installation & configuration of ldap+samba on centos 5.pdf
TRANSCRIPT
-
Jitendrakumaryogi
MONDAY,23SEPTEMBER2013
StepbyStepInstallation&ConfigurationofLDAP+SAMBAonCentOS5
IamdefininghereinstallationandconfigurationofLDAPserverandintegratewithSAMBAservices.Ifyouwillworkwindowsatclientside,SambaintegrationisnecessarywithLDAPotherwiseNTPasswordwillnotbeacceptedbyLDAPserver.HerewewillgostepbysteptoconfigureLDAPandsambaserver.
IamusingCentOS5.564bitOperatingsystemwithkernel2.6.18194.el5.
IwilluseLDAPdomainexample.comforinstallationprocedure.
1.MysystemIPaddressis10.226.2.66andhostnameisldapnoida.example.com.Ifyouarenotusingnameserver,addhostnameentryinto/etc/hostsfile.
#vim/etc/hosts
10.226.2.66ldapnoida.example.comldapnoida
2.Iwillinstallallpackagesfromyumrepositorysopleaseconfigureyumbeforeinstallationthepackagesonserver.Iamnotcoveringyuminthisdocument.HereIwillinstallopenldaponserver.
#yuminstall*openldap*
ThiscommandwillinstallfollowingLDAPpackagesonyoursystem.
nss_ldap.i386
nss_ldap.x86_64
openldap.i386
openldap.x86_64
openldapclients.x86_64
openldapservers.x86_64
AvailablePackages
nss_ldap.i386
TOTALPAGEVIEWS
8 6 1 2 1
JitendraKumar
43havemeincircles Viewall
Addtocircles
GOOGLE+FOLLOWERS
JitendraKumar
Follow 43
Viewmycompleteprofile
ABOUTME
2014(10)
2013(41)December
(2)
November(3)
October(9)
September(1)StepbyStep
Installation&ConfigurationofLDAP+...
August(1)
July(5)
June(6)
May(8)
April(4)
February(1)
January(1)
2012(13)
BLOGARCHIVE
StepbyStepSENDMAIL+SMTPAUTH&
POPULARPOSTS
3 More NextBlog CreateBlog SignIn
-
nss_ldap.x86_64
3.CreateLDAPpasswordusingslappasswdcommand.Itgaveherepasswordroot123andgeneratecyptedpasswordasperbelowscreenshot.Iwillpastethisencryptedpasswordin/etc/openldap/slapd.conffile.
4.Openfile/etc/openldap/slapd.confandupdatethefollowingfieldsonldapserver.
databasebdb
suffix"dc=example,dc=com"
rootdn"cn=Manager,dc=example,dc=com"
rootpw{SSHA}+VQndTOziGTtICTQXuY8ExicsLjVlVxd
5.Openfile/etc/openldap/ldap.confandupdatethefollowingfieldsonldapserver.
BASEdc=example,dc=com
URIldap://ldapnoida.example.com/
6.Openfile/etc/ldap.confandaddthefollowinglinesintothis.
basedc=example,dc=com
URIldap://ldapnoida.example.com/
Andcommenttheline
#host127.0.0.1
7.RestarttheLDAPserviceonserver.
#/etc/init.d/ldaprestart
"MaildirformatforMailbox"ConfigurationSendmailismostpopularMTAformailservices.ItisanopensourcewhichcomeswithLinuxOS.IamconfiguringSendmailonCentOS6.3...
StepbyStepFreeRadiusConfigurationauthenticatedbyLDAPIaminstallingFreeRadiusServerintegratedwith
OpenLDAPserveronCentOS5.5usingkernel2.6.18194.el5.Iwillinstallallpackages...
StepbyStepInstallation&ConfigurationofLDAP+SAMBAonCentOS5Iamdefininghereinstallationandconfiguration
ofLDAPserverandintegratewithSAMBAservices.Ifyouwillworkwindowsatclients...
StepbyStepNagiosInstallationandConfigurationNagiosisanawesomeOpenSourcemonitoring
tool,itsprovidesyoumorecomprehensivemonitoringenvironmenttoalwayskeepaneye...
Howtoflushmailqueueinsendmailunderlinux?Howtoflushmailqueueinsendmailunderlinux?Ifyouwanttodoaoneoffqueuerun:[root@test~]#sendmailqItwill...
DISKCRITICAL/root/.gvfsisnotaccessible:PermissiondeniedIwasgettingNagiosErrortoaccess/root/.gvfsonCentOSrelease6.3(Final)OperatingSystem.Problem:*****Nagios*****...
DifferencebetweenRHEL5andRHEL6DifferencebetweenRHEL5andRHEL61.Virtualization:InRHEL6newvirtualizationKVM(kernelBasedVirtualMachine)wasuseda...
DovecotConfigurationforPOP&IMAPwithSSL+Sieve(Mailfiltering)andIMAPQuotaonSENDMAIL1.InstallthedovecotpackageonSendmailserver.[root@mail01mail]#yuminstalldovecot*[root@mail01mail]#rpmqa|g...
DifferencebetweenSwappingandPaginginlinuxDifferencebetweenSwappingandPaginginlinuxSwapping:Wholeprocessismovedfromtheswapdevicetothemainmemoryfor...
vmapallocationforsize9146368failed:usevmalloc=toincreasesize.Wefoundfollowingerrorlogsin/var/log/messagelogfile.Aug514:30:10snortkernel:vmapallocationforsize
-
8.CopytheDB_CONFIG.examplefileforslapdDBS/HDBdatabaseintoLDAPconfigurationfile.
cp/etc/openldap/DB_CONFIG.example/var/lib/ldap/DB_CONFIG
9.RestarttheLdapserviceandmakeldapserviceonsystemboot.
#serviceldaprestart
#chkconfigldapon
10.Updatemigrate_common.phfileforLDAPdirectorystructurecreation.
[root@ldapnoida~]#cd/usr/share/openldap/migration/
[root@ldapnoidamigration]#vimmigrate_common.ph
$DEFAULT_MAIL_DOMAIN="example.com";
$DEFAULT_BASE="dc=example,dc=com";
11.LDAPimportsthedirectorystructureintoLDIFformatsowearecreatingbasestructureLDIFfiletoimportintoLDAPdirectory.
[root@ldapnoidamigration]#./migrate_base.pl>base.ldif
[root@ldapnoidamigration]#ldapaddxD"cn=Manager,dc=example,dc=com"Wfbase.ldif
ItwillaskLDAPpassword.Typeldappasswordasdefinedaboveroot123anditwillgeneratebasicLDAPdirectorystructure.
12.CreateasystemusersothatwecanexportsystemuserintoLDAPserver.
root@ldapnoidamigration]#useraddjitendrakumar
root@ldapnoidamigration]#passwdjitendrakumar
9146368failed:us...
-
13.Migratesystemaccounthavinguidabove500intoLDPPserver.
[root@ldapnoidamigration]#grep"x:[59][09][09]"/etc/passwd>passwd
[root@ldapnoidamigration]#grep"x:[59][09][09]"/etc/group>group
[root@ldapnoidamigration]#./migrate_passwd.plpasswd>passwd.ldif
[root@ldapnoidamigration]#./migrate_group.plgroup>group.ldif
[root@ldapnoidamigration]#ldapaddxD"cn=Manager,dc=example,dc=com"Wfpasswd.ldif
[root@ldapnoidamigration]#ldapaddxD"cn=Manager,dc=example,dc=com"Wfgroup.ldif
14.InstallingSAMBApackagesonserver.
[root@ldapnoidamigration]#yuminstall*samba*
15.CopytheSambaschemaintoLDAPschemarepository.
cp/usr/share/doc/samba3.0.33/LDAP/samba.schema/etc/openldap/schema/
-
16.Editthefile/etc/openldap/slapd.confandincludesamba.schemalocationintoldapconfigurationfile.
[root@ldapnoidamigration]#vim/etc/openldap/slapd.conf
include/etc/openldap/schema/samba.schema
17.RestarttheLDAPServiceonserver.
[root@ldapnoidamigration]#serviceldaprestart
Stoppingslapd:[OK]
Startingslapd:[OK]
[root@ldapnoidamigration]#
18.DownloadEPELRPMpackageandinstallitonserver.
[root@ldapnoidamigration]#wgethttp://dl.fedoraproject.org/pub/epel/5/x86_64/epelrelease54.noarch.rpm
2013092014:58:00http://dl.fedoraproject.org/pub/epel/5/x86_64/epelrelease54.noarch.rpm
Resolvingdl.fedoraproject.org...209.132.181.27,209.132.181.23,209.132.181.24,...
Connectingtodl.fedoraproject.org|209.132.181.27|:80...connected.
HTTPrequestsent,awaitingresponse...200OK
Length:12232(12K)[application/xrpm]
Savingto:`epelrelease54.noarch.rpm'
-
100%[==============================================================================================================>]12,232.K/sin0.02s
2013092014:58:01(739KB/s)`epelrelease54.noarch.rpm'saved[12232/12232]
[root@ldapnoidamigration]rpmUvhepelrelease54.noarch.rpm
19.Installsmbldaptoolsandphpldapadminonserver.
[root@ldapnoidamigration]#yumyinstallsmbldaptools
[root@ldapnoidamigration]#yumenablerepo=epelyinstallphpldapadmin
20.ConfigurePhpldapadminonservertomanageLDAPDITthroughgraphically.
[root@ldapnoida~]#vi/etc/httpd/conf.d/phpldapadmin.conf
Alias/phpldapadmin/usr/share/phpldapadmin/htdocs
Alias/ldapadmin/usr/share/phpldapadmin/htdocs
OrderDeny,Allow
Denyfromall
Allowfrom127.0.0.110.226.0.0/16#IPaddressyouallow
-
[root@ldapnoida~]#/etc/rc.d/init.d/httpdrestart
ToaccessphpldapadminuseURLhttp://(yourhostnameorIPaddress)/ldapadmin
21.Toaccessphpldapadminconsoleuserfollowingcredentials.
UserName:cn=Manager,dc=example,dc=com
Password:root123
PasswordisLDAProotdnpasswordasdefinedaboveindocument.
22.Takethebackupofsmb.confandcreateanew
smb.conffilefromldapenabledconfigurationfileonldapserver.
mv/etc/samba/smb.conf/etc/samba/smb.conf.backup
cp/usr/share/doc/smbldaptools0.9.6/smb.conf/etc/samba/smb.conf
23.Changethe/etc/samba/smb.confconfigurationfileforLDAP.
-
[root@ldapnoidamigration]#vim/etc/samba/smb.conf
workgroup=example
netbiosname=ldap
unixpasswordsync=yes
ldappasswdsync=yes
passwdprogram=/usr/sbin/smbldappasswdu"%u"
passwdchat="Changing*\nNewpassword*"%n\n"*Retypenewpassword*"%n\n"
Doscharset=CP932
Unixcharset=UTF8
passdbbackend=ldapsam:ldap://10.226.2.66/
ldapadmindn=cn=Manager,dc=example,dc=com
ldapsuffix=dc=example,dc=com
ldapgroupsuffix=ou=Group
ldapusersuffix=ou=People
-
adminusers=admin
24.Createfollowingdirectoryandsettheirpermissions.
[root@ldapnoida~]#mkdir/home/netlogon
[root@ldapnoida~]#mkdir/home/profiles
[root@ldapnoida~]#chmod777/home/profiles.
25.Restartedsambaserviceandmakeitpermanent.
[root@ldapnoida~]#servicesmbrestart
[root@ldapnoida~]#chkconfigsmbon
26.SettheSAMBAPassword.
[root@ldapnoida~]#smbpasswdW
27.Changetofollowingdirectoryandsetthepermissionofconfigure.plscript.
[root@ldapnoidamigration]#cd/usr/share/doc/smbldaptools0.9.6/
[[email protected]]#chmod755configure.pl
[[email protected]]#./configure.pl
-
YoucancheckSIDwithnetgetlocalsidcommand.Ifitissamepressenter.
Enterdomainnametoappendtomailaddress[]>example.com
-
28.Openfile/usr/share/doc/smbldaptools0.9.6/smbldap.confandchangetherequiredparametersintothisfile.
[[email protected]]#pwd
/usr/share/doc/smbldaptools0.9.6
[[email protected]]#netgetlocalsid
[2013/09/2015:50:03,0]param/loadparm.c:map_parameter(2794)
Unknownparameterencountered:"minpasswdlength"
[2013/09/2015:50:03,0]param/loadparm.c:lp_do_parameter(3541)
Ignoringunknownparameter"minpasswdlength"
SIDfordomainLDAPis:S1521308860634312010829963680957859
[[email protected]]#vismbldap.conf
SID="S1521308860634312010829963680957859"
slaveLDAP="ldapnoida.example.com"
masterLDAP="ldapnoida.example.com"
suffix="dc=example,dc=com"
sambaUnixIdPooldn="sambaDomainName=$example,${suffix}"
userSmbHome="\\ldap\%U"
userProfile=\\ldap\profiles\%U
mailDomain="example.com"
-
29.Openfile/usr/share/doc/smbldaptools0.9.6/smbldap.confandchangetherequiredparametersintothisfile.
[[email protected]]#vimsmbldap_bind.conf
#$Id:smbldap_bind.conf352011022309:07:36Zfumiyas$
#
############################
#CredentialConfiguration#
############################
#Notes:youcanspecifytwodifferentsconfigurationifyouusea
#masterldapforwritingaccessandaslaveldapserverforreadingaccess
#Bydefault,wewillusethesameDN(soitwillworkforstandardSamba
#release)
slaveDN="cn=Manager,dc=example,dc=com"
slavePw="root123"
masterDN="cn=Manager,dc=example,dc=com"
masterPw="root123"
30.RestartthesambaserviceandpopulatetheLDAPDITonserver.
[[email protected]]#servicesmbrestart
-
PostedbyJitendraKumarat17:17
[[email protected]]#smbldappopulate
31.NowIwillcreateadminaccountandgroupfordomainadministrativeaccount.
[email protected]]#smbldapgroupaddaadmin
[email protected]]#smbldapuseraddamgadminadmin
32.Wecanresetpasswordofadminuserwithfollowingcommand.
[email protected]]#smbldappasswdadmin
+3 Recommend this on Google
Replies
Reply
11comments:
sachin 27September2013at13:35
jabardasthebhai........
Reply
JitendraKumar 4October2013at11:11
ThisisspoonfeedingdocumentationforLinuxAdmins.Enjoy!!!
sachin 4October2013at15:17
Howtoenableldaploggingonserver...Pleaseletusknow
Reply
AshishKumar 4October2013at15:17
Waahustaadwaah.....istarehtohumdimaaglaganahibhooljaayenge!!:p
Reply
JitendraKumar 4October2013at16:00
Openfile/etc/phpldapadmin/config.phpandcommentouttheselines.
$servers>newServer('ldap_pla')
-
Replies
Reply
$servers>setValue('server','name','JitendraLDAPServer')$servers>setValue('server','host','127.0.0.1')$servers>setValue('server','port',389)
Andyoucanloginonphpldapadminportal.
Reply
sachin 7October2013at12:02
howtochecklogsofldap
Reply
JitendraKumar 7October2013at12:24
YoucanenableLDAPloginonserverbyaddingfollowingentryinto/etc/syslog.confandrestartsyslogservice.
vi/etc/syslog.conf
#LdapServerLogs
local4.*/var/log/ldap.log
Reply
rahulyadav 15July2014at16:02
howcanweaddwindowsclienttosambadomain.
Reply
VijayKumarSharma 9August2014at05:57
Iamgettingerrorunkownobjectclasswhilesmbldappopulateinsomethegroupsadding
javedsvpcet 26September2014at11:17
MInpasswordagecanbesetforindividualuser????
Reply
Anonymous 11November2014at14:20
This is working ONLY for windows XP clients. Kindly inform how to use it forWindows7clients.Anyadditionalpackageneedstobeinstalled?
Reply
-
NewerPost OlderPostHome
Subscribeto:PostComments(Atom)
Enteryourcomment...
Commentas: GoogleAccount
Publish Preview
PictureWindowtemplate.PoweredbyBlogger.