Install samba ,config samba and smbldap-tools
Install samba
# rpm -ivh /mnt/cdrom/Server/samba-common-3.0.23c-2
# rpm -ivh /mnt/cdrom/Server/samba-3.0.23c-2
# rpm -ivh /mnt/cdrom/Server/samba-clients-3.0.23c-2
Config /etc/samba/smb.conf
# Global parameters
[global]
workgroup = gtsc_samba
netbios name = ldap
security = user
server string = Samba Server created by GTSC Hu Changwen
encrypt passwords = yes
ldap password sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Dos charset = UTF-8
Unix charset = UTF-8
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = no
domain master = no
os level = 65
preferred master = no
wins support =yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=manager,dc=dne,dc=com
ldap suffix = dc=dne,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
[printers]
comment = Network Printers
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
[samba]
path= /tmp/
write list = root
[gtsc_server]
path = /root/
guest ok = no
write list = samba2
Config smbldap-tools
[email protected]]# ./configure.pl
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
smbldap-tools script configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Before starting, check
. if your samba controller is up and running.
. if the domain SID is defined (you can get it with the 'net getlocalsid')
. you can leave the configuration using the Crtl-c key combination
. empty value can be set with the "." character
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Looking for configuration files...
Samba Configuration File Path [/etc/samba/smb.conf] >
The default directory in which the smbldap configuration files are stored is shown.
If you need to change this, enter the full directory path, then press enter to continue.
Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] >
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's start configuring the smbldap-tools scripts ...
. workgroup name: name of the domain Samba act as a PDC
workgroup name [gtsc_samba] >
. netbios name: netbios name of the samba controler
netbios name [ldap] >
. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
logon drive [H:] >
. logon home: home directory location (for Win95/98 or NT Workstation).
(use %U as username) Ex:'\\ldap\%U'
logon home (press the "." character if you don't want homeDirectory) [\\ldap\%U] >
. logon path: directory where roaming profiles are stored. Ex:'\\ldap\profiles\%U'
logon path (press the "." character if you don't want roaming profile) [\\ldap\profiles\%U] >
. home directory prefix (use %U as username) [/home/%U] >
. default users' homeDirectory mode [700] >
. default user netlogon script (use %U as username) [logon.bat] >
default password validation time (time in days) [45] >
. ldap suffix [dc=dne,dc=com] >
. ldap group suffix [ou=Groups] >
. ldap user suffix [ou=Users] >
. ldap machine suffix [ou=Computers] >
. Idmap suffix [ou=Idmap] >
. sambaUnixIdPooldn: object where you want to store the next uidNumber
and gidNumber available for new users and groups
sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=gtsc_samba] >
. ldap master server: IP adress or DNS name of the master (writable) ldap server
ldap master server [127.0.0.1] >
. ldap master port [389] >
. ldap master bind dn [cn=manager,dc=dne,dc=com] >
. ldap master bind password [] >
. ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
ldap slave server [127.0.0.1] >
. ldap slave port [389] >
. ldap slave bind dn [cn=manager,dc=dne,dc=com] >
. ldap slave bind password [] >
. ldap tls support (1/0) [0] >
. SID for domain gtsc_samba: SID of the domain (can be obtained with 'net getlocalsid ldap')
SID for domain gtsc_samba [S-1-5-21-63238693-50811939-1006496924] >
. unix password encryption: encryption used for unix passwords
unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] >
. default user gidNumber [513] >
. default computer gidNumber [515] >
. default login shell [/bin/bash] >
. default skeleton directory [/etc/skel] >
. default domain name to append to mail adress [] > dne.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
backup old configuration files:
/etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
/etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
writing new configuration file:
/etc/smbldap-tools/smbldap.conf done.
/etc/smbldap-tools/smbldap_bind.conf done.
[root@ldap smbldap-tools-0.9.1]#
Initialize ldap database
[root@ldap ~]# smbld ap-populate
Populating LDAP directory for domain gtsc_samba (S-1-5-21-63238693-50811939-1006496924)
(using builtin directory structure)
adding new entry: dc=dne,dc=com
adding new entry: ou=Users,dc=dne,dc=com
adding new entry: ou=Groups,dc=dne,dc=com
adding new entry: ou=Computers,dc=dne,dc=com
adding new entry: ou=Idmap,dc=dne,dc=com
adding new entry: uid=root,ou=Users,dc=dne,dc=com
adding new entry: uid=nobody,ou=Users,dc=dne,dc=com
adding new entry: cn=Domain Admins,ou=Groups,dc=dne,dc=com
adding new entry: cn=Domain Users,ou=Groups,dc=dne,dc=com
adding new entry: cn=Domain Guests,ou=Groups,dc=dne,dc=com
adding new entry: cn=Domain Computers,ou=Groups,dc=dne,dc=com
adding new entry: cn=Administrators,ou=Groups,dc=dne,dc=com
adding new entry: cn=Account Operators,ou=Groups,dc=dne,dc=com
adding new entry: cn=Print Operators,ou=Groups,dc=dne,dc=com
adding new entry: cn=Backup Operators,ou=Groups,dc=dne,dc=com
adding new entry: cn=Replicators,ou=Groups,dc=dne,dc=com
adding new entry: sambaDomainName=gtsc_samba,dc=dne,dc=com
Please provide a password for the domain root:
Changing password for root
New password :
Retype new password :
[root@ldap ~]#
Test smbldap-tools
# smbldap-groupadd -a -p samba
1000
# smbldap-useradd -u 1000 -g 1000 -a -m samba