PDC Samba LDAP CentOS 6.2


References:
http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=1
http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=2
http://www.server-world.info/en/note?os=CentOS_6&p=samba&f=4

Very good tutorials on references link above, im just practice them..

Skenario:

IP Address Server: 192.168.10.6

I. Install OpenLDAP
# yum -y install openldap-servers openldap-clients
# vi /etc/sysconfig/ldap
Line 12: uncomment and change

 
# vi /etc/openldap/slapd.conf
Create new

 
# rm -rf /etc/openldap/slapd.d/*
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

 

# vi /etc/openldap/slapd.d/cn=config/olcDatabase\={0}config.ldif
Line 4: change:

 
# vi /etc/openldap/slapd.d/cn=config/olcDatabase\={1}monitor.ldif
Create new:

 
# chown -R ldap. /etc/openldap/slapd.d
# chmod -R 700 /etc/openldap/slapd.d
# service slapd start
# chkconfig slapd on
 
 
II. Initial Configuration
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif

 
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

 
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

 
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

 
# slappasswd

 
# mkdir /tmp/setldap ; cd /tmp/setldap
# vi backend.ldif
Create new:

 
# ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif

 
# vi frontend.ldif
Create new:

 
# ldapadd -x -D cn=Manager,dc=tahubachem,dc=local -W -f frontend.ldif

 
III. Add Existing local Users to LDAP Directory
# vi ldapuser.sh

 
# sh ldapuser.sh
# ldapadd -x -D cn=Manager,dc=tahubachem,dc=local -W -f ldapuser.ldif
Enter LDAP Password:

 
IV. Add existing local groups to LDAP directory.
# vi ldapgroup.sh

 
# sh ldapgroup.sh
# ldapadd -x -D cn=Manager,dc=tahubachem,dc=local -W -f ldapgroup.ldif
Enter LDAP Password:

 
 
V. Configuration for LDAP client
# yum -y install openldap-clients nss-pam-ldapd
# vi /etc/openldap/ldap.conf

 
# vi /etc/nslcd.conf
Line 131: specify URI, Suffix

 
# vi /etc/pam_ldap.conf
Line 17: make it comment

 
Line 20: specify Suffix

 
Add at the last line

 
# vi /etc/pam.d/system-auth
add highlight parameter line 8,14,19,26,28

 
# vi /etc/nsswitch.conf
Line 33: add:

 
Line 57: change:

 
Line 61: change:

 
# vi /etc/sysconfig/authconfig
Line 18: change:

 
# chkconfig nslcd on
# shutdown -r now

 
VI. Change OpenLDAP settings
# mkdir /tmp/setsamba
# cd /tmp/setsamba

-Install samba from centos default repo, check the samba version then do wget
# yum -y install samba
# wget http://mirror.centos.org/centos/6.3/os/x86_64/Packages/samba-3.5.10-125.el6.x86_64.rpm
# rpm2cpio samba-3.5.10-125.el6.x86_64.rpm | cpio -id
# cp ./etc/openldap/schema/samba.schema /etc/openldap/schema/
# vi schema_convert.conf
Create new:

 
# mkdir /tmp/setsamba/ldif_output
# slapcat -f schema_convert.conf -F /tmp/setsamba/ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > ./cn=samba.ldif
# vi cn=samba.ldif
Line 1,3: change ( remove “{12}” )

 
Remove these lines below ( placed at the bottom )

 
# ldapadd -Y EXTERNAL -H ldapi:/// -f cn=samba.ldif

 
# vi samba_indexes.ldif
Create new

 
# ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif

 
# service slapd restart

 
VII. Change Samba settings. This Samba PDC server need to be a LDAP Client.
# yum --enablerepo=epel -y install smbldap-tools
# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
# cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf
# vi /etc/samba/smb.conf

 
# mkdir /datasamba
# mkdir /datasamba/public
# mkdir /datasamba/private
# mkdir /home/netlogon
# service smb restart
# service nmb restart
# chkconfig smb on
# chkconfig nmb on
# smbpasswd -W

 
# perl /usr/share/doc/smbldap-tools-*/configure.pl

 
# smbldap-populate

 
-Setup firewall
# system-config-firewall-tui
Open port samba,samba client,customize => tcp:389

 
VIII. Testing
-Add samba ldap user
# smbldap-useradd -a -m sysadmin
# smbldap-groupmod -m sysadmin "Domain Admins"
# smbldap-passwd sysadmin
# smbldap-useradd -a -m bachem
# smbldap-groupmod -m bachem "Domain Admins"
# smbldap-passwd bachem
# smbldap-useradd -a -m staff1
# smbldap-groupmod -m staff1 "Domain Users"
# smbldap-passwd staff1

-Set ACL for samba share folder
# setfacl -m group:Domain\ Admins:rwx /datasamba/private/
# setfacl -m group:Domain\ Users:rwx /datasamba/public/

-Setup Windows LDAP Admin to make easier maintain ldap user

-Win XP Join Domain:



-Login as domain users to test share folder private


-Win 7 Pro x64 Join Domain:
Now join your Windows 7 PC to the domain using this official Samba mini guide http://wiki.samba.org/index.php/Windows7

-Download Windows7 Registry Patch from here:
https://bugzilla.samba.org/attachment.cgi?id=4988&action=view

-Note based in my experiences:
If computer with Windows7 fresh install with no update is going to join domain, first I’m install hotfix from here:
http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2171571&kbln=en-us then run registry patch Win7_Samba3DomainMember.reg => Restart PC => Join Domain =>> Restart PC => successful login with domain users

If Computer with Windows7 SP1, I just run registry patch Win7_Samba3DomainMember.reg => Restart PC => Join Domain => Restart PC => Successful login with domain users




– Login as domain admins to test access share folder private


Related posts:

4 Comments

  1. Hi,
    I go through you instructions everything is working fine, But whe i try to add user account using
    smbldap-useradd -a -m sysadmin . I am getting below error.

    Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/vendor_perl/smbldap_tools.pm line 144, line 15.
    Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/vendor_perl/smbldap_tools.pm line 144, line 19.
    Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/vendor_perl/smbldap_tools.pm line 144, line 25.
    Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/vendor_perl/smbldap_tools.pm line 144, line 35.
    Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/vendor_perl/smbldap_tools.pm line 144, line 40.
    Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/vendor_perl/smbldap_tools.pm line 144, line 85.

    kindly help me . I am new to this setup

  2. Thank you,

    I resolved the issue. Solution is just remove the empty space on smb.conf file ( line 15 )

  3. Dear Admin,

    Pada step VI. Change OpenLDAP settings, ketika add samba.ldif saya mendapati error ldap_add: Naming violation (64) begini :
    =======================================
    =======================================
    [root@xx setsamba]# ldapadd -Y EXTERNAL -H ldapi:/// -f cn=samba.ldif
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn={}samba,cn=schema,cn=config”
    ldap_add: Naming violation (64)

    =======================================
    Mohon bantuan dan solusinya.., Saya menggunakan Centos 6.2 32 bit

    Terimakasih.

    Salam
    acenk90

  4. Hai,

    Salam do you have configuration for VPN in centos 6 and i want to connect my home system through from out of any where. Please send me the configuration doc to.

    Thanks
    T.Saminadane

Leave a Reply

Your email address will not be published. Required fields are marked *