SAMBAwith LDAP

http://forum.mait.
vn
SAMBA DOMAIN CONTROLLER WITH OPEN LDAP BACKEND ON CENTOS
Ti liu ny hng dn cc bn cu hnh Domain Controller trn Linux vi SDC lm frontend v openLDAP lm backend. Ngoi ra n cn ch ra nhng c im ca DC trn linux. My lm DC l 1 my ci Centos Linux. My trm l my WinXP pro. LDAP s c cu hnh cha ti khong ngi dng, nhm, ti khong my tnh ng nhp v s dng cc dch v mng.
Trn Hu Nhn - nhanth87@gmail.com MaIT Research Team Mi thc mc cc bn vui lng lin h http://forum.mait.vn mc mng v bo mt.
trang 1
12/10/2008
http://forum.mait.vn
I) Gii thiu:
Domain Controller: mt domain controller dng chng thc user dng cc dch v, cc ngun ti nguyn trn domain . Khi c mt yu cu chng thc gi ti DC, DC s kim tra trong c s d liu v cp chng thc cho user . Trn Linux chng ta dng SAMBA nh mt Domain Controller (Primary hoc Backup) Gii thiu SAMBA: Samba l mt sn phm m ngun m dng SMB(server Messenger Block) protocol. N gip cho my linux c th kt ni n cc my dng windows hoc unix. Tnh nng SAMBA phin bn 3 Join vo Active Directory dng LDAP hoc kerberos H tr Unicode Win Xp c th kt ni ti my ch samba m khng cn hack registry Chc nng ca SAMBA: Chia s th mc dng chung v chia s my in cho Linux, Windows, Unix Chng thc my linux login vo AD Cung cp dch v wins Lm Primary domain controller ( bng Win NT) Lm Backup domain controller cho Samba Primary Domain Controller . Tuy nhin SAMBA khng th: Lm BDC cho windows PDC hoc ngc li Lm ADC Nhng im ch trong khi cu hnh SAMBA:
Ci t yum install samba samba-common samba-client samba-swat cc Daemons ca SAMBA: smbd: cung cp file sharing, printing service, chng thc user, qun l ti nguyn mng. smbd lng nghe trn port 139, 445 nmbd: hiu v tr li dch v netBIOS name winbind: phn gii user v group trn windows
trang 2
12/10/2008
http://forum.mait.vn file cu hnh: /etc/samba/smb.conf ti liu samba: /usr/share/doc/samba{tab} samba c th cha d liu chng thc : plaintext smbpasswd ldapsam_compat tbdsam ldapsam mysqlsam LDAP: LDAP l mt tp hp cc protocol (lightweight directory access protocol) truy cp vo cc d liu trung tm. LDAP c xy dng trn chun X.500 nhng t phc tp v nh hn X.500. LDAP cha d liu trong mt cu trc d liu hnh cy. Vd nh m hnh danh b in thoi. Cc d liu ny bao gm: username, password, phone number, id. LDAP c dng server/client. Server dng nhiu loi c s d liu cha cu trc hnh cy ny. Client kt ni vo server c, chnh sa, thm cc d liu khc. LDAP khng phi ch dng chng thc user trn controller m cn dng cho cc mc ch khc nh: chng thc cho cc dch v zimbra, radius, dch v mail c bit l cc dch v hi ngh trc tuyn. Directory service ca Microsoft base trn LDAP chun RFC1777 openLDAP: Cung cp nhng th vin chy openldap-servers v open-ldap-clients. Openldap-clients cung cp cc cng c dng lnh xem, chnh sa d liu ca LDAP Openldap-servers cung cp my ch dch v LDAP Cc im cn ch khi cu hnh LDAP Yum install openldap openldap-servers openldap-clients Cc file cu hnh: /etc/openldap/slapd.conf /etc/openldap/ldap.conf Database file: /var/lib/dirsvr/slapd-* trang 3 12/10/2008
M hnh ci t samba openldap SAMBA PDC SERVER ====================== chng thc user || openLDAP ================= radius server ====== chng thc radius || LDAP databases
II) Cu hnh:
B1: cu hnh s b Ci t Centos v t tn l dc1. Tn y ca my CentOS ny l dc1.mait.vn Tn min c dng trong ti liu ny l mait.vn u tin g lnh: # config eth0: Add:192.168.0.2 Subnetmask:255.255.255.0 Gateway:192.168.0.1 Sa etc/hosts: # vi /etc/hosts 127.0.1.1
dc01.mait.vn
dc01
B2: Ci t cc gi cn thit: Ci t Samba: # yum disablerepo=\* --enablerepo=c5-media install samba samba-client smbldap-tools smbclient samba-doc
trang 4
12/10/2008
Hoc: # yum install samba samba-client smbldap-tools smbclient samba-doc Ci t openLDAP: # yum disablerepo=\* --enablerepo=c5-media install openldap openldap-servers openldap-clients Hoc # yum install openldap openldap-servers openldap-clients Ci t BIND DNS: # yum disablerepo=\* --enablerepo=c5-media install bind bind-chroot systemconfig-bind Ci t perl: # yum disablerepo=\* --enablerepo=c5-media install perl*
B3: Cu hnh openLDAP dng Samba:

Kim tra xem c file samba.chema trong /etc/openldap/schema cha: # dir /etc/openldap/schema Chnh sa li /etc/openldap/slapd.conf cho ng vi suffix ldap mi: # vi /etc/openldap/slapd.conf Suffix (suffix ca LDAP, v d dc=mait,dc=vn )(tng ng vi mait.vn) Rootdn (dn l Manager ca LDAP v d : cn=admin, dc=mait,dc=vn) Rootpw (Password tng ng)
Chnh sa li /etc/openldap/ldap.conf # vi etc/openldap/ldap.conf BASE (suffix ca LDAP dc=mait,dc=vn )
# chown R ldap /var/lib/ldap Khi ng li LDAP # service ldap restart
trang 5
12/10/2008
http://forum.mait.vn Lu : nu gp li DB_CONFIG khng tn ti th hy post ln din n MaIT http://forum.mait.vn B4: Cu hnh Samba:
Chnh sa file smb.conf li: # vi smb.conf

workgroup = mait security = user passdb backend = ldapsam:ldap://localhost/ obey pam restrictions = no # # cu hnh ca LDAP # ldap admin dn = cn=admin,dc=example,dc=local ldap suffix = dc=example, dc=local ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" domain logons = yes
Hoc c th dng samba-swat (xem file film)
Khi ng li samba: # service smb restart # chkconfig smb on
trang 6
12/10/2008
# chkconfig nmb on # chkconfig swat on # smbpasswd w <passOfAdmin>
B5: Cu hnh smbldap-tools: # mkdir /etc/smbldap-tools # cd /usr/share/doc/samba{tab}/LDAP/smbldap-tools # cp smbldap-* /usr/local/sbin # cp smbldap_* /usr/local/sbin # cp smbldap.conf smbldap_bind.conf /etc/smbldap-tools # chmod +x /usr/local/sbin/smbldap* Chnh sa smbldap.conf v smbldap_bind.conf cho ph hp vi suffix ca chng ta.. Sau chng ta bt u xy dng LDAP directory:
# smbldap-populate <passw>
ku gi my server chng thc bng LDAP setup authentication chn LDAP Next chn cc suffix cho ph hp # chkconfig ldap on B6: cu hnh BIND-CHROOT DNS
trang 7
12/10/2008
http://forum.mait.vn #chmod777/var/named/chroot/var/run/named/ # cd /var/named/chroot/var/named/ # cp /usr/share/doc/bind{tab}/sample/var/named/named.local /var/named/chroot/var/named/named.local # cp /usr/share/doc/bind-9.3.4/sample/var/named/named.root /var/named/chroot/var/named/named.root # touch /var/named/chroot/etc/named.conf # chkconfig --levels 235 named on # service named restart
Sau dng system-config-bind to record v PTR-record cho domain mait.vn Restart li my: # shutdown r now Sau khi khi ng xong ta c th join my win xp vo domain ca chng ta.
III) Ti liu tham kho:

Sch: Redhat Deployment Guide, Samba definion Guide, openLDAP manuals Web: www.howtoforge.com
trang 8
12/10/2008

SAMBAwith LDAP

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

SAMBAwith LDAP

Cargado por

Copyright:

Formatos disponibles

http://forum.mait.

SAMBA DOMAIN CONTROLLER WITH OPEN LDAP BACKEND ON CENTOS

B3: Cu hnh openLDAP dng Samba:

Chnh sa li /etc/openldap/ldap.conf # vi etc/openldap/ldap.conf BASE (suffix ca LDAP dc=mait,dc=vn )

# chown R ldap /var/lib/ldap Khi ng li LDAP # service ldap restart

Chnh sa file smb.conf li: # vi smb.conf

Hoc c th dng samba-swat (xem file film)

Khi ng li samba: # service smb restart # chkconfig smb on

# chkconfig nmb on # chkconfig swat on # smbpasswd w <passOfAdmin>

III) Ti liu tham kho:

También podría gustarte