Ldap+smb

Ldap安装就不说了,

安装smb

Yum install samba* -y

yum install nscd* -y

yum install nss-pam-ldapd –y

yum install epel* -y

yum install smbldap* -y

以上安装各种匹配包

Copy 一个支持ldapsmb包到/etc/openldap/scheme

cp/usr/share/doc/samba-3.6.23/LDAP/samba.schema /etc/openldap/schema/

chown ldap:ldap /etc/openldap/schema/ -R

setup

Vim /etc/openldap/slapd.conf

添加一行

 

include        /etc/openldap/schema/samba.schema

修改index

index objectClass,uidNumber,gidNumber eq

index cn,sn,uid,displayName pres,sub,eq

index memberUid,mail,givenname eq,subinitial

index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq

access toattrs=userPassword,sambaLMPassword,sambaNTPassword

        by selfwrite

        byanonymous auth

        by *none

access to *

        by *read

更改ldap.conf文件

vim ldap.conf

 

#

# LDAP Defaults

#

 

# See ldap.conf(5) for details

# This file should be world readable but not worldwritable.

 

BASE dc=cxth,dc=com

#URI    ldap://ldap.example.comldap://ldap-master.example.com:666

 

#SIZELIMIT     12

#TIMELIMIT     15

#DEREF         never

 

#TLS_CACERTDIR /etc/openldap/cacerts

URI ldap://127.0.0.1/

#TLS_CACERTDIR /etc/openldap/cacerts

nss_base_passwd ou=Users,dc=cxth,dc=com?one

nss_base_passwd ou=Computers,dc=cxth,dc=com?one

nss_base_shadow ou=Users,dc=cxth,dc=com?one

nss_base_group ou=Groups,dc=cxth,dc=com?one

ldap配置文件完成重启服务并查看端口

service slapd restart

 netstat-an|grep 389

下面开始配置smb

备份老文件

cp /etc/samba/smb.conf /etc/samba/backup_smb.conf

拷贝smbldap-tools下的smb.confsamba

cp /usr/share/doc/smbldap-tools-0.9.6/smb.conf/etc/samba/

cd /etc/samba

vim smb.conf

[global]

workgroup = cxth-pdc

netbios name = PDC

server string = Samba Server %v

log file = /var/log/samba/log.%m

security = user

encrypt passwords = Yes

obey pam restrictions = No

ldap passwd sync = Yes

log level = 3

syslog = 0

max log size = 100000

time server = Yes

socket options = TCP_NODELAY SO_RCVBUF=8192SO_SNDBUF=8192

mangling method = hash2

Dos charset = UTF-8

Unix charset = UTF-8

logon script = %U.bat

logon drive = H:

domain logons = Yes

os level = 65

preferred master = Yes

domain master = Yes

 

passdb backend = ldapsam:ldap://127.0.0.1/

ldap admin dn = cn=Manager,dc=cxth,dc=com

ldap suffix = dc=cxth,dc=com

ldap group suffix = ou=Groups

ldap user suffix = ou=Users

ldap machine suffix = ou=Computers

ldap ssl = off

ldap delete dn = Yes

add user script = /sbin/smbldap-useradd -m"%u"

add machine script = /sbin/smbldap-useradd -t 0 -w"%u"

add group script = /sbin/smbldap-groupadd -p"%g"

add user to group script = /sbin/smbldap-groupmod -m"%u" "%g"

delete user from group script = /sbin/smbldap-groupmod-x "%u" "%g"

set primary group script = /sbin/smbldap-usermod -g'%g' '%u'

############################## Homes parameters############################

[homes]

comment = repertoire de %U, %u

browseable = no

writeable = yes

read only = no

force create mode = 0700

create mode = 0700

force directory mode = 0700

directory mode = 700

############################# Netlogone parameters##########################

[netlogon]

path = /home/netlogon/

browseable = No

read only = yes

############################# Public parameters##########################

[public]

comment = Public Directory

path = /home/public/

browseable = No

writable = yes

guest ok = yes

create mask = 0777

以上是我自己的机器配置下面是网上文档的内容

############################## Globalparameters############################

[global]

workgroup = easy-pdc

netbios name = PDC

server string = Samba Server %v

log file = /var/log/samba/log.%m

security = user

encrypt passwords = Yes

obey pam restrictions = No

ldap passwd sync = Yes

log level = 3

syslog = 0

max log size = 100000

time server = Yes

socket options = TCP_NODELAY SO_RCVBUF=8192SO_SNDBUF=8192

mangling method = hash2

Dos charset = UTF-8

Unix charset = UTF-8

logon script = %U.bat

logon drive = H:

domain logons = Yes

os level = 65

preferred master = Yes

domain master = Yes

继续smb.conf文件内容:

详细配置内容:

passdb backend = ldapsam:ldap://127.0.0.1/

ldap admin dn = cn=Manager,dc=easy,dc=com

ldap suffix = dc=easy,dc=com

ldap group suffix = ou=Groups

ldap user suffix = ou=Users

ldap machine suffix = ou=Computers

ldap ssl = off

ldap delete dn = Yes

add user script = /sbin/smbldap-useradd -m"%u"

add machine script = /sbin/smbldap-useradd -t 0 -w"%u"

add group script = /sbin/smbldap-groupadd -p"%g"

add user to group script = /sbin/smbldap-groupmod -m"%u" "%g"

delete user from group script = /sbin/smbldap-groupmod-x "%u" "%g"

set primary group script = /sbin/smbldap-usermod -g'%g' '%u'

############################## Homes parameters############################

[homes]

comment = repertoire de %U, %u

browseable = no

writeable = yes

read only = no

force create mode = 0700

create mode = 0700

force directory mode = 0700

directory mode = 700

############################# Netlogone parameters##########################

[netlogon]

path = /home/netlogon/

browseable = No

read only = yes

############################# Public parameters##########################

[public]

comment = Public Directory

path = /home/public/

browseable = No

writable = yes

guest ok = yes

create mask = 0777

 

创建2个目录

# mkdir /home/netlogon

# mkdir /home/public

# service smb start

启动 SMB 服务: [ 确定 ]

启动 NMB 服务: [ 确定 ]

# smbpasswd -w jinbiao (这个jinbiao是在sldap.conf里配置的root密码)

Setting stored password for"cn=Manager,dc=easy,dc=com" in secrets.tdb

使用testparm命令来测试Samba服务器是否正常启动:

详细操作:

# testparm

Load smb config files from /etc/samba/smb.conf

Processing section "[homes]"

Processing section "[netlogon]"

Processing section "[public]"

Loaded services file OK.

Server role: ROLE_DOMAIN_PDC

Press enter to see a dump of your service definitions

Sambldap的配置使用过程

cd /usr/share/doc/smbldap-tools-0.9.6/

chomd 777 /usr/share/doc/smbldap-tools-0.9.6/ -R

./configure.pl

运行这个命令时有2个地方需要输入密码就是上面的sldap.conf里的root密码

一直运行完成

初始化smbldap

smbldap-populate

smbldap-populate

Populating LDAPdirectory for domain cxth-pdc (S-1-5-21-3536009721-1653818412-2151149546)

(using builtindirectory structure)

 

entrydc=cxth,dc=com already exist.

adding new entry: ou=Users,dc=cxth,dc=com

adding new entry:ou=Groups,dc=cxth,dc=com

adding new entry:ou=Computers,dc=cxth,dc=com

adding new entry:ou=Idmap,dc=cxth,dc=com

adding new entry:uid=root,ou=Users,dc=cxth,dc=com

adding new entry:uid=nobody,ou=Users,dc=cxth,dc=com

adding new entry:cn=Domain Admins,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Domain Users,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Domain Guests,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Domain Computers,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Administrators,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Account Operators,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Print Operators,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Backup Operators,ou=Groups,dc=cxth,dc=com

adding new entry:cn=Replicators,ou=Groups,dc=cxth,dc=com

adding new entry:sambaDomainName=cxth-pdc,dc=cxth,dc=com

 

Please provide apassword for the domain root:

Changing UNIX andsamba passwords for root

New password:

Retype newpassword:

New passwordsdon't match!

会提醒你输入新的密码重复即可

smbldap-usershowuser1 查看用户

[root@localhostopenldap]# smbclient -L 192.168.6.59 -U user2

ERROR: invalid DOScharset: 'dos charset' must not be UTF8, using (default value) CP850 instead.

Enter user2'spassword:

session setupfailed: NT_STATUS_LOGON_FAILURE

提示以上错误是因为user1的密码不能是系统的密码

需要使用

smbpasswd-a user1

smbldap_search_domain_info:Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=CXTH-PDC))]

smbldap_open_connection:connection opened

ldap_connect_system:successful connection to the LDAP server

New SMB password:

Retype new SMBpassword:

smbldap_search_domain_info:Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=CXTH-PDC))]

ldapsam_add_sam_account:User exists without samba attributes: adding them

init_ldap_from_sam:Setting entry for user: user1

ldapsam_add_sam_account:added: uid == user1 in the LDAP database

init_sam_from_ldap:Entry found for user: user1

Forcing PrimaryGroup to 'Domain Users' for user1

init_ldap_from_sam:Setting entry for user: user1

ldapsam_modify_entry:LDAP Password changed for user user1

ldapsam_update_sam_account:successfully modified uid = user1 in the LDAP database

Added user user1.

输入一个user1smb登录密码

测试成功与否

smbclient -L192.168.6.59 -U user1

ERROR: invalid DOScharset: 'dos charset' must not be UTF8, using (default value) CP850 instead.

Enter user1'spassword:

Domain=[CXTH-PDC]OS=[Unix] Server=[Samba 3.6.23-25.el6_7]

 

       Sharename       Type     Comment

       ---------       ----     -------

       IPC$            IPC       IPC Service (Samba Server 3.6.23-25.el6_7)

       user1           Disk      repertoire de user1, user1

Domain=[CXTH-PDC]OS=[Unix] Server=[Samba 3.6.23-25.el6_7]

 

       Server               Comment

       ---------            -------

 

       Workgroup            Master

       ---------            -------