Difference between revisions of "Centralized login using LDAP and Samba"
From Maze's wiki
(Created page with 'To create a centralized authentication system where both Windows and Linux/Unix client can authenticate against follow this tutorial. ==LDAP Server== ===Installing=== ===Configur…') |
|||
| Line 2: | Line 2: | ||
==LDAP Server== | ==LDAP Server== | ||
===Installing=== | ===Installing=== | ||
| + | <pre> | ||
| + | apt-get install slapd | ||
| + | </pre> | ||
| + | *Administrator password: <password> | ||
| + | *Confirm password: <password> | ||
| + | |||
===Configuring=== | ===Configuring=== | ||
| − | + | Remove the database that was created during installation: | |
| + | <pre> | ||
| + | rm -rf /var/lib/ldap/* | ||
| + | </pre> | ||
| + | Run | ||
| + | <pre> | ||
| + | dpkg-reconfigure slapd | ||
| + | </pre> | ||
| + | *Omit OpenLDAP server configuration? <No> | ||
| + | *DNS domain name: <example.com> | ||
| + | *Organization name: <Example Organization> | ||
| + | *Administrator password: <password> | ||
| + | *Confirm password: <password> | ||
| + | *Database backend to use: <HDB> | ||
| + | *Do you want the database to be removed when slapd is purged? <No> | ||
| + | *Move old database? <Yes> | ||
| + | *Allow LDAPv2 protocol? <No> | ||
| + | Install and put the samba.schema file to the right location | ||
| + | <pre> | ||
| + | apt-get install samba-doc | ||
| + | zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > /etc/ldap/schema/samba.schema | ||
| + | </pre> | ||
| + | Edit /etc/slapd.conf to add 2 schemas | ||
| + | <pre> | ||
| + | # Schema and objectClass definitions | ||
| + | include /etc/ldap/schema/core.schema | ||
| + | include /etc/ldap/schema/cosine.schema | ||
| + | include /etc/ldap/schema/nis.schema | ||
| + | include /etc/ldap/schema/inetorgperson.schema | ||
| + | include /etc/ldap/schema/samba.schema | ||
| + | include /etc/ldap/schema/misc.schema | ||
| + | </pre> | ||
| + | Replace the indexing options in /etc/slapd.conf | ||
| + | <pre> | ||
| + | # Indexing options for database #1 | ||
| + | index ou,cn,sn,mail,givenname eq,pres,sub | ||
| + | index uidNumber,gidNumber,memberUid eq,pres | ||
| + | index loginShell eq,pres | ||
| + | index uniqueMember eq,pres | ||
| + | index uid pres,sub,eq | ||
| + | index displayName pres,sub,eq | ||
| + | index sambaSID eq | ||
| + | index sambaPrimaryGroupSID eq | ||
| + | index sambaDomainName eq | ||
| + | index default sub | ||
| + | </pre> | ||
| + | Change access rules in /etc/slapd.conf | ||
| + | <pre> | ||
| + | access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword | ||
| + | by dn="cn=admin,dc=example,dc=com" write | ||
| + | by anonymous auth | ||
| + | by self write | ||
| + | by * none | ||
| + | </pre> | ||
| + | Index the OpenLDAP server | ||
| + | <pre> | ||
| + | /etc/init.d/slapd stop | ||
| + | slapindex | ||
| + | chown -R openldap:openldap /var/lib/ldap | ||
| + | /etc/init.d/slapd start | ||
| + | </pre> | ||
==Samba== | ==Samba== | ||
===Installing=== | ===Installing=== | ||
Revision as of 08:18, 4 May 2010
To create a centralized authentication system where both Windows and Linux/Unix client can authenticate against follow this tutorial.
LDAP Server
Installing
apt-get install slapd
- Administrator password: <password>
- Confirm password: <password>
Configuring
Remove the database that was created during installation:
rm -rf /var/lib/ldap/*
Run
dpkg-reconfigure slapd
- Omit OpenLDAP server configuration? <No>
- DNS domain name: <example.com>
- Organization name: <Example Organization>
- Administrator password: <password>
- Confirm password: <password>
- Database backend to use: <HDB>
- Do you want the database to be removed when slapd is purged? <No>
- Move old database? <Yes>
- Allow LDAPv2 protocol? <No>
Install and put the samba.schema file to the right location
apt-get install samba-doc zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > /etc/ldap/schema/samba.schema
Edit /etc/slapd.conf to add 2 schemas
# Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/misc.schema
Replace the indexing options in /etc/slapd.conf
# Indexing options for database #1 index ou,cn,sn,mail,givenname eq,pres,sub index uidNumber,gidNumber,memberUid eq,pres index loginShell eq,pres index uniqueMember eq,pres index uid pres,sub,eq index displayName pres,sub,eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub
Change access rules in /etc/slapd.conf
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=example,dc=com" write
by anonymous auth
by self write
by * none
Index the OpenLDAP server
/etc/init.d/slapd stop slapindex chown -R openldap:openldap /var/lib/ldap /etc/init.d/slapd start
