Difference between revisions of "Centralized login using LDAP and Samba"

From Maze's wiki
Jump to: navigation, search
Line 1: Line 1:
 
To create a centralized authentication system where both Windows and Linux/Unix client can authenticate against follow this tutorial.
 
To create a centralized authentication system where both Windows and Linux/Unix client can authenticate against follow this tutorial.
 
==LDAP Server==
 
==LDAP Server==
===Installing===
 
 
<pre>
 
<pre>
 
apt-get install slapd
 
apt-get install slapd
Line 7: Line 6:
 
*Administrator password: <password>
 
*Administrator password: <password>
 
*Confirm password: <password>
 
*Confirm password: <password>
 
===Configuring===
 
 
Remove the database that was created during installation:
 
Remove the database that was created during installation:
 
<pre>
 
<pre>

Revision as of 08:19, 4 May 2010

To create a centralized authentication system where both Windows and Linux/Unix client can authenticate against follow this tutorial.

LDAP Server

apt-get install slapd
  • Administrator password: <password>
  • Confirm password: <password>

Remove the database that was created during installation: 

rm -rf /var/lib/ldap/*

Run 

dpkg-reconfigure slapd
  • Omit OpenLDAP server configuration? <No>
  • DNS domain name: <example.com>
  • Organization name: <Example Organization>
  • Administrator password: <password>
  • Confirm password: <password>
  • Database backend to use: <HDB>
  • Do you want the database to be removed when slapd is purged? <No>
  • Move old database? <Yes>
  • Allow LDAPv2 protocol? <No>

Install and put the samba.schema file to the right location 

apt-get install samba-doc
zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > /etc/ldap/schema/samba.schema

Edit /etc/slapd.conf to add 2 schemas 

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/misc.schema

Replace the indexing options in /etc/slapd.conf 

# Indexing options for database #1
index ou,cn,sn,mail,givenname           eq,pres,sub
index uidNumber,gidNumber,memberUid     eq,pres
index loginShell                        eq,pres
index uniqueMember                      eq,pres
index uid                               pres,sub,eq
index displayName                       pres,sub,eq
index sambaSID                          eq
index sambaPrimaryGroupSID              eq
index sambaDomainName                   eq
index default                           sub

Change access rules in /etc/slapd.conf 

access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
        by dn="cn=admin,dc=example,dc=com"  write
        by anonymous auth
        by self write
        by * none

Index the OpenLDAP server 

/etc/init.d/slapd stop
slapindex
chown -R openldap:openldap /var/lib/ldap
/etc/init.d/slapd start

Samba

Installing

Retrieved from "https://www.zeedijk.net/wiki/index.php?title=Centralized_login_using_LDAP_and_Samba&oldid=4"