Pdc Samba Ldap Centos 6

PDC SAMBA LDAP CENTOS 6.2

Very good tutorials on references link above, im just practice them..

Skenario:

IP Address Server: 192.168.10.6

I. Install OpenLDAP# yum -y install openldap-servers openldap-clients# vi /etc/sysconfig/ldapLine 12: uncomment and change

# Run slapd with -h "... ldapi:/// ..."# yes/no, default: yesSLAPD_LDAPI=yes

# vi /etc/openldap/slapd.confCreate new

pidfile /var/run/openldap/slapd.pidargsfile /var/run/openldap/slapd.args # rm -rf /etc/openldap/slapd.d/*# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

config file testing succeeded

# vi /etc/openldap/slapd.d/cn=config/olcDatabase\={0}config.ldifLine 4: change:

olcAccess: {0} to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break # vi /etc/openldap/slapd.d/cn=config/olcDatabase\={1}monitor.ldifCreate new:

dn: olcDatabase={1}monitorobjectClass: olcDatabaseConfigolcDatabase: {1}monitorolcAccess: {1}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * breakolcAddContentAcl: FALSEolcLastMod: TRUEolcMaxDerefDepth: 15olcReadOnly: FALSE

olcMonitoring: FALSEstructuralObjectClass: olcDatabaseConfigcreatorsName: cn=configmodifiersName: cn=config # chown -R ldap. /etc/openldap/slapd.d# chmod -R 700 /etc/openldap/slapd.d# service slapd start# chkconfig slapd on II. Initial Configuration# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif

SASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry "cn=core,cn=schema,cn=config" # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

SASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry "cn=cosine,cn=schema,cn=config" # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

SASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry "cn=nis,cn=schema,cn=config" # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

SASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry "cn=inetorgperson,cn=schema,cn=config" # slappasswd

New password:Re-enter new password:{SSHA}TcZS9sd8xsESRtBzMrhfsOHqPELWh0l5

# mkdir /tmp/setldap ; cd /tmp/setldap# vi backend.ldifCreate new:

dn: cn=module,cn=configobjectClass: olcModuleListcn: moduleolcModulepath: /usr/lib64/openldapolcModuleload: back_hdbdn: olcDatabase=hdb,cn=configobjectClass: olcDatabaseConfigobjectClass: olcHdbConfigolcDatabase: {2}hdbolcSuffix: dc=tahubachem,dc=localolcDbDirectory: /var/lib/ldapolcRootDN: cn=Manager,dc=tahubachem,dc=localolcRootPW: {SSHA}TcZS9sd8xsESRtBzMrhfsOHqPELWh0l5olcDbConfig: set_cachesize 0 2097152 0olcDbConfig: set_lk_max_objects 1500olcDbConfig: set_lk_max_locks 1500olcDbConfig: set_lk_max_lockers 1500olcDbIndex: objectClass eqolcLastMod: TRUEolcMonitoring: TRUEolcDbCheckpoint: 512 30olcAccess: to attrs=userPassword by dn="cn=Manager,dc=tahubachem,dc=local" write by anonymous auth by self write by * noneolcAccess: to attrs=shadowLastChange by self write by * readolcAccess: to dn.base="" by * readolcAccess: to * by dn="cn=Manager,dc=tahubachem,dc=local" write by * read # ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif

SASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry "cn=module,cn=config"

adding new entry "olcDatabase=hdb,cn=config" # vi frontend.ldifCreate new:

dn: dc=tahubachem,dc=localobjectClass: topobjectClass: dcObjectobjectclass: organizationo: tahubachemdc: tahubachemdn: cn=Manager,dc=tahubachem,dc=localobjectClass: simpleSecurityObjectobjectClass: organizationalRolecn: ManageruserPassword: {SSHA}TcZS9sd8xsESRtBzMrhfsOHqPELWh0l5

dn: ou=people,dc=tahubachem,dc=localobjectClass: organizationalUnitou: peopledn: ou=groups,dc=tahubachem,dc=localobjectClass: organizationalUnitou: groups # ldapadd -x -D cn=Manager,dc=tahubachem,dc=local -W -f frontend.ldif

Enter LDAP Password:adding new entry "dc=tahubachem,dc=local"

adding new entry "cn=Manager,dc=tahubachem,dc=local"

adding new entry "ou=people,dc=tahubachem,dc=local"

adding new entry "ou=groups,dc=tahubachem,dc=local" III. Add Existing local Users to LDAP Directory# vi ldapuser.sh

# extract local users who have 500-999 digit UID# replace "SUFFIX=***" to your own suffix# this is an example

#!/bin/bash

SUFFIX='dc=tahubachem,dc=local'LDIF='ldapuser.ldif'

echo -n > $LDIFfor line in `grep "x:[5-9][0-9][0-9]:" /etc/passwd | sed -e "s/ /%/g"`do UID1=ècho $line | cut -d: -f1` NAME=ècho $line | cut -d: -f5 | cut -d, -f1` if [ ! "$NAME" ] then NAME=$UID1 else NAME=ècho $NAME | sed -e "s/%/ /g"` fi SN=ècho $NAME | awk '{print $2}'` if [ ! "$SN" ] then SN=$NAME fi GIVEN=ècho $NAME | awk '{print $1}'` UID2=ècho $line | cut -d: -f3` GID=ècho $line | cut -d: -f4` PASS=`grep $UID1: /etc/shadow | cut -d: -f2`

SHELL=`echo $line | cut -d: -f7` HOME=`echo $line | cut -d: -f6` EXPIRE=`passwd -S $UID1 | awk '{print $7}'` FLAG=`grep $UID1: /etc/shadow | cut -d: -f9` if [ ! "$FLAG" ] then FLAG="0" fi WARN=`passwd -S $UID1 | awk '{print $6}'` MIN=`passwd -S $UID1 | awk '{print $4}'` MAX=`passwd -S $UID1 | awk '{print $5}'` LAST=`grep $UID1: /etc/shadow | cut -d: -f3`

echo "dn: uid=$UID1,ou=people,$SUFFIX" >> $LDIF echo "objectClass: inetOrgPerson" >> $LDIF echo "objectClass: posixAccount" >> $LDIF echo "objectClass: shadowAccount" >> $LDIF echo "uid: $UID1" >> $LDIF echo "sn: $SN" >> $LDIF echo "givenName: $GIVEN" >> $LDIF echo "cn: $NAME" >> $LDIF echo "displayName: $NAME" >> $LDIF echo "uidNumber: $UID2" >> $LDIF echo "gidNumber: $GID" >> $LDIF echo "userPassword: {crypt}$PASS" >> $LDIF echo "gecos: $NAME" >> $LDIF echo "loginShell: $SHELL" >> $LDIF echo "homeDirectory: $HOME" >> $LDIF echo "shadowExpire: $EXPIRE" >> $LDIF echo "shadowFlag: $FLAG" >> $LDIF echo "shadowWarning: $WARN" >> $LDIF echo "shadowMin: $MIN" >> $LDIF echo "shadowMax: $MAX" >> $LDIF echo "shadowLastChange: $LAST" >> $LDIF echo >> $LDIFdone # sh ldapuser.sh# ldapadd -x -D cn=Manager,dc=tahubachem,dc=local -W -f ldapuser.ldifEnter LDAP Password:

IV. Add existing local groups to LDAP directory.# vi ldapgroup.sh

# extract local groups who have 500-999 digit UID# replace "SUFFIX=***" to your own suffix# this is an example

#!/bin/bash

SUFFIX='dc=tahubachem,dc=local'LDIF='ldapgroup.ldif'

echo -n > $LDIFfor line in `grep "x:[5-9][0-9][0-9]:" /etc/group`do CN=ècho $line | cut -d: -f1` GID=ècho $line | cut -d: -f3` echo "dn: cn=$CN,ou=groups,$SUFFIX" >> $LDIF echo "objectClass: posixGroup" >> $LDIF echo "cn: $CN" >> $LDIF echo "gidNumber: $GID" >> $LDIF users=ècho $line | cut -d: -f4 | sed "s/,/ /g"` for user in ${users} ; do echo "memberUid: ${user}" >> $LDIF done echo >> $LDIFdone # sh ldapgroup.sh# ldapadd -x -D cn=Manager,dc=tahubachem,dc=local -W -f ldapgroup.ldifEnter LDAP Password:

V. Configuration for LDAP client# yum -y install openldap-clients nss-pam-ldapd# vi /etc/openldap/ldap.conf

BASE dc=tahubachem,dc=localURI ldap://192.168.10.6/TLS_CACERTDIR /etc/openldap/cacerts # vi /etc/nslcd.confLine 131: specify URI, Suffix

uri ldap://192.168.10.6/base dc=tahubachem,dc=localssl notls_cacertdir /etc/openldap/cacerts # vi /etc/pam_ldap.confLine 17: make it comment

host 127.0.0.1 Line 20: specify Suffix

base dc=tahubachem,dc=local Add at the last line

uri ldap://192.168.10.6/ssl notls_cacertdir /etc/openldap/cacertspam_password md5 # vi /etc/pam.d/system-authadd highlight parameter

#%PAM-1.0# This file is auto-generated.# User changes will be destroyed the next time authconfig is run.auth required pam_env.soauth sufficient pam_fprintd.soauth sufficient pam_unix.so nullok try_first_passauth requisite pam_succeed_if.so uid >= 500 quietauth sufficient pam_ldap.so use_first_passauth required pam_deny.so

account required pam_unix.soaccount sufficient pam_localuser.soaccount sufficient pam_succeed_if.so uid < 500 quietaccount [default=bad success=ok user_unknown=ignore] pam_ldap.soaccount required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 type=password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtokpassword sufficient pam_ldap.so use_authtokpassword required pam_deny.so

session optional pam_keyinit.so revokesession required pam_limits.sosession [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uidsession required pam_unix.sosession optional pam_ldap.so# add if you need ( create home directory automatically if it's none )session optional pam_mkhomedir.so skel=/etc/skel umask=077 # vi /etc/nsswitch.confLine 33: add:

passwd: files ldapshadow: files ldapgroup: files ldap Line 57: change:

netgroup: ldap Line 61: change:

automount: files ldap # vi /etc/sysconfig/authconfigLine 18: change:

USELDAP=yes # chkconfig nslcd on# shutdown -r now

VI. Change OpenLDAP settings# mkdir /tmp/setsamba# cd /tmp/setsamba

-Install samba from centos default repo, check the samba version then do wget# yum -y install samba# wget http://mirror.centos.org/centos/6.3/os/x86_64/Packages/samba-3.5.10-125.el6.x86_64.rpm# rpm2cpio samba-3.5.10-125.el6.x86_64.rpm | cpio -id# cp ./etc/openldap/schema/samba.schema /etc/openldap/schema/# vi schema_convert.confCreate new:

include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/collective.schemainclude /etc/openldap/schema/corba.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/duaconf.schemainclude /etc/openldap/schema/dyngroup.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/java.schemainclude /etc/openldap/schema/misc.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/openldap.schemainclude /etc/openldap/schema/ppolicy.schemainclude /etc/openldap/schema/samba.schema # mkdir /tmp/setsamba/ldif_output# slapcat -f schema_convert.conf -F /tmp/setsamba/ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > ./cn=samba.ldif# vi cn=samba.ldifLine 1,3: change ( remove “{12}” )

dn: cn=samba,cn=schema,cn=configobjectClass: olcSchemaConfigcn: samba Remove these lines below ( placed at the bottom )

structuralObjectClass: olcSchemaConfigentryUUID: 761ed782-e76d-102f-94de-7784c8a781eccreatorsName: cn=configcreateTimestamp: 20110320184149ZentryCSN: 20110320184149.954974Z#000000#000#000000modifiersName: cn=configmodifyTimestamp: 20110320184149Z # ldapadd -Y EXTERNAL -H ldapi:/// -f cn=samba.ldif

SASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0adding new entry "cn=samba,cn=schema,cn=config" # vi samba_indexes.ldifCreate new

dn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcDbIndexolcDbIndex: uidNumber eqolcDbIndex: gidNumber eqolcDbIndex: loginShell eqolcDbIndex: uid eq,pres,subolcDbIndex: memberUid eq,pres,subolcDbIndex: uniqueMember eq,presolcDbIndex: sambaSID eqolcDbIndex: sambaPrimaryGroupSID eqolcDbIndex: sambaGroupType eqolcDbIndex: sambaSIDList eqolcDbIndex: sambaDomainName eqolcDbIndex: default sub # ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif

SASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authSASL SSF: 0modifying entry "olcDatabase={2}hdb,cn=config" # service slapd restart

VII. Change Samba settings. This Samba PDC server need to be a LDAP Client.# yum --enablerepo=epel -y install smbldap-tools# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak# cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf# vi /etc/samba/smb.conf

# Global parameters[global]workgroup = TAHUBACHEMnetbios name = KUCINGsecurity = userenable privileges = yes#interfaces = 192.168.5.11#username map = /etc/samba/smbusersserver string = Samba Server %v#security = adsencrypt passwords = Yesmin passwd length = 3#pam password change = no#obey pam restrictions = No

# method 1:#unix password sync = no#ldap passwd sync = yes

# method 2:unix password sync = yesldap passwd sync = yespasswd program = /usr/sbin/smbldap-passwd -u “%u”passwd chat = “Changing *\nNew password*” %n\n “*Retype new password*” %n\n”

log level = 0syslog = 0log file = /var/log/samba/log.%Umax log size = 100000time server = Yessocket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192mangling method = hash2Dos charset = CP932Unix charset = UTF-8

logon script = logon.batlogon drive = W:logon home =logon path =

domain logons = Yesdomain master = Yesos level = 65preferred master = Yeswins support = yes# passdb backend = ldapsam:”ldap://ldap1.company.com ldap://ldap2.company.com”passdb backend = ldapsam:ldap://192.168.10.6/ldap admin dn = cn=Manager,dc=tahubachem,dc=local#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=comldap suffix = dc=tahubachem,dc=local

ldap group suffix = ou=groupsldap user suffix = ou=peopleldap machine suffix = ou=Computersldap idmap suffix = ou=Idmapadd user script = /usr/sbin/smbldap-useradd -m “%u”#ldap delete dn = Yesdelete user script = /usr/sbin/smbldap-userdel “%u”add machine script = /usr/sbin/smbldap-useradd -t 0 -w “%u”add group script = /usr/sbin/smbldap-groupadd -p “%g”delete group script = /usr/sbin/smbldap-groupdel “%g”add user to group script = /usr/sbin/smbldap-groupmod -m “%u” “%g”delete user from group script = /usr/sbin/smbldap-groupmod -x “%u” “%g”set primary group script = /usr/sbin/smbldap-usermod -g ‘%g’ ‘%u’admin users = sysadminldap ssl = no# printers configuration#printer admin = @”Print Operators”load printers = Yescreate mask = 0640directory mask = 0750#force create mode = 0640#force directory mode = 0750nt acl support = Noprinting = cupsprintcap name = cupsdeadtime = 10guest account = nobodymap to guest = Bad Userdont descend = /proc,/dev,/etc,/lib,/lost+found,/initrdshow add printer wizard = yes; to maintain capital letters in shortcuts in any of the profile folders:preserve case = yesshort preserve case = yescase sensitive = no

[netlogon]path = /home/netlogon/browseable = Noread only = yes

[profiles]path = /home/profilesread only = nocreate mask = 0600directory mask = 0700browseable = Noguest ok = Yesprofile acls = yescsc policy = disable# next line is a great way to secure the profiles

#force user = %U# next line allows administrator to access all profiles#valid users = %U “Domain Admins”

[printers]comment = Network Printers#printer admin = @”Print Operators”guest ok = yesprintable = yespath = /home/spool/browseable = Noread only = Yesprintable = Yesprint command = /usr/bin/lpr -P%p -r %slpq command = /usr/bin/lpq -P%plprm command = /usr/bin/lprm -P%p %j# print command = /usr/bin/lpr -U%U@%M -P%p -r %s# lpq command = /usr/bin/lpq -U%U@%M -P%p# lprm command = /usr/bin/lprm -U%U@%M -P%p %j# lppause command = /usr/sbin/lpc -U%U@%M hold %p %j# lpresume command = /usr/sbin/lpc -U%U@%M release %p %j# queuepause command = /usr/sbin/lpc -U%U@%M stop %p# queueresume command = /usr/sbin/lpc -U%U@%M start %p

[print$]path = /home/printersguest ok = Nobrowseable = Yesread only = Yesvalid users = @”Print Operators”write list = @”Print Operators”create mask = 0664directory mask = 0775

[public]path = /datasamba/publicguest ok = yesbrowseable = Yeswritable = yesforce create mode = 0775force directory mode = 0775

[private]path = /datasamba/privateguest ok = yesbrowseable = Yeswritable = yesforce create mode = 0770force directory mode = 0770

# mkdir /datasamba# mkdir /datasamba/public# mkdir /datasamba/private# mkdir /home/netlogon# service smb restart# service nmb restart# chkconfig smb on# chkconfig nmb on# smbpasswd -W

Setting stored password for "cn=Manager,dc=tahubachem,dc=local" in secrets.tdbNew SMB password:Retype new SMB password: # perl /usr/share/doc/smbldap-tools-*/configure.pl

[root@ayam setsamba]# perl /usr/share/doc/smbldap-tools-*/configure.pl-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-smbldap-tools script configuration-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Before starting, check. if your samba controller is up and running.. if the domain SID is defined (you can get it with the ‘net getlocalsid’)

. you can leave the configuration using the Ctrl-c key combination

. empty value can be set with the “.” character-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Looking for configuration files…

Samba Configuration File Path [/etc/samba/smb.conf] > # Enter

The default directory in which the smbldap configuration files are stored is shown.If you need to change this, enter the full directory path, then press enter to continue.Smbldap-tools Configuration Directory Path [/etc/smbldap-tools] >-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Let’s start configuring the smbldap-tools scripts …

. workgroup name: name of the domain Samba acts as a PDC forworkgroup name [TAHUBACHEM] > # Enter. netbios name: netbios name of the samba controllernetbios name [KUCING] > # Enter. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: ‘H:’logon drive [W:] > # Enter. logon home: home directory location (for Win95/98 or NT Workstation).(use %U as username) Ex:’\\KUCING\%U’logon home (press the “.” character if you don’t want homeDirectory) [\\KUCING\%U] > . # input a period. logon path: directory where roaming profiles are stored. Ex:’\\KUCING\profiles\%U’

logon path (press the “.” character if you don’t want roaming profiles) [\\KUCING\profiles\%U] > . # input a period. home directory prefix (use %U as username) [/home/%U] > # Enter. default users’ homeDirectory mode [700] > # Enter. default user netlogon script (use %U as username) [logon.bat] > # Enterdefault password validation time (time in days) [45] > 90 # Enter. ldap suffix [dc=tahubachem,dc=local] > # Enter. ldap group suffix [ou=groups] > # Enter. ldap user suffix [ou=people] > # Enter. ldap machine suffix [ou=Computers] > # Enter. Idmap suffix [ou=Idmap] > # Enter. sambaUnixIdPooldn: object where you want to store the next uidNumberand gidNumber available for new users and groupssambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=TAHUBACHEM] > # Enter. ldap master server: IP address or DNS name of the master (writable) ldap serverldap master server [192.168.10.6] > # Enter. ldap master port [389] > # Enter. ldap master bind dn [cn=Manager,dc=tahubachem,dc=local] > # Enter. ldap master bind password [] > qwerty # input LDAP admin password then Enter. ldap slave server: IP address or DNS name of the slave ldap server: can also be the master oneldap slave server [192.168.10.6] > # specify LDAP slave’s IP (Enter with empy if none). ldap slave port [389] > # Enter. ldap slave bind dn [cn=Manager,dc=tahubachem,dc=local] > # Enter. ldap slave bind password [] > qwerty # Input if there is, if not input the same one with master. ldap tls support (1/0) [0] > # Enter. SID for domain TAHUBACHEM: SID of the domain (can be obtained with ‘net getlocalsid KUCING’)SID for domain TAHUBACHEM [S-1-5-21-2056273974-4081619650-1090555569] > # Enter. unix password encryption: encryption used for unix passwordsunix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > # Enter. default user gidNumber [513] > # Enter. default computer gidNumber [515] > # Enter. default login shell [/bin/bash] > # Enter. default skeleton directory [/etc/skel] > # Enter. default domain name to append to mail address [] > # Enter-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=backup old configuration files:/etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old/etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.oldwriting new configuration file:/etc/smbldap-tools/smbldap.conf done./etc/smbldap-tools/smbldap_bind.conf done.[root@kucing setsamba]# # smbldap-populate

[root@kucing setsamba]# smbldap-populatePopulating LDAP directory for domain TAHUBACHEM (S-1-5-21-2056273974-4081619650-1090555569)(using builtin directory structure)

entry dc=tahubachem,dc=local already exist.entry ou=people,dc=tahubachem,dc=local already exist.entry ou=groups,dc=tahubachem,dc=local already exist.adding new entry: ou=Computers,dc=tahubachem,dc=localadding new entry: ou=Idmap,dc=tahubachem,dc=localadding new entry: uid=root,ou=people,dc=tahubachem,dc=localadding new entry: uid=nobody,ou=people,dc=tahubachem,dc=localadding new entry: cn=Domain Admins,ou=groups,dc=tahubachem,dc=localadding new entry: cn=Domain Users,ou=groups,dc=tahubachem,dc=localadding new entry: cn=Domain Guests,ou=groups,dc=tahubachem,dc=localadding new entry: cn=Domain Computers,ou=groups,dc=tahubachem,dc=localadding new entry: cn=Administrators,ou=groups,dc=tahubachem,dc=localadding new entry: cn=Account Operators,ou=groups,dc=tahubachem,dc=localadding new entry: cn=Print Operators,ou=groups,dc=tahubachem,dc=localadding new entry: cn=Backup Operators,ou=groups,dc=tahubachem,dc=localadding new entry: cn=Replicators,ou=groups,dc=tahubachem,dc=localentry sambaDomainName=TAHUBACHEM,dc=tahubachem,dc=local already exist. Updating it...

Please provide a password for the domain root:Changing UNIX and samba passwords for rootNew password:Retype new password:[root@kucing setsamba]# -Setup firewall# system-config-firewall-tuiOpen port samba,samba client,customize => tcp:389

VIII. Testing-Add samba ldap user# smbldap-useradd -a -m sysadmin# smbldap-groupmod -m sysadmin "Domain Admins"# smbldap-passwd sysadmin# smbldap-useradd -a -m bachem# smbldap-groupmod -m bachem "Domain Admins"# smbldap-passwd bachem# smbldap-useradd -a -m staff1# smbldap-groupmod -m staff1 "Domain Users"# smbldap-passwd staff1

-Set ACL for samba share folder# setfacl -m group:Domain\ Admins:rwx /datasamba/private/# setfacl -m group:Domain\ Users:rwx /datasamba/public/

Win 7 Pro x64 Join Domain:

Now join your Windows 7 PC to the domain using this official Samba mini guide http://wiki.samba.org/index.php/Windows7

-Download Windows7 Registry Patch from here:

https://bugzilla.samba.org/attachment.cgi?id=4988&action=view

-Note based in my experiences:

If computer with Windows7 fresh install with no update is going to join domain, first I’m install hotfix from here:

http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2171571&kbln=en-us then run registry patch Win7_Samba3DomainMember.reg => Restart PC => Join Domain

=>> Restart PC => successful login with domain users

If Computer with Windows7 SP1, I just run registry patch

Win7_Samba3DomainMember.reg => Restart PC => Join Domain => Restart PC => Successful login with domain users

Pdc Samba Ldap Centos 6

Documents

Transcript of Pdc Samba Ldap Centos 6