0% found this document useful (0 votes)

27 views8 pages

Samba Ldap

The document provides a comprehensive guide on installing and configuring Samba and OpenLDAP, including steps for setting up user groups and shared folders. It details commands for installing necessary packages, configuring LDAP settings, and modifying Samba configuration files. Additionally, it includes instructions for adding users and groups, as well as creating shared directories with appropriate permissions.

Uploaded by

6204576707rup

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

27 views8 pages

Samba Ldap

Uploaded by

6204576707rup

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Installing Samba.........................................................................................................................................2
Configure OpenLdap..................................................................................................................................2
Configure Samba........................................................................................................................................3
Configure smbldap Tools...........................................................................................................................7
Adding User Groups and Shared Folders..................................................................................................9
Installing Samba

Setting Rpmforge repository ..

rpm --import [Link]

rpm -ivh [Link]

yum repolist

yum install openldap-servers nss_ldap samba httpd openssl mod_ssl mysql mysql-server php php-xml
php-ldap php-mysql php-pdo php-cli php-common smbldap-tools
perl-LDAP perl-Crypt-SmbHash smbldap-tools perl-Digest-SHA1 perl-Unicode-MapUTF8 openldap-
clients

Configure OpenLdap
mv -f /etc/openldap/[Link] /etc/openldap/[Link]

Generate a master password to set up ldap

slappasswd
New password:
Re-enter new password:
{SSHA}et/Lp4/V1wigdaP0pfeQtQIpT1PPJY8+

Copy this ssha encrypted password we will use it in the configuretion

vi /etc/openldap/[Link]

include /etc/openldap/schema/[Link]
include /etc/openldap/schema/[Link]
include /etc/openldap/schema/[Link]
include /etc/openldap/schema/[Link]
include /etc/openldap/schema/[Link]

allow bind_v2

pidfile /var/run/openldap/[Link]
argsfile /var/run/openldap/[Link]

access to
attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
by self write
by anonymous auth
by * none

access to *
by self write
by * read

database bdb
suffix "dc=sceh,dc=net"
rootdn "cn=Manager,dc=sceh,dc=net"
rootpw {SSHA}et/Lp4/V1wigdaP0pfeQtQIpT1PPJY8+
password-hash {SSHA}
directory /var/lib/ldap

index cn,sn,uid,displayName pres,sub,eq

index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub

cp /usr/share/doc/samba-3.*/LDAP/[Link] /etc/openldap/schema/
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap /var/lib/ldap/DB_CONFIG
chmod 600 /var/lib/ldap/DB_CONFIG

vi [Link]

dn: dc=sceh,dc=net
objectclass: dcObject
objectclass: organization
o: sceh
dc: sceh

vi [Link]
dn: cn=root,dc=sceh,dc=net
objectclass: organizationalRole
cn: root

slapadd -l /etc/openldap/[Link]
chown -R ldap:ldap /var/lib/ldap
chmod 600 /var/lib/ldap/*
slapcat

service ldap start

chkconfig ldap on
Configure Samba
mv /etc/samba/[Link] /etc/samba/[Link]

vi /etc/samba/[Link]

[global]

dos charset = 850

unix charset = ISO8859- 1
workgroup = SCEH
netbios name = SAMBA1
obey pam restrictions = Yes
password server = [Link]
passdb backend = ldapsam:ldap://[Link]/
username map = /etc/samba/smbusers
log level = 2
log file = /var/log/samba/%[Link]
unix extensions = No
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %g %u
delete user from group script = /usr/sbin/smbldap-groupmod -x %g %u
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
# logon script = [Link]
logon path = \\%N\%U\profile
logon home = \\%N\%U
logon drive = Z:
domain logons = Yes
os level = 65
smb ports = 139
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = Yes
domain master = Yes
ldap admin dn = cn=Manager,dc=sceh,dc=net
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
# wins support = Yes
ldap suffix = dc=sceh,dc=net
ldap ssl = no
idmap backend = ldap://[Link]/
idmap uid = 15000-20000
idmap gid = 15000-20000
recycle:touch = Yes
recycle:versions = Yes
recycle:maxsize = 0
recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??
recycle:excludedir = /tmp|/temp|/cache
recycle:noversions = *.doc|*.xls|*.ppt
recycle:repository = .Recycle/%U
recycle:keeptree = Yes
inherit acls = Yes
hosts allow = 192.168.1.
ea support = Yes
map acl inherit = Yes
store dos attributes = Yes
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
dos filemode = Yes
vfs objects = recycle
posix locking = no
nt acl support = yes

[homes]
comment = Home Directories
path = /home/%u
valid users = %S
writeable = yes
read only = No
browseable = No

[netlogon]
comment = Network Logon service
path = /home/netlogon
guest ok = Yes
browseable = no
read only = Yes

Configure smbldap Tools

cp /usr/share/doc/smbldap-tools-0.9.5/[Link] /etc/smbldap-tools/[Link]

net getlocalsid

vi /etc/smbldap-tools/[Link]
# General Configuration

SID="S-1-5-21-2670368159-1018889019-89649393"
sambaDomain="SCEH"
# LDAP Configuration

slaveLDAP="[Link]"
slavePort="389"
masterLDAP="[Link]"
masterPort="389"
ldapTLS="0"
ldapSSL="0"
verify="require"
cafile="/etc/smbldap-tools/[Link]"
clientcert="/etc/smbldap-tools/[Link]"
clientkey="/etc/smbldap-tools/[Link]"
suffix="dc=sceh,dc=net"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"

# Unix Accounts Configuration

userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="10950"

# SAMBA Configuration
userSmbHome=""
userProfile=""
userHomeDrive=""
userScript=""
mailDomain="[Link]"

vi /etc/smbldap-tools/smbldap_bind.conf
slaveDN="cn=Manager,dc=sceh,dc=net"
slavePw="p4mail1server"
masterDN="cn=Manager,dc=sceh,dc=net"
masterPw="p4mail1server"

chmod 644 /etc/smbldap-tools/[Link]

chmod 600 /etc/smbldap-tools/smbldap_bind.conf

authconfig-tui
[*] Use MD5 Passwords
[*] Use Shadow Passwords
[*] Use LDAP
[*] Use LDAP Authentication
[ ] Local authorization is sufficient

vi /etc/pam.d/system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so

auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so

vi /etc/[Link]

passwd: files ldap

shadow: files ldap
group: files ldap

hosts: files dns

bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus

testparm -v
smbpasswd -w p4mail1server
smbldap-populate

/etc/init.d/smb start
chkconfig smb on

Adding User Groups and Shared Folders

smbldap-useradd -a -G 'Domain Users' -m -s /bin/bash -d /home/user -F "" -P user
net groupmap list
If you want to add a group to LDAP/Samba, say for controlling which users can write/read files on a
share, and have it determine that by groups:
smbldap-groupadd -a account
add users to the group..
smbldap-groupmod -m nitin,test accounts

Now create shared directory for accounts group

mkdir /data/accounts
chown [Link] /data/accounts
chmod 771 /data/accounts

Now add this in the samba configuration..

vi /etc/samba/[Link]
[accounts]

comment = Account Department

path = /data/accounts
valid users = +accounts
admin users = nitin
write list = +accounts
read only = No
force create mode = 760
directory mask = 0750
force directory mode = 0750

Samba & LDAP Setup Guide
No ratings yet
Samba & LDAP Setup Guide
11 pages
Ubuntu 7.10: OpenLDAP & Samba Setup
No ratings yet
Ubuntu 7.10: OpenLDAP & Samba Setup
12 pages
BSD Guides: Doing Stuff With FreeBSD, NetBSD, OpenBSD, & Mac OS X
No ratings yet
BSD Guides: Doing Stuff With FreeBSD, NetBSD, OpenBSD, & Mac OS X
9 pages
Fisiere Modificate Ldap Client
No ratings yet
Fisiere Modificate Ldap Client
8 pages
Authenticating Windows To OpenLDAP Server On Ubuntu 9
No ratings yet
Authenticating Windows To OpenLDAP Server On Ubuntu 9
17 pages
Build A Samba PDC With LDAP Backend - BSD Guides
No ratings yet
Build A Samba PDC With LDAP Backend - BSD Guides
11 pages
Samba Setup Guide for Linux Admins
No ratings yet
Samba Setup Guide for Linux Admins
45 pages
Script Ultimate Rhcsa Training
No ratings yet
Script Ultimate Rhcsa Training
4 pages
Configuración de Samba para Linux a Windows
No ratings yet
Configuración de Samba para Linux a Windows
6 pages
Linux Server Installation Configuration Manual
No ratings yet
Linux Server Installation Configuration Manual
32 pages
Samba LDAP PDC Complete Tutorial
No ratings yet
Samba LDAP PDC Complete Tutorial
11 pages
Samba PDC Setup on CentOS 7 Guide
No ratings yet
Samba PDC Setup on CentOS 7 Guide
15 pages
OpenLDAP Server and Client Setup Guide
No ratings yet
OpenLDAP Server and Client Setup Guide
12 pages
Ldap Authentication Config
No ratings yet
Ldap Authentication Config
10 pages
OpenLDAP Server Setup Guide
No ratings yet
OpenLDAP Server Setup Guide
4 pages
Configuring A Squid Server To Authenticate Off Active Directory
No ratings yet
Configuring A Squid Server To Authenticate Off Active Directory
6 pages
Comandos Parte2
No ratings yet
Comandos Parte2
5 pages
Install VLC and Configure OpenLDAP
No ratings yet
Install VLC and Configure OpenLDAP
3 pages
Oracle Installation Steps On Linux (Centos Version)
No ratings yet
Oracle Installation Steps On Linux (Centos Version)
31 pages
Estudo de Caso
No ratings yet
Estudo de Caso
75 pages
Samba + OpenLDAP Setup Guide
No ratings yet
Samba + OpenLDAP Setup Guide
17 pages
LDAP Server Configuration RHEL7
No ratings yet
LDAP Server Configuration RHEL7
4 pages
LINUX Admin Quick Reference
No ratings yet
LINUX Admin Quick Reference
5 pages
LINUX Admin Quick Reference
100% (1)
LINUX Admin Quick Reference
5 pages
TP Ldap
No ratings yet
TP Ldap
3 pages
Ldap Documentation 2021.8
No ratings yet
Ldap Documentation 2021.8
7 pages
Active Directory Samba Setup for RHEL/CentOS
No ratings yet
Active Directory Samba Setup for RHEL/CentOS
8 pages
LINUX Admin Quick Reference: Files
No ratings yet
LINUX Admin Quick Reference: Files
5 pages
Samba4 Domain Controller Setup Guide
No ratings yet
Samba4 Domain Controller Setup Guide
9 pages
OpenLDAP Setup Guide for CentOS 7
No ratings yet
OpenLDAP Setup Guide for CentOS 7
5 pages
Smbldap-Tools User Manual (Release: 0.9.3) : J Er Ome Tournier Revision: 1.7, Generated April 22, 2008
No ratings yet
Smbldap-Tools User Manual (Release: 0.9.3) : J Er Ome Tournier Revision: 1.7, Generated April 22, 2008
30 pages
LDAP
No ratings yet
LDAP
5 pages
OpenLDAP Commands
No ratings yet
OpenLDAP Commands
11 pages
Linux System Admin Tasks Guide
75% (4)
Linux System Admin Tasks Guide
6 pages
Squid Auth Ad
No ratings yet
Squid Auth Ad
6 pages
Linux Admin Quick Reference
100% (1)
Linux Admin Quick Reference
6 pages
How To Set Up Open Ldap On Ubuntu 11
No ratings yet
How To Set Up Open Ldap On Ubuntu 11
4 pages
SAMBA LDAP PDC Configuration Guide
No ratings yet
SAMBA LDAP PDC Configuration Guide
56 pages
Redhat Linux Enterprise
No ratings yet
Redhat Linux Enterprise
13 pages
Samba Server Setup on CentOS 6.3
No ratings yet
Samba Server Setup on CentOS 6.3
7 pages
Ldap Server Configuration
No ratings yet
Ldap Server Configuration
20 pages
FreeBSD 11 AD Member Server Guide
No ratings yet
FreeBSD 11 AD Member Server Guide
1 page
SAMBA
No ratings yet
SAMBA
6 pages
Configuring Samba Server
No ratings yet
Configuring Samba Server
4 pages
Samba Config for Linux Admins
No ratings yet
Samba Config for Linux Admins
5 pages
LDAP Client Setup for Solaris 9
No ratings yet
LDAP Client Setup for Solaris 9
6 pages
SIP Protocol and IMS Overview
No ratings yet
SIP Protocol and IMS Overview
3 pages
Mobileye's L2++ ADAS Innovations
No ratings yet
Mobileye's L2++ ADAS Innovations
6 pages
Listening Eoc Test No.2: Task 1
No ratings yet
Listening Eoc Test No.2: Task 1
3 pages
Devlist
No ratings yet
Devlist
9 pages
Computer System Engineering Exam
No ratings yet
Computer System Engineering Exam
4 pages
Penajaman Citra Landsat 8 dengan Brovey
No ratings yet
Penajaman Citra Landsat 8 dengan Brovey
8 pages
Contiki NG Cheat Sheet
No ratings yet
Contiki NG Cheat Sheet
1 page
CKA Exam Curriculum Overview
No ratings yet
CKA Exam Curriculum Overview
4 pages
Born of Blood and Magic - MC Hutson
No ratings yet
Born of Blood and Magic - MC Hutson
285 pages
Class Routine: Department of Mechatronics & Industrial Engineering
No ratings yet
Class Routine: Department of Mechatronics & Industrial Engineering
1 page
Data Communications in Computer Networks
No ratings yet
Data Communications in Computer Networks
35 pages
Unigy II Installation&Operation Manual
No ratings yet
Unigy II Installation&Operation Manual
24 pages
Cyber Assets
No ratings yet
Cyber Assets
7 pages
Glacier One T30
No ratings yet
Glacier One T30
2 pages
1 C Programming Unit 3
No ratings yet
1 C Programming Unit 3
4 pages
Mini Project
No ratings yet
Mini Project
4 pages
Final Thesis
No ratings yet
Final Thesis
45 pages
Sample Paper IT
No ratings yet
Sample Paper IT
12 pages
Cyber-5 Product Trends Report 2023
No ratings yet
Cyber-5 Product Trends Report 2023
10 pages
Account Statement From 1 Jan 2021 To 12 May 2021: TXN Date Value Date Description Ref No./Cheque No. Debit Credit Balance
No ratings yet
Account Statement From 1 Jan 2021 To 12 May 2021: TXN Date Value Date Description Ref No./Cheque No. Debit Credit Balance
8 pages
Nadir Exploration v1
No ratings yet
Nadir Exploration v1
12 pages
PenetrationTestReport Sa
No ratings yet
PenetrationTestReport Sa
5 pages
VCL Workbook (High School)
0% (1)
VCL Workbook (High School)
83 pages
Hw-k460 Xe Fullmanual 01 Eng Dan Fin Nor Swe 180802
No ratings yet
Hw-k460 Xe Fullmanual 01 Eng Dan Fin Nor Swe 180802
165 pages
NVR3 Administrator's Manual v3.0.13 AC 20180330
No ratings yet
NVR3 Administrator's Manual v3.0.13 AC 20180330
176 pages
2376-Ilmi English Literature Objective Book PDF For PCS-by-Admin
No ratings yet
2376-Ilmi English Literature Objective Book PDF For PCS-by-Admin
529 pages
Computer Graphics 2019 Pattern
No ratings yet
Computer Graphics 2019 Pattern
2 pages
Animal Health Care Monitoring and Management Using Mobile App Solution For The Provincial Veterinary Office of Tarlac
100% (1)
Animal Health Care Monitoring and Management Using Mobile App Solution For The Provincial Veterinary Office of Tarlac
9 pages
Robotic Process Automation (RPA) Seminar Report
100% (6)
Robotic Process Automation (RPA) Seminar Report
32 pages
DBMS Viva Q&a
No ratings yet
DBMS Viva Q&a
5 pages

Samba Ldap

Uploaded by

Samba Ldap

Uploaded by

Table of Contents

Setting Rpmforge repository ..

rpm --import [Link]

Generate a master password to set up ldap

Copy this ssha encrypted password we will use it in the configuretion

index cn,sn,uid,displayName pres,sub,eq

service ldap start

dos charset = 850

Configure smbldap Tools

# Unix Accounts Configuration

chmod 644 /etc/smbldap-tools/[Link]

auth required pam_env.so

passwd: files ldap

hosts: files dns

Adding User Groups and Shared Folders

Now create shared directory for accounts group

Now add this in the samba configuration..

comment = Account Department

You might also like