hostname = ketoprak
domain = sidoel.com
ipaddres = 192.168.1.100
edit hosts
# vim /etc/hosts/
install directory server
setup nss
edit ldap.conf
# vim /etc/ldap.conf
# vim /etc/nsswitch.conf
install samba
make directory server samba schema by converting samba schema
First get the Samba SID for your PDC : remember this SID
Edit samba configuration
make netlogon and profile directory
Setup samba ldap administrator
Importing samba domain name and net group
make sambaDomain entries and save as sambaDomainName.ldif file.
import to database
Create Samba Domain Groups entries and save as sambaGroups.ldif file.
import to database
Map samba groups to linux groups
make ldap admin for samba and save as sambaAdmin.ldif file
import to ldap database
Create a Samba Administrator account, we already register samba admin to ldap, then setup the password, here my samba Administrator password similar like my ldap admin (uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot)the password is = admin
Show the Database Samba users
modify the account to use the correct Samba SID :
pdbedit -U your_machines_sid-500 -u Administrator
Start samba and testing samba
see if your nss work, this should show the group list and user list based on ldap database
Join Domain with WinXP
1. Control Panel -> Network and Internet Connection -> Network Connection -> (right click) properties -> Internet protocol /TCP IP
setup to enable netbios over tcp ip,
2. fill the wins server to your samba/ldap ip 192.168.1.100 ,
3. change computer name with machine name then restart after that change domain name to your samba domain name
for win 7 you need to change registry setting,
or you can download it at
https://bugzilla.samba.org/attachment.cgi?id=4988&action=view
http://wiki.samba.org/index.php/Windows7
continue with same step like windows XP
refrence:
http://directory.fedoraproject.org/wiki/Howto:Samba
Alhamdulillah....
domain = sidoel.com
ipaddres = 192.168.1.100
edit hosts
# vim /etc/hosts/
192.168.1.100 ketoprak.sidoel.com ketoprak
install directory server
# setup-ds-admin.pl
setup nss
edit ldap.conf
# vim /etc/ldap.conf
host 127.0.0.1 base dc=sidoel,dc=com binddn uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot bindpw admin timelimit 120 bind_timelimit 120 idle_timelimit 3600 pam_lookup_policy yes nss_base_passwd ou=People,dc=sidoel,dc=com?one nss_base_passwd ou=Machines,dc=sidoel,dc=com?one nss_base_group ou=Groups,dc=sidoel,dc=com?one nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
# vim /etc/nsswitch.conf
passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus
install samba
# yum install samba3x samba3x-client libtalloc-2.0.1-11.el5.x86_64.rpm libtdb-1.2.1-5.el5.x86_64.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-common-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-client
make directory server samba schema by converting samba schema
# cd /usr/share/doc/samba3x-3.5.4/LDAP/ # perl ol-schema-migrate.pl -b samba.schema > ~/61samba.ldif copied to your slap-instance # cp ~/61samba.ldif /etc/dirsrv/slapd-ketoprak/schema/ restart the service (your-instance) # service dirsrv restart ketoprak
First get the Samba SID for your PDC : remember this SID
# net getlocalsid SID for domain KETOPRAK is: S-1-5-21-3965608580-1676198639-4080886704
Edit samba configuration
# cp /etc/samba/smb.conf /etc/samba/smb.conf.orig # echo "" > /etc/samba/smb.conf # vi /etc/samba/smb.conf [global] workgroup = SIDOEL netbios name = KETOPRAK log file = /var/log/samba/log.%m socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 security = user passdb backend = ldapsam:ldap://127.0.0.1 #ldap admin dn = cn=Directory Manager ldap admin dn = uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot ldap suffix = dc=sidoel,dc=com ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups #ldap ssl = start tls ldap ssl = off domain master = yes domain logons = yes logon path = \\%L\profiles\%u logon home = \\%L\%u\profiles logon drive = H: local master = yes os level = 65 preferred master = yes wins support = yes template shell = /bin/false winbind use default domain = no load printers = yes printcap name = cups printing = cups [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mask = 0775 directory mask = 0775 [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = no writable = yes printable = yes create mask = 0700 public = yes available = yes print command = /usr/bin/lpr -P %p -r %s [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = no writable = no share modes = no browseable = no admin users = Administrator valid users = %U [profiles] comment = Users profiles path = /var/lib/samba/profiles browseable = yes guest ok = no read only = no create mask = 0700 directory mask = 0700 valid users = %U [public] comment = Public Stuff path = /home/samba public = yes writable = yes printable = no valid users = %U
make netlogon and profile directory
# mkdir -p /var/lib/samba
# mkdir /var/lib/samba/{netlogon,profiles}
# chown root:root -R /var/lib/samba
# chmod 0755 /var/lib/samba/netlogon
# chmod 1755 /var/lib/samba/profiles
Setup samba ldap administrator
# smbpasswd -w (ldap-admin-password) Setting stored password for "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" in secrets.tdb
Importing samba domain name and net group
make sambaDomain entries and save as sambaDomainName.ldif file.
dn: sambaDomainName=SIDOEL,dc=sidoel,dc=com objectclass: sambaDomain objectclass: sambaUnixIdPool objectclass: top sambaDomainName: SIDOEL sambaSID: S-1-5-21-3965608580-1676198639-4080886704 uidNumber: 550 gidNumber: 550
import to database
# /usr/lib64/dirsrv/slapd-ketoprak/ldif2ldap "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" admin sambaDomainName.ldif
Create Samba Domain Groups entries and save as sambaGroups.ldif file.
dn: cn=Domain Admins,ou=Groups,dc=sidoel,dc=com
objectClass: posixGroup
objectClass: top
cn: Domain Admins
userPassword: {crypt}x
gidNumber: 512
dn: cn=Domain Users,ou=Groups,dc=sidoel,dc=com
objectClass: posixGroup
objectClass: top
cn: Domain Users
userPassword: {crypt}x
gidNumber: 513
dn: cn=Domain Guests,ou=Groups,dc=sidoel,dc=com
objectClass: posixGroup
objectClass: top
cn: Domain Guests
userPassword: {crypt}x
gidNumber: 514
dn: cn=Domain Computers,ou=Groups,dc=sidoel,dc=com
objectClass: posixGroup
objectClass: top
cn: Domain Computers
userPassword: {crypt}x
gidNumber: 515
import to database
# /usr/lib64/dirsrv/slapd-ketoprak/ldif2ldap "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" admin sambaGroups.ldif
Map samba groups to linux groups
# net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain Admins' # net groupmap add rid=513 ntgroup='Domain Users' unixgroup='Domain Users' # net groupmap add rid=514 ntgroup='Domain Guests' unixgroup='Domain Guests' # net groupmap add rid=515 ntgroup='Domain Computers' unixgroup='Domain Computers' # net groupmap list Domain Admins (S-1-5-21-3965608580-1676198639-4080886704-512) -> Domain Admins Domain Users (S-1-5-21-3965608580-1676198639-4080886704-513) -> Domain Users Domain Guests (S-1-5-21-3965608580-1676198639-4080886704-514) -> Domain Guests Domain Computers (S-1-5-21-3965608580-1676198639-4080886704-515) -> Domain Computers
make ldap admin for samba and save as sambaAdmin.ldif file
dn: uid=Administrator,ou=People,dc=sidoel,dc=com
objectClass: top
objectClass: posixaccount
cn: Samba Admin
gidNumber: 0
homeDirectory: /root
uid: Administrator
uidNumber: 0
gecos: Samba Admin
loginShell: /bin/bash
userPassword: {crypt}x
import to ldap database
# /usr/lib64/dirsrv/slapd-ketoprak/ldif2ldap "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" admin sambaAdmin.ldif
Create a Samba Administrator account, we already register samba admin to ldap, then setup the password, here my samba Administrator password similar like my ldap admin (uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot)the password is = admin
# smbpasswd -a Administrator New SMB password: admin Retype new SMB password: admin Added user Administrator.
Show the Database Samba users
# pdbedit -L Administrator:0:Samba Admin
modify the account to use the correct Samba SID :
pdbedit -U your_machines_sid-500 -u Administrator
# pdbedit -U S-1-5-21-3965608580-1676198639-4080886704-500 -u Administrator
Start samba and testing samba
#/etc/init.d/smb start #/etc/init.d/nmb start you can use debug mode for nmbd #/usr/sbin/nmbd -d 3 -i # smbclient -L localhost -U% Domain=[SIDOEL] OS=[Unix] Server=[Samba 3.5.4-0.70.el5_6.1] Sharename Type Comment --------- ---- ------- profiles Disk Users profiles public Disk Public Stuff IPC$ IPC IPC Service (Samba 3.5.4-0.70.el5_6.1) Domain=[SIDOEL] OS=[Unix] Server=[Samba 3.5.4-0.70.el5_6.1] Server Comment --------- ------- KETOPRAK Samba 3.5.4-0.70.el5_6.1 Workgroup Master --------- ------- SIDOEL KETOPRAK
see if your nss work, this should show the group list and user list based on ldap database
# getent passwd # getent group
Join Domain with WinXP
1. Control Panel -> Network and Internet Connection -> Network Connection -> (right click) properties -> Internet protocol /TCP IP
setup to enable netbios over tcp ip,
2. fill the wins server to your samba/ldap ip 192.168.1.100 ,
3. change computer name with machine name then restart after that change domain name to your samba domain name
for win 7 you need to change registry setting,
Windows Registry Editor Version 5.00 ; Win7_Samba3DomainMember [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] "DNSNameResolutionRequired"=dword:00000000 "DomainCompatibilityMode"=dword:00000001 ; Speedup settings [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "SlowLinkDetectEnabled"=dword:00000000 "DeleteRoamingCache"=dword:00000001 "WaitForNetwork"=dword:00000000 "CompatibleRUPSecurity"=dword:00000001 ; Can drive you nuts [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=dword:00000000
or you can download it at
https://bugzilla.samba.org/attachment.cgi?id=4988&action=view
http://wiki.samba.org/index.php/Windows7
continue with same step like windows XP
refrence:
http://directory.fedoraproject.org/wiki/Howto:Samba
Alhamdulillah....
Done everything but pause on the later part:
ReplyDelete# net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain Admins'
# net groupmap add rid=513 ntgroup='Domain Users' unixgroup='Domain Users'
# net groupmap add rid=514 ntgroup='Domain Guests' unixgroup='Domain Guests'
# net groupmap add rid=515 ntgroup='Domain Computers' unixgroup='Domain Computers'
Anyone of this command isn't working, it always say's:
Can't lookup UNIX group Domain Admins
I tried the ff. as well but didn't succeedd:
http://forums.fedoraforum.org/showthread.php?t=166966
I get the same problem either,I'm using CentOS 5.7, samba-3.0.33-3.29.el5_6.2 and openldap-2.3.43-12.el5_6.7
ReplyDeleteCan anyone here help me please.
yeah, don't screw with the nsswitch.conf file.
Deletepasswd: files sss
shadow: files sss
group: files sss
netgroup: files sss
don't make it ldap - this is my finding for CentOS 6.2, rather use authconfig-tui or authconfig-gui
hai,
ReplyDelete1. check /etc/ldap.conf at nss_base_group
nss_base_group ou=Groups,dc=sidoel,dc=com?one
and make sure the ou,is similar with nss_base_group.the ou are ou=Groups,dc=sidoel,dc=com.
2. after that, import the samba group using ldif files,
dn: cn=Domain Admins,ou=Groups,dc=sidoel,dc=com
objectClass: posixGroup
objectClass: top
cn: Domain Admins
userPassword: {crypt}x
gidNumber: 512
and others group,
3. make sure your group is visible on unix,
check using "getent group".
if not visible, recheck using "ldap search" and recheck again at /etc/ldap.conf,don't typo
4. after samba group visible on unix, then repeat the process again, start mapping using net.
I hope this help,
alhamdulillah
Wow real good can you please also show how to add a BDC on diffrent subnet to this config ie new office with master ldap server and bdc server running slave ldap server.
ReplyDelete