Ldap+smb
Ldap安装就不说了,
安装smb
Yum install samba* -y
yum install nscd* -y
yum install nss-pam-ldapd –y
yum install epel* -y
yum install smbldap* -y
以上安装各种匹配包
Copy 一个支持ldap的smb包到/etc/openldap/scheme
cp/usr/share/doc/samba-3.6.23/LDAP/samba.schema /etc/openldap/schema/
chown ldap:ldap /etc/openldap/schema/ -R
setup
Vim /etc/openldap/slapd.conf
添加一行
include /etc/openldap/schema/samba.schema
修改index
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
access toattrs=userPassword,sambaLMPassword,sambaNTPassword
by selfwrite
byanonymous auth
by *none
access to *
by *read
更改ldap.conf文件
vim ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not worldwritable.
BASE dc=cxth,dc=com
#URI ldap://ldap.example.comldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://127.0.0.1/
#TLS_CACERTDIR /etc/openldap/cacerts
nss_base_passwd ou=Users,dc=cxth,dc=com?one
nss_base_passwd ou=Computers,dc=cxth,dc=com?one
nss_base_shadow ou=Users,dc=cxth,dc=com?one
nss_base_group ou=Groups,dc=cxth,dc=com?one
ldap配置文件完成重启服务并查看端口
service slapd restart
netstat-an|grep 389
下面开始配置smb
备份老文件
cp /etc/samba/smb.conf /etc/samba/backup_smb.conf
拷贝smbldap-tools下的smb.conf到samba下
cp /usr/share/doc/smbldap-tools-0.9.6/smb.conf/etc/samba/
cd /etc/samba
vim smb.conf
[global]
workgroup = cxth-pdc
netbios name = PDC
server string = Samba Server %v
log file = /var/log/samba/log.%m
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
log level = 3
syslog = 0
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192SO_SNDBUF=8192
mangling method = hash2
Dos charset = UTF-8
Unix charset = UTF-8
logon script = %U.bat
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=cxth,dc=com
ldap suffix = dc=cxth,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = off
ldap delete dn = Yes
add user script = /sbin/smbldap-useradd -m"%u"
add machine script = /sbin/smbldap-useradd -t 0 -w"%u"
add group script = /sbin/smbldap-groupadd -p"%g"
add user to group script = /sbin/smbldap-groupmod -m"%u" "%g"
delete user from group script = /sbin/smbldap-groupmod-x "%u" "%g"
set primary group script = /sbin/smbldap-usermod -g'%g' '%u'
############################## Homes parameters############################
[homes]
comment = repertoire de %U, %u
browseable = no
writeable = yes
read only = no
force create mode = 0700
create mode = 0700
force directory mode = 0700
directory mode = 700
############################# Netlogone parameters##########################
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
############################# Public parameters##########################
[public]
comment = Public Directory
path = /home/public/
browseable = No
writable = yes
guest ok = yes
create mask = 0777
以上是我自己的机器配置下面是网上文档的内容
############################## Globalparameters############################
[global]
workgroup = easy-pdc
netbios name = PDC
server string = Samba Server %v
log file = /var/log/samba/log.%m
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
log level = 3
syslog = 0
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192SO_SNDBUF=8192
mangling method = hash2
Dos charset = UTF-8
Unix charset = UTF-8
logon script = %U.bat
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
继续smb.conf文件内容:
详细配置内容:
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=easy,dc=com
ldap suffix = dc=easy,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = off
ldap delete dn = Yes
add user script = /sbin/smbldap-useradd -m"%u"
add machine script = /sbin/smbldap-useradd -t 0 -w"%u"
add group script = /sbin/smbldap-groupadd -p"%g"
add user to group script = /sbin/smbldap-groupmod -m"%u" "%g"
delete user from group script = /sbin/smbldap-groupmod-x "%u" "%g"
set primary group script = /sbin/smbldap-usermod -g'%g' '%u'
############################## Homes parameters############################
[homes]
comment = repertoire de %U, %u
browseable = no
writeable = yes
read only = no
force create mode = 0700
create mode = 0700
force directory mode = 0700
directory mode = 700
############################# Netlogone parameters##########################
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
############################# Public parameters##########################
[public]
comment = Public Directory
path = /home/public/
browseable = No
writable = yes
guest ok = yes
create mask = 0777
创建2个目录
# mkdir /home/netlogon
# mkdir /home/public
# service smb start
启动 SMB 服务: [ 确定 ]
启动 NMB 服务: [ 确定 ]
# smbpasswd -w jinbiao (这个jinbiao是在sldap.conf里配置的root密码)
Setting stored password for"cn=Manager,dc=easy,dc=com" in secrets.tdb
使用testparm命令来测试Samba服务器是否正常启动:
详细操作:
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
Sambldap的配置使用过程
cd /usr/share/doc/smbldap-tools-0.9.6/
chomd 777 /usr/share/doc/smbldap-tools-0.9.6/ -R
./configure.pl
运行这个命令时有2个地方需要输入密码就是上面的sldap.conf里的root密码
一直运行完成
初始化smbldap库
smbldap-populate
smbldap-populate
Populating LDAPdirectory for domain cxth-pdc (S-1-5-21-3536009721-1653818412-2151149546)
(using builtindirectory structure)
entrydc=cxth,dc=com already exist.
adding new entry: ou=Users,dc=cxth,dc=com
adding new entry:ou=Groups,dc=cxth,dc=com
adding new entry:ou=Computers,dc=cxth,dc=com
adding new entry:ou=Idmap,dc=cxth,dc=com
adding new entry:uid=root,ou=Users,dc=cxth,dc=com
adding new entry:uid=nobody,ou=Users,dc=cxth,dc=com
adding new entry:cn=Domain Admins,ou=Groups,dc=cxth,dc=com
adding new entry:cn=Domain Users,ou=Groups,dc=cxth,dc=com
adding new entry:cn=Domain Guests,ou=Groups,dc=cxth,dc=com
adding new entry:cn=Domain Computers,ou=Groups,dc=cxth,dc=com
adding new entry:cn=Administrators,ou=Groups,dc=cxth,dc=com
adding new entry:cn=Account Operators,ou=Groups,dc=cxth,dc=com
adding new entry:cn=Print Operators,ou=Groups,dc=cxth,dc=com
adding new entry:cn=Backup Operators,ou=Groups,dc=cxth,dc=com
adding new entry:cn=Replicators,ou=Groups,dc=cxth,dc=com
adding new entry:sambaDomainName=cxth-pdc,dc=cxth,dc=com
Please provide apassword for the domain root:
Changing UNIX andsamba passwords for root
New password:
Retype newpassword:
New passwordsdon't match!
会提醒你输入新的密码重复即可
smbldap-usershowuser1 查看用户
[root@localhostopenldap]# smbclient -L 192.168.6.59 -U user2
ERROR: invalid DOScharset: 'dos charset' must not be UTF8, using (default value) CP850 instead.
Enter user2'spassword:
session setupfailed: NT_STATUS_LOGON_FAILURE
提示以上错误是因为user1的密码不能是系统的密码
需要使用
smbpasswd-a user1
smbldap_search_domain_info:Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=CXTH-PDC))]
smbldap_open_connection:connection opened
ldap_connect_system:successful connection to the LDAP server
New SMB password:
Retype new SMBpassword:
smbldap_search_domain_info:Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=CXTH-PDC))]
ldapsam_add_sam_account:User exists without samba attributes: adding them
init_ldap_from_sam:Setting entry for user: user1
ldapsam_add_sam_account:added: uid == user1 in the LDAP database
init_sam_from_ldap:Entry found for user: user1
Forcing PrimaryGroup to 'Domain Users' for user1
init_ldap_from_sam:Setting entry for user: user1
ldapsam_modify_entry:LDAP Password changed for user user1
ldapsam_update_sam_account:successfully modified uid = user1 in the LDAP database
Added user user1.
输入一个user1的smb登录密码
测试成功与否
smbclient -L192.168.6.59 -U user1
ERROR: invalid DOScharset: 'dos charset' must not be UTF8, using (default value) CP850 instead.
Enter user1'spassword:
Domain=[CXTH-PDC]OS=[Unix] Server=[Samba 3.6.23-25.el6_7]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server 3.6.23-25.el6_7)
user1 Disk repertoire de user1, user1
Domain=[CXTH-PDC]OS=[Unix] Server=[Samba 3.6.23-25.el6_7]
Server Comment
--------- -------
Workgroup Master
--------- -------