LDAP and Samba Server Configuration
May 21, 2011 3 Comments
This tutorial shows how to setup a LDAP server so you can work with LDAP and SAMBA accounts. I assume you have an up-to-date Debian based system running.
Before starting:
- Backup your configuration files first!!!
- There are people using db4.8 instead 4.2, try it at your own risk.
- I don’t work with ldap-utils, but you may want to, that’s why I put it as last software to be installed.
- You can work with phpldapadmin or lam (LDAP Account Manager). I rather work with LAM, but I’m giving you another good choice.
- This tutorial aims Debian 5.0 (Lenny). On Debian 6 (Squeeze), which I like very much, there are several differences.
Step 1: Install the needed packages (You’ll need root privileges):
- aptitude install nss-updatedb libpam-ldap libnss-ldap lam phpldapadmin db4.2-util libdb4.2 libdb4.2-dev samba samba-doc ldap-utils smbldap-tools
Step 2: Answer the questions to get your server properly configured
- LDAP Server (IP address or Server address): ldap://ldap.mydomain.com/
- LDAP Domain Name: cn=mydomain,cn=com
- LDAP Version: 3
- Does your database requires login? Yes or No (it’s up to you. I would tell you to answer no 🙂 )
- Do you want root to be the database admin? no
- For any problems or changes, reconfigure your ldap: dpkg-reconfigure ldap-auth-config
Step 3: Now let’s go to work! LDAP comes first!
- Open your /etc/ldap/slapd.conf. Check your configuration file, it’s to be like that:
# Schema and <a class="zem_slink" title="LDAP" href="http://en.wikipedia.org/wiki/LDAP" rel="wikipedia">objectClass</a> definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args #I like to log in this level loglevel 256 modulepath /usr/lib/ldap moduleload back_hdb sizelimit 500 tool-threads 1 backend hdb database hdb suffix "dc=mydomain,dc=com" rootdn "cn=admin,dc=mydomain,dc=com" #This can be get by slappasswd -s mypassword-h {SSHA} rootpw {SSHA}9BDgFTNasdC+43tgw+(mdfçlsdko directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index sambaSID eq index sambaPrimaryGroupSID eq index objectClass,uid,uidnumber,gidnumber eq index cn,mail,surname,givenname eq,sub lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=com" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=admin,dc=mydomain,dc=com" write by * read
- Ops!!! Don’t forget to put samba.schema on its proper directory.
cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema gunzip /etc/ldap/schema/samba.schema.gz
- Now take a look into /etc/ldap/ldap.conf:
#host ip or dns record. Ex:. ldap.mydomain.com HOST 10.10.25.8 BASE dc=mydomain,dc=com #URI ldap://10.10.25.8/ ldap://10.10.250.8:666/ SERVER 10.10.25.8 ROOTBINDDN cn=admin,dc=mydomain,dc=com BINDDN cn=admin,dc=mydomain,dc=com BINDPW {SSHA}9TbskdjuT+PYIAzSs09f+NgkJV9Rr/ SIZELIMIT 10000 #TIMELIMIT 15 #DEREF never
- Go to /etc/pam.d/ and edit every file mentioned here:
- common-account:
account required pam_unix.so account sufficient pam_ldap.so
- common-auth:
auth sufficient pam_ldap.so auth required pam_unix.so try_first_pass nullok_secure
- common-password:
password sufficient pam_unix.so nullok use_authtok md5 shadow password required pam_unix.so try_first_pass
- common-session:
session required pam_unix.so session optional pam_mkhomedir.so umask=0077
- Type invoke-rc.d slapd restart
Pingback: Getting LDAP to work with Queuemetrics
Mto bom o tutorial, completo, abordando todos os pontos.
Parabéns!
Obrigado, Kadu!
(Thank you, Kadu!)