root@master:~# apt-get install samba-doc
root@pdc:~# cp -Rpf /etc/ldap/ /etc/ldap.orig
root@pdc:~# cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/
root@pdc:~# gzip -d /etc/ldap/schema/samba.schema.gz
root@pdc:~# vim schema_convert.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/samba.schema
root@pdc:~# mkdir -p ./tmp/ldif_output
root@pdc:~# slapcat -f schema_convert.conf -F ./tmp/ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > ./tmp/cn=samba.ldif
root@pdc:~# cp -pf ./tmp/cn=samba.ldif ./tmp/cn=samba.ldif.orig
root@pdc:~# vi ./tmp/cn=samba.ldif
Eliminar el {12} de la linea 1 y la linea 3:
dn: cn={12}samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {12}samba
Quedando:
dn: cn=samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: samba
Eliminar estas líneas al final del archivo:
structuralObjectClass: olcSchemaConfig
entryUUID: bd8a7a82-3cb8-102f-8d5f-070b4e5d16f8
creatorsName: cn=config
createTimestamp: 20100815125953Z
entryCSN: 20100815125953.198505Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20100815125953Z
root@pdc:~# ldapadd -Y EXTERNAL -H ldapi:/// -f ./tmp/cn=samba.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=samba,cn=schema,cn=config"
root@pdc:~# vim samba_indexes.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub
root@pdc:~# ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"
root@pdc:~# /etc/init.d/slapd restart
Stopping OpenLDAP: slapd.
Starting OpenLDAP: slapd.
root@pdc:~# apt-get install smbldap-tools samba
Workgroup/Domain Name: MiDominio
root@pdc:~# mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
root@pdc:~# cp /usr/share/doc/smbldap-tools/examples/smb.conf /etc/samba/smb.conf
root@pdc:~# vim /etc/samba/smb.conf
Linea 3 cambiar el grupo de trabajo:
workgroup = MiDominio
Linea 12 comentarla:
#min passwd length = 3
Cambiar línea 22 a yes:
ldap passwd sync = yes
Cambiar línea 33 y 34 a:
Dos charset = CP932
Unix charset = UTF-8
48:
ldap admin dn = cn=admin,dc=mi-dominio,dc=com
50:
ldap suffix = dc=mi-dominio,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
60 descomentarla:
delete group script = /usr/sbin/smbldap-groupdel "%g"
64 agregar:
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
admin users = master
ldap ssl = no
root@pdc:~# mkdir /home/netlogon
root@pdc:~# /etc/init.d/samba restart
Stopping Samba daemons: nmbd smbd.
Starting Samba daemons: nmbd smbd.
root@pdc:~# smbpasswd -W
Setting stored password for "cn=admin,dc=mi-dominio,dc=com" in secrets.tdb
New SMB password: morsamorsa
Retype new SMB password: morsamorsa
root@pdc:~# gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz
root@pdc:~# perl /usr/share/doc/smbldap-tools/configure.pl
$# is no longer supported at /usr/share/doc/smbldap-tools/configure.pl line 314.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
smbldap-tools script configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Before starting, check
. if your samba controller is up and running.
. if the domain SID is defined (you can get it with the 'net getlocalsid')
. you can leave the configuration using the Crtl-c key combination
. empty value can be set with the "." character
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Looking for configuration files...
Samba Configuration File Path [/etc/samba/smb.conf] > ENTER
The default directory in which the smbldap configuration files are stored is shown.
If you need to change this, enter the full directory path, then press enter to continue.
Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] > ENTER
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's start configuring the smbldap-tools scripts ...
. workgroup name: name of the domain Samba act as a PDC
workgroup name [MiDominio] > ENTER
. netbios name: netbios name of the samba controler
netbios name [PDC-SRV] > ENTER
. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
logon drive [H> ENTER
. logon home: home directory location (for Win95/98 or NT Workstation).
(use %U as username) Ex:'PDC-SRV%U'
logon home (press the "." character if you don't want homeDirectory) [PDC-SRV%U] > . #punto
. logon path: directory where roaming profiles are stored. Ex:'PDC-SRVprofiles%U'
logon path (press the "." character if you don't want roaming profile) [PDC-SRVprofiles%U] > . #PTO
. home directory prefix (use %U as username) [/home/%U] > ENTER
. default users' homeDirectory mode [700] > ENTER
. default user netlogon script (use %U as username) [logon.bat] > ENTER
default password validation time (time in days)> ENTER
. ldap suffix [dc=mi-dominio,dc=com] > ENTER
. ldap group suffix [ou=groups] > ENTER
. ldap user suffix [ou=people] > ENTER
. ldap machine suffix [ou=Computers] > ENTER
. Idmap suffix [ou=Idmap] > ENTER
. sambaUnixIdPooldn: object where you want to store the next uidNumber
and gidNumber available for new users and groups
sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=MiDominio] > ENTER
. ldap master server: IP adress or DNS name of the master (writable) ldap server
ldap master server [192.168.1.101] > ENTER
. ldap master port [389] > ENTER
. ldap master bind dn [cn=admin,dc=mi-dominio,dc=com] > ENTER
. ldap master bind password [] > morsamorsa
. ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
ldap slave server [192.168.1.101] > LDAP Secundario, ENTER si no existe ENTER
. ldap slave port [389] > ENTER
. ldap slave bind dn [cn=admin,dc=mi-dominio,dc=com] > ENTER
. ldap slave bind password [] > Ingresar si existe el secundario, si no existe la misma será la del master > morsamorsa
. ldap tls support (1/0) [0] > ENTER
. SID for domain MiDominio: SID of the domain (can be obtained with 'net getlocalsid PDC-SRV')
SID for domain MiDominio [S-1-5-21-2769326514-740161531-1983817306] > ENTER
. unix password encryption: encryption used for unix passwords
unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > MD5
. default user gidNumber [513] > ENTER
. default computer gidNumber [515] > ENTER
. default login shell [/bin/bash] > ENTER
. default skeleton directory [/etc/skel] > ENTER
. default domain name to append to mail adress [] > ENTER
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Use of uninitialized value $# in concatenation (.) or string at /usr/share/doc/smbldap-tools/configure.pl line 314, line 34.
backup old configuration files:
/etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
/etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
writing new configuration file:
/etc/smbldap-tools/smbldap.conf done.
/etc/smbldap-tools/smbldap_bind.conf done.
root@pdc:~# smbldap-populate
Populating LDAP directory for domain MiDominio (S-1-5-21-3529095435-2300348255-434367669)
(using builtin directory structure)
entry dc=mi-dominio,dc=com already exist.
entry ou=people,dc=mi-dominio,dc=com already exist.
entry ou=groups,dc=mi-dominio,dc=com already exist.
adding new entry: ou=Computers,dc=mi-dominio,dc=com
adding new entry: ou=Idmap,dc=mi-dominio,dc=com
adding new entry: uid=root,ou=people,dc=mi-dominio,dc=com
adding new entry: uid=nobody,ou=people,dc=mi-dominio,dc=com
adding new entry: cn=Domain Admins,ou=groups,dc=mi-dominio,dc=com
adding new entry: cn=Domain Users,ou=groups,dc=mi-dominio,dc=com
adding new entry: cn=Domain Guests,ou=groups,dc=mi-dominio,dc=com
adding new entry: cn=Domain Computers,ou=groups,dc=mi-dominio,dc=com
adding new entry: cn=Administrators,ou=groups,dc=mi-dominio,dc=com
adding new entry: cn=Account Operators,ou=groups,dc=mi-dominio,dc=com
adding new entry: cn=Print Operators,ou=groups,dc=mi-dominio,dc=com
adding new entry: cn=Backup Operators,ou=groups,dc=mi-dominio,dc=com
adding new entry: cn=Replicators,ou=groups,dc=mi-dominio,dc=com
entry sambaDomainName=MiDominio,dc=mi-dominio,dc=com already exist. Updating it...
Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password: morsamorsa
Retype new password: morsamorsa
Agregar grupo admin que definio en el smb.conf (master):
root@pdc:~# smbldap-groupadd -a master
Cannot confirm gidNumber 1000 is free: checking for the next one
Agregamos usuario y a la vez al grupo de dominio (master):
root@pdc:~# smbldap-useradd -am -g master master
Cannot confirm uidNumber 1000 is free: checking for the next one
Creamos la contraseña para el usuario master:
root@pdc:~# smbldap-passwd master
Changing UNIX and samba passwords for master
New password: adminadmin
Retype new password: adminadmin
login as: htirado
[email protected] 's password: mi pass de usuario htirado
htirado@pdc:~$ su - master
Password: adminadmin
htirado@pdc:~$ su - master
Password: adminadmin
FUENTES:
www.server-world.info
groups.google.com
lists.debian.org
www.esdebian.org
Más info en: