Samba / OpenLDAP on CentOS
A lot of this taken from http://wiki.makethemove.net/index.php?title=LDAP-Samba
Samba will serve three main purposes:
- Act as a Primary Domain Controller for Windows clients
- Serve the network printers to Windows clients
- Serve files to Windows and Linux clients
To act as a primary domain controller, Samba needs to access LDAP as the central authentication database.
Install Samba
Load the Samba schema file into LDAP on the LDAP server.
It is located at /usr/share/doc/samba-3.0.28/LDAP/samba.schema on the Samba server.
Configure LDAP for Samba
We need to create the default organisational units for Samba so while log into phpldapadmin (assumed already installed), expand the root node and then click on:
Select Organisational Unit and click Proceed.
Enter the information:
and click Proceed
- NOTE: If Proceed is still greyed out, hit the ‘Tab’ key.
Now select Create Object to finally create it.
Repeat these three steps to create another two organisational units called:
and
Configure Samba for LDAP
To tell Samba to use LDAP database back end:
Stop Samba:
Open up /etc/samba/smb.conf and search for:
Delete that line and replace with:
Samba has now been told to use LDAP. Now we need to tell Samba to act as a primary domain controller.
Still in the /etc/samba/smb.conf file, ensure that the following are set:
Add the following items (you should check to make sure they are not already there):
This tells Samba to act as the primary domain controller for the network.
Now we need to ensure other components of running a primary domain controller exist, such as the profiles shares and logon paths.
Ensure that the following are set (make sure the paths are exactly as specified):
The value %N is the netbios name of the server, %U is the Windows username. This means the logon path will be set to the profiles share from the server. The profiles share from the server (as you will see shortly) is actually a directory under the user’s home location called the profiles (and thus unique for each user). Similarly, the H:\ will be automatically mapped to the data directory in the user’s home location. Later we will make sure that these folders exist on the server.
- NOTE: If you want to give users individual logon scripts you can do so by changing logon script to:
Next, make sure that the Samba shares are configured. Here, %S is the Unix account, so the home share is on the physical directory /home/[username]/data/ on the server (this is what the H:\ is mapped to above).
See http://oreilly.com/catalog/samba/chapter/book/ch06_06.html for useful information on Logon scripts.
Edit the shares to look like this (once again, make sure the paths are exactly as specified):
We store each user’s profile and data under their home directory. All other group information and shares are stored under the /data/samba/ directory.
When you have finished, save and exit the file.
Samba should now be configured as a primary domain controller, set to use LDAP and has the required shares enabled.
Before we restart Samba, let’s check its configuration with
You should see output something like this
This (should) tell you there were no errors and that the server’s role is as primary domain controller.
Set Samba LDAP Admin Password
Very importantly, we need to tell Samba the password for our LDAP admin account so that it can do fancy stuff. It sets the password for the LDAP account specified above in the smb.conf (cn=Manager,dc=simonandkate,dc=lan), so make sure that’s all correct.
To set the password, simply run:
ไม่มีความคิดเห็น:
แสดงความคิดเห็น