller
[netlogon]
writeable = yes
public = yes
path = /etc/samba/netlogon
write list = admin
[profiles]
path = /etc/samba/profiles
writeable = yes
create mask = 0600
directory mask = 0700
;Home directoy shares (Mounts the user's home directory)
[homes]
comment = Linux Home directory space
path = %H
writeable = yes
valid users = %S
create mode = 0600
directory mode = 0700
locking = no
;A simple share of the /share directory
[share]
path = /etc/samba/share
browseable = yes
writeable = yes
;A share for the cdrom mounts at /media/cdrom
[cdrom]
comment = Linux CD-ROM
path = /media/cdrom
read only = yes
locking = no
root preexec = /bin/mount /dev/cdrom /media/cdrom
root postexec = /bin/umount /media/cdrom
;Basic printer settings
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes |
15. After that you will have to create a DOMAIN, the only two fields you need to fill out is,'Domain name', 'Domain SID'. you can find the domain sid by typing in
net getlocalsid
Domain name: FEDORA
Domain SID: S-1-5-21-1779746434-3005037504-180404436 
16. Now to make a root user you must make a group (i'll call it root) with a GID of 0 and then make a user (i'll call it root) with a UID of 0.
17. Now that everything esle is setup lets setup samba.
mkdir /etc/samba/logs/
mkdir /etc/samba/netlogon/
mkdir /etc/samba/profiles/
chmod -R a+rwx /etc/samba/
18. Next we need to start apache so we can use LAM
/etc/init.d/httpd start 
19. Now go to https://machine-ip-address/ldap-account-manager 
and log into LAM, once there it will ask you go create the users, groups, OU's, etc 
20. once you have done that also create a root with the UID 0 and a group called root with the GID 0.
21. Now that all the configuration files have been setup, restart any service that had anything to do with this
/etc/init.d/smb restart
/etc/init.d/ldap restart 
BookMarking:
cell1
|
|
cell3 |
|
cell4
|
|
Trouble Shooting:
Go to the wiki page
Go to the 'Contact Us ' Forum
Go to the how-to's 'Support ' Forum
External Links:
http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC http://www.tutorialized.com/tutorial/Setting-up-a-Samba-PDC-with-an-OpenLDAP-backend-on-SuSE/9231 |
