支持openldap认证的samba的配置

支持openldap认证的samba的配置

Install samba ,config samba and smbldap-tools            　 Install samba              # rpm -ivh /mnt/cdrom/Server/samba-common-3.0.23c-2# rpm -ivh /mnt/cdrom/Server/samba-3.0.23c-2# rpm -ivh /mnt/cdrom/Server/samba-clients-3.0.23c-2         　 Config /etc/samba/smb.conf            # Global parameters[global]workgroup = gtsc_sambanetbios name = ldapsecurity = userserver string = Samba Server created by GTSC Hu Changwenencrypt passwords = yesldap password sync = Yes

passwd program = /usr/sbin/smbldap-passwd -u %upasswd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"log level = 3syslog = 0log file = /var/log/samba/log.%mmax log size = 100000time server = Yessocket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192Dos charset = UTF-8Unix charset = UTF-8

logon script = logon.batlogon drive = H:        logon home =         logon path =

domain logons = nodomain master = noos level = 65preferred master = nowins support =yespassdb backend = ldapsam:ldap://127.0.0.1/ldap admin dn = cn=manager,dc=dne,dc=comldap suffix = dc=dne,dc=com        ldap group suffix = ou=Groups        ldap user suffix = ou=Users        ldap machine suffix = ou=Computersldap idmap suffix = ou=Idmap        add user script = /usr/sbin/smbldap-useradd -m "%u"        delete user script = /usr/sbin/smbldap-userdel "%u"        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"        add group script = /usr/sbin/smbldap-groupadd -p "%g"         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

[netlogon]path = /home/netlogon/browseable = Noread only = yes

[profiles]path = /home/profilesread only = nocreate mask = 0600directory mask = 0700browseable = Noguest ok = Yesprofile acls = yescsc policy = disable

[printers]        comment = Network Printers        guest ok = yes         printable = yes        path = /home/spool/        browseable = No        read only = Yes        printable = Yes

[samba]        path= /tmp/        write list = root

[gtsc_server]path = /root/guest ok = nowrite list = samba2             　 Config smbldap-tools            root@smbldap-tools-0.9.1]# ./configure.pl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-       smbldap-tools script configuration       -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Before starting, check. if your samba controller is up and running.. if the domain SID is defined (you can get it with the 'net getlocalsid')

. you can leave the configuration using the Crtl-c key combination. empty value can be set with the "." character-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Looking for configuration files...

Samba Configuration File Path [/etc/samba/smb.conf] >

The default directory in which the smbldap configuration files are stored is shown.If you need to change this, enter the full directory path, then press enter to continue.Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Let's start configuring the smbldap-tools scripts ...

. workgroup name: name of the domain Samba act as a PDCworkgroup name [gtsc_samba] > . netbios name: netbios name of the samba controlernetbios name [ldap] > . logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'logon drive [H:] > . logon home: home directory location (for Win95/98 or NT Workstation).(use %U as username) Ex:'\\ldap\%U'logon home (press the "." character if you don't want homeDirectory) [\\ldap\%U] > . logon path: directory where roaming profiles are stored. Ex:'\\ldap\profiles\%U'logon path (press the "." character if you don't want roaming profile) [\\ldap\profiles\%U] > . home directory prefix (use %U as username) [/home/%U] > . default users' homeDirectory mode [700] > . default user netlogon script (use %U as username) [logon.bat] > default password validation time (time in days) [45] > . ldap suffix [dc=dne,dc=com] > . ldap group suffix [ou=Groups] > . ldap user suffix [ou=Users] > . ldap machine suffix [ou=Computers] > . Idmap suffix [ou=Idmap] > . sambaUnixIdPooldn: object where you want to store the next uidNumberand gidNumber available for new users and groupssambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=gtsc_samba] > . ldap master server: IP adress or DNS name of the master (writable) ldap serverldap master server [127.0.0.1] > . ldap master port [389] > . ldap master bind dn [cn=manager,dc=dne,dc=com] > . ldap master bind password [] > . ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master oneldap slave server [127.0.0.1] > . ldap slave port [389] > . ldap slave bind dn [cn=manager,dc=dne,dc=com] > . ldap slave bind password [] > . ldap tls support (1/0) [0] > . SID for domain gtsc_samba: SID of the domain (can be obtained with 'net getlocalsid ldap')SID for domain gtsc_samba [S-1-5-21-63238693-50811939-1006496924] > . unix password encryption: encryption used for unix passwordsunix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > . default user gidNumber [513] > . default computer gidNumber [515] > . default login shell [/bin/bash] > . default skeleton directory [/etc/skel] > . default domain name to append to mail adress [] > dne.com-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=backup old configuration files:/etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old/etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.oldwriting new configuration file:/etc/smbldap-tools/smbldap.conf done./etc/smbldap-tools/smbldap_bind.conf done.[root@ldap smbldap-tools-0.9.1]#              　 Initialize ldap database            [root@ldap ~]# smbld ap-populate Populating LDAP directory for domain gtsc_samba (S-1-5-21-63238693-50811939-1006496924)(using builtin directory structure)

adding new entry: dc=dne,dc=comadding new entry: ou=Users,dc=dne,dc=comadding new entry: ou=Groups,dc=dne,dc=comadding new entry: ou=Computers,dc=dne,dc=comadding new entry: ou=Idmap,dc=dne,dc=comadding new entry: uid=root,ou=Users,dc=dne,dc=comadding new entry: uid=nobody,ou=Users,dc=dne,dc=comadding new entry: cn=Domain Admins,ou=Groups,dc=dne,dc=comadding new entry: cn=Domain Users,ou=Groups,dc=dne,dc=comadding new entry: cn=Domain Guests,ou=Groups,dc=dne,dc=comadding new entry: cn=Domain Computers,ou=Groups,dc=dne,dc=comadding new entry: cn=Administrators,ou=Groups,dc=dne,dc=comadding new entry: cn=Account Operators,ou=Groups,dc=dne,dc=comadding new entry: cn=Print Operators,ou=Groups,dc=dne,dc=comadding new entry: cn=Backup Operators,ou=Groups,dc=dne,dc=comadding new entry: cn=Replicators,ou=Groups,dc=dne,dc=comadding new entry: sambaDomainName=gtsc_samba,dc=dne,dc=com

Please provide a password for the domain root: Changing password for rootNew password : Retype new password : [root@ldap ~]#              　 Test smbldap-tools            # smbldap-groupadd -a -p samba1000# smbldap-useradd -u 1000 -g 1000 -a -m samba

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。