hướng dẫn cấu hình primary domain controller with samba
TRANSCRIPT
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
1/17
Hng d n cu hnh Primary Domain Controller with Samba + OpenLDAP
Phn 1: Cu hnh DNS
M hnh mng:
Trn OpenLDAP Server ta thit lp nh sau:OpenLdap Server:Hostname: server2.abv.local
IP: 10.0.0.2
Install BIND#yum -y install bind bind-libs bind-untils bind-chroot
Configure BIND#cd /var/named/chroot/#vi etc/named.confacl mynet {10.0.0.0/8;127.0.0.1;
};
options{allow-transfer {none;};query-source port 53;query-source-v6 port 53;directory "/var/named";dump-file "/var/named/data/cache_dumb.db";
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
2/17
statistics-file "/var/named/data/name_stats.txt";memstatistics-file "/var/named/data/name_mem_stats.txt";notify yes;
};
zone "." IN {type hint;file "named.root";
};
zone "localhost" IN {type master;file "localhost.db";
};
zone "0.0.127.in-addr.arpa" IN {type master;
file "0.0.127.in-addr.arpa.db";
};
zone "abv.local" IN {type master;file "abv.local.db";
};
zone "0.0.10.in-addr.arpa" {type master;file "0.0.10.in-addr.arpa.db";
};#cd var/named#wgethttp://www.internic.net/zones/named.root
#vi localhost.db$TTL 86400@ IN SOA localhost root (20080213 ;Serial10800 ;Refresh3600 ;Retry604800 ;Expire86400 ;Minimum TTL)
IN NS @
localhost. IN A 127.0.0.1
#vi 0.0.127.in-addr.arpa.db$TTL 86400 ; 1day@ IN SOA localhost. root. (20080213 ;Serial10800 ;Refresh
http://www.internic.net/zones/named.roothttp://www.internic.net/zones/named.roothttp://www.internic.net/zones/named.roothttp://www.internic.net/zones/named.root -
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
3/17
3600 ;Retry604800 ;Expire86400 ;Minimum TTL)
IN NS localhost.
1.0.0.127.in-addr.arpa. IN PTR localhost.
#vi abv.local.db$TTL 86400@ IN SOA server2.abv.local. root (423H15M1W1D )
IN NS server2.abv.local.
server1 1D IN A 10.0.0.1
server2 1D IN A 10.0.0.2server3 1D IN A 10.0.0.3
_ldap._tcp.abv.local. SRV 0 0 389 server2.abv.local._ldap._tcp.dc._msdcs.abv.local SRV 0 0 389 server2.abv.local.
#vi 0.0.10.in-addr.arpa.db$TTL 86400@ IN SOA server2.abv.local. root. (3288007200604800
86400 )@ IN NS server2.abv.local.1 IN PTR server1.abv.local.2 IN PTR server2.abv.local.3 IN PTR server3.abv.local.
#vi /etc/resolv.confsearch abv.localnameserver 10.0.0.2
Khi ng dch v:#service named start#chkconfig named on
File cu hnh download ti:http://www.mediafire.com/?7lnwgiccvv6bsbv__________________
http://www.mediafire.com/?7lnwgiccvv6bsbvhttp://www.mediafire.com/?7lnwgiccvv6bsbvhttp://www.mediafire.com/?7lnwgiccvv6bsbvhttp://www.mediafire.com/?7lnwgiccvv6bsbv -
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
4/17
Phn 2: Cu hnh OpenLDAP
Ci t cc package cn thit:# yum --enablerepo=dag install openldap* openldap-s* compat-ldap python-ldap php-ldap nss_ldap ldapjdk samba samba-common samba-client perl-Crypt-SmbHash perl-Digest-SHA1 perl-Jcode perl-Unicode-Map perl-Unicode-Map8 perl-Unicode-MapUTF8 perl-Unicode-String
To password cho root dng m ha# slappasswd -s abv -h {MD5}
{MD5}7sWCYo5L4iMv6IEnCQ5dog==(pass for ldap: abv)
Cu hnh domain cho openLDAP# vi /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/nis.schema# addinclude /etc/openldap/schema/samba.schema
# line 86:suffix "dc=abv,dc=local"
# line 87:
rootdn "cn=Manager,dc=abv,dc=local"
# line 93: specify password generatedrootpw {MD5}7sWCYo5L4iMv6IEnCQ5dog==
# line 106: addindex sambaSID,sambaPrimaryGroupSID,sambaDomainName eqindex default sub
# add at the bottom
access to attrs=userPassword,sambaLMPassword,sambaNTPasswordby self writeby dn="cn=Manager,dc=abv,dc=local" writeby anonymous authby * none
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
5/17
access to *by dn="cn=Manager,dc=abv,dc=local" writeby self writeby * read
access to attrs=description,telephoneNumber
by dn="uid=samba,ou=Users,dc=abv,dc=local" writeby self writeby * read
access to dn.base="dc=abv,dc=local"by dn="uid=samba,ou=Users,dc=abv,dc=local" writeby * none
access to dn="ou=Users,dc=abv,dc=local"by dn="uid=samba,ou=Users,dc=abv,dc=local" writeby * none
access to dn="ou=Groups,dc=abv,dc=local"by dn="uid=samba,ou=Users,dc=abv,dc=local" writeby * none
access to dn="ou=Computers,dc=abv,dc=local"by dn="uid=samba,ou=Users,dc=abv,dc=local" writeby * none
# vi /etc/openldap/ldap.confBASE dc=abv,dc=localURI ldap://127.0.0.1/TLS_CACERTDIR /etc/openldap/cacerts
# vi /etc/ldap.confbase dc=abv,dc=local
rootbinddn cn=Manager,dc=abv,dc=local
nss_base_passwd ou=Users,dc=abv,dc=local?onenss_base_passwd ou=Computers,dc=abv,dc=local?onenss_base_group ou=Groups,dc=abv,dc=local?onenss_base_shadow ou=Users,dc=abv,dc=local?one
uri ldap://127.0.0.1/ssl notls_cacertdir /etc/openldap/cacertspam_password md5
Copy file cu hnh mu OpenLDAP ca h thng# cp /usr/share/doc/samba-3.0.33/LDAP/samba.schema etc/openldap/schema/
# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Cu hnh LDAP client
# setup
- Chn Authentication configuration -> Run Tool
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
6/17
- Next
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
7/17
- OK -> Quit
If you will not share users' /home with NFS, set config like below(users' home deirectory is made automatically when logined)
# vi /etc/pam.d/system-auth# add at the bottom
session optional pam_mkhomedir.so skel=/etc/skel umask=077
Khi ng dch v ldap# /etc/init.d/ldap start# /etc/init.d/nscd start# chkconfig ldap on# chkconfig nscd on
__________________Lun lun lng nghe !!!Lun lun support !!!
thay i ni dung bi:zuridk, 07-11-2011 lc 15:10
#3
07-11-2011, 11:54
zuridkThnh Vin Mi
Tham gia ngy: Aug 2009Bi gi: 37Thanks: 1Thanked 59 Times in 14 Posts
Phn 3: Cu hnh SMB-LDAP
# vi /etc/smbldap-tools/smbldap_bind.confslaveDN="cn=Manager,dc=abv,dc=local"slavePw="abv"masterDN="cn=Manager,dc=abv,dc=local"masterPw="abv"
# vi /etc/smbldap-tools/smbldap.conf# Ex: sambaDomain="IDEALX-NT"sambaDomain="abv.local"
slaveLDAP="127.0.0.1"slavePort="389"
masterLDAP="127.0.0.1"masterPort="389"
# LDAP Suffixsuffix="dc=abv,dc=local"
http://www.nhatnghe.com/forum/showpost.php?p=865064&postcount=3http://www.nhatnghe.com/forum/showpost.php?p=865064&postcount=3http://www.nhatnghe.com/forum/member.php?u=52320http://www.nhatnghe.com/forum/member.php?u=52320http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=855866http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=855866http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=855866http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=855866http://www.nhatnghe.com/forum/member.php?u=52320http://www.nhatnghe.com/forum/showpost.php?p=865064&postcount=3 -
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
8/17
usersdn="ou=Users,${suffix}"computersdn="ou=Computers,${suffix}"groupsdn="ou=Groups,${suffix}"idmapdn="ou=Idmap,${suffix}"sambaUnixIdPooldn="sambaDomainName=abv.local,${suffix}"scope="sub"hash_encrypt="MD5"crypt_salt_format="%s"
userLoginShell="/bin/bash"userHome="/home/%U"userHomeDirectoryMode="700"userGecos="System User"defaultUserGid="513"defaultComputerGid="515"skeletonDir="/etc/skel"defaultMaxPasswordAge="45"
userSmbHome="\\10.0.0.2\%U"userProfile="\\10.0.0.2\profiles\%U"userHomeDrive="H:"userScript="logon.bat"mailDomain="abv.local"
with_smbpasswd="0"smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"slappasswd="/usr/sbin/slappasswd"
# vi /etc/samba/smb.conf
[global]workgroup = abv.localnetbios name = ldapserversecurity = userenable privileges = yesusername map = /etc/samba/smbusersserver string = samba-ldap-pdcencrypt passwords = Yes#min passwd length = 3admin users = root#pam password change = noobey pam restrictions = No
# method 1:#unix password sync = noldap passwd sync = Yes
# method 2:#unix password sync = yes#ldap passwd sync = nopasswd program = /usr/sbin/smbldap-passwd -u "%u"
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
9/17
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
log level = 0syslog = 0log file = /var/log/samba/log.%mmax log size = 100000#time server = Yessocket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192mangling method = hash2Dos charset = CP932Unix charset = UTF-8
logon script = logon.batlogon drive =logon home =logon path =
domain logons = Yes
domain master = Yesos level = 65preferred master = Yeswins support = yes
passdb backend = ldapsam:ldap://10.0.0.2/
ldap admin dn = cn=Manager,dc=abv,dc=localldap suffix = dc=abv,dc=localldap group suffix = ou=Groupsldap user suffix = ou=Usersldap machine suffix = ou=Computersldap idmap suffix = ou=Idmap
idmap backend = ldap://127.0.0.1idmap uid = 10000-20000idmap gid = 10000-20000add user script = /usr/sbin/smbldap-useradd -m "%u"ldap delete dn = Yesdelete user script = /usr/sbin/smbldap-userdel "%u"add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"add group script = /usr/sbin/smbldap-groupadd -p "%g"delete group script = /usr/sbin/smbldap-groupdel "%g"add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
[netlogon]path = /home/samba/netlogon/browseable = Noread only = Yes
[profiles]path = /home/samba/profilesread only = No
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
10/17
create mask = 0600directory mask = 0700browseable = Noguest ok = Yesprofile acls = yescsc policy = disable# next line is a great way to secure the profilesforce user = %U# next line allows administrator to access all profilesvalid users = %U "Domain Admins"
[homes]comment = Home Directoriesvalid users = %Uread only = Nocreat mask = 0664directory mask = 0775browseable = no
To cc folder cnthit:# mkdir /home/samba# mkdir /home/samba/netlogon# mkdir /home/samba/profiles# chmod 1777 /home/samba/profiles/
# smbpasswd -W abv
#net getlocalsid
# vi /etc/smbldap-tools/smbldap.conf
Restart li dch v:# service ldap restart# service smb restart# chkconfig smb on# chkconfig ldap on
# smbldap-populate
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
11/17
To user log on:# smbldap-useradd -a -m -c abv abv# smbldap-passwd abv
Kim tra danh sch user:
# smbldap-userlist
Show thng tin user:# smbldap-usershow abv
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
12/17
Phn 4: Join windows XP vo SambaPDC
Thc hin join Windows XP vo Samba PDC:
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
13/17
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
14/17
Restart my, nhp username v password ng nhp
Ta thy 1 a H: c chia s t my SambaPDC.Tin hnh kim tra:To 1 folder trong a H:To 1 folder trn Desktop Desktop for abvTo 1 file txt data for abv trong folder Desktop for abvRestart or shutdown my win XP
-
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
15/17
Trn my SambaPDC, ta thy d liu c to trong a H: c lu trong th mc/home/abv. D liu c to trn Desktop c lu ti/home/samba/profiles/abv/Desktop.
http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=865239http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=865239http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=865239 -
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
16/17
: Tool qun tr php_LDAP_Admin
# yum --enablerepo=epel install phpldapadmin
# vi /etc/httpd/conf.d/phpldapadmin.confAlias /phpldapadmin /usr/share/phpldapadmin/htdocsAlias /ldapadmin /usr/share/phpldapadmin/htdocs
Order Deny,AllowDeny from allAllow from 127.0.0.1 10.0.0.0/24Allow from ::1
Restart dch v Apache# /etc/init.d/httpd restart# chkconfig httpd on
M browser, truy cp:http://10.0.0.2/phpldapadmin
http://10.0.0.2/phpldapadminhttp://10.0.0.2/phpldapadminhttp://10.0.0.2/phpldapadminhttp://10.0.0.2/phpldapadmin -
8/14/2019 Hng dn cu hnh Primary Domain Controller with Samba
17/17
__________________
- chuyn cc OU mu ca OpenLDAP vo file base.ldifmigration]# ./migrate_base.pl > base.ldif
- Thm ni dung vo OpenLDAP Servermigration]# ldapadd -x -W -D "cn=Manager,dc=abv,dc=local" -f base.ldif
y khng cn cc OU mu nn mnh khng cp n phn cu hnh cc file***.ldif__________________
http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=865438http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=865438http://www.nhatnghe.com/forum/newreply.php?do=newreply&p=865438