Centralized login using LDAP and Samba
From Maze's wiki
Revision as of 08:18, 4 May 2010 by 89.250.178.18 (talk)
To create a centralized authentication system where both Windows and Linux/Unix client can authenticate against follow this tutorial.
LDAP Server
Installing
apt-get install slapd
- Administrator password: <password>
- Confirm password: <password>
Configuring
Remove the database that was created during installation:
rm -rf /var/lib/ldap/*
Run
dpkg-reconfigure slapd
- Omit OpenLDAP server configuration? <No>
- DNS domain name: <example.com>
- Organization name: <Example Organization>
- Administrator password: <password>
- Confirm password: <password>
- Database backend to use: <HDB>
- Do you want the database to be removed when slapd is purged? <No>
- Move old database? <Yes>
- Allow LDAPv2 protocol? <No>
Install and put the samba.schema file to the right location
apt-get install samba-doc zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > /etc/ldap/schema/samba.schema
Edit /etc/slapd.conf to add 2 schemas
# Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/misc.schema
Replace the indexing options in /etc/slapd.conf
# Indexing options for database #1 index ou,cn,sn,mail,givenname eq,pres,sub index uidNumber,gidNumber,memberUid eq,pres index loginShell eq,pres index uniqueMember eq,pres index uid pres,sub,eq index displayName pres,sub,eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub
Change access rules in /etc/slapd.conf
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=example,dc=com" write
by anonymous auth
by self write
by * none
Index the OpenLDAP server
/etc/init.d/slapd stop slapindex chown -R openldap:openldap /var/lib/ldap /etc/init.d/slapd start
