smbldap-tools (Red Hat)

Notice: Undefined variable: suffix in /srv/www/ : eval()'d code on line 190
Nome do domínio smb: matriz
Nome da empresa:     abc123
Senha do ldap:       umaqualquer
  1. Instalar e configurar o apt-get
    Baixar o pacote no site
    E instalá-lo na sua maquina
    rpm -ivh apt-versão-correta-para-minha-distribuição.rpm
  2. - se houver proxy em sua rede, edite o arquivo /etc/apt/apt.conf. Exemplo para http e ftp:
       Retries "0";
          proxy "http://USER:SENHA@LOCAL-PROXY:PORT";
          proxy "ftp://USER:SENHA@LOCAL-PROXY:PORT";
          passive "true";
          proxy::passive "true";
  3. Instalar o pacote
  4. Baixar e instalar o rpm
  5. Configurar o ldap
    • Criar a senha do ldap
      [root@linux root]# slappasswd
      New password: umaqualquer
      Re-enter new password: umaqualquer
    • Copiar o schema do samba
      cp /usr/share/doc/samba-3.0.13/examples/LDAP/samba.schema /etc/openldap/schema
    • Editar o arquivo /etc/openldap/slapd.conf
      include         /etc/openldap/schema/core.schema
      include         /etc/openldap/schema/cosine.schema
      include         /etc/openldap/schema/inetorgperson.schema
      include         /etc/openldap/schema/nis.schema
      include         /etc/openldap/schema/samba.schema
      include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
      include         /etc/openldap/schema/redhat/autofs.schema
      include         /etc/openldap/schema/redhat/kerberosobject.schema
      database        ldbm
      suffix          "o=abc123,c=BR"
      rootdn          "cn=Manager,o=abc123,c=BR"
      rootpw          {SSHA}jeKKIJnrZpODMuoX8bxQ5Ozlh/2ehWzf
      directory       /var/lib/ldap
      index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
      index   cn,mail,surname,givenname                       eq,subinitial
      access to attrs=userPassword,sambaNTPassword,sambaLMPassword
            by dn="cn=Manager,o=abc123,c=BR" write
            by self write
            by anonymous auth
            by * none
      access to *
            by * read
    • Iniciar o serviço do ldap
  6. Configurar o samba
    • editar o arquivo /etc/samba/smb.conf
      Logo apos os parametros do Global inclur as seguintes linhas:
      #=========================== smb-ldap config ==============================
              ldap delete dn = No
              add user script = /usr/sbin/smbldap-useradd -a -m "%u"
              delete user script = /usr/sbin/smbldap-userdel "%u"
              add machine script = /usr/sbin/smbldap-useradd -w "%u"
              add group script = /usr/sbin/smbldap-groupadd -p "%g"
              delete group script = /usr/sbin/smbldap-groupdel "%g"
              add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
              delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
              set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
      #============================ domain config ===============================
              os level = 1
              preferred master = Yes
              domain master = Yes
              local master = Yes
              domain logons = Yes
              wins support = Yes
      #============================= ldap config ================================
              passdb backend = ldapsam:ldap://
              ldap passwd sync = Yes
              ldap admin dn = cn=Manager,o=abc123,c=BR
              ldap suffix = o=abc123,c=BR
              ldap group suffix = ou=Groups
              ldap user suffix = ou=Users
              ldap machine suffix = ou=Computers
              ldap idmap suffix = ou=Idmap
              idmap uid=10000-20000
              idmap gid=10000-20000
              idmap backend = ldap://
              ldap filter = (uid=%u)
    • Senha do ldap no samba
        smbpasswd -w umaqualquer
  7. Configuração do Smbldap-tools
      cd /usr/share/doc/smbldap-tools-0.8.5/
      chmod u+x
      Unrecognized escape p passed through at ./ line 194.
             smbldap-tools script configuration
      Before starting, check
       . if your samba controller is up and running.
       . if the domain SID is defined (you can get it with the 'net getlocalsid')
       . you can leave the configuration using the Crtl-c key combination
       . empty value can be set with the "." caracter
      Looking for configuration files...
      Samba Config File Location [/etc/samba/smb.conf] >
      smbldap Config file Location (global parameters) [/etc/smbldap-tools/smbldap.conf] >
      smbldap Config file Location (bind parameters) [/etc/smbldap-tools/smbldap_bind.conf] >
      Let's start configuring the smbldap-tools scripts ...
      . workgroup name: name of the domain Samba act as a PDC
        workgroup name [matriz] >
      . netbios name: netbios name of the samba controler
        netbios name [netbiosname] >
      . logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
        logon drive [logondrive] > h:
      . logon home: home directory location (for Win95/98 or NT Workstation).
        (use %U as username) Ex:'
        logon home (leave blank if you don't want homeDirectory) [
      etbiosnamehome%U] >
      . logon path: directory where roaming profiles are stored. Ex:'
        logon path (leave blank if you don't want roaming profile) [
      etbiosnameprofiles%U] >
      . home directory prefix (use %U as username) [/home/%U] >
      . default user netlogon script (use %U as username) [%U.cmd] >
        default password validation time (time in days) [45] >
      . ldap suffix [o=abc123,c=BR] >
      . ldap group suffix [ou=Groups] >
      . ldap user suffix [ou=Users] >
      . ldap machine suffix [ou=Computers] >
      . Idmap suffix [ou=Idmap] >
      . sambaUnixIdPooldn: object where you want to store the next uidNumber
        and gidNumber available for new users and groups
        sambaUnixIdPooldn object (relative to ) [cn=NextFreeUnixId] >
      . ldap master server: IP adress or DNS name of the master (writable) ldap server
        ldap master server [] >
      . ldap master port [389] >
      . ldap master bind dn [cn=Manager,o=abc123,c=BR] >
      . ldap master bind password [] >
      . ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
        ldap slave server [] >
      . ldap slave port [389] >
      . ldap slave bind dn [cn=Manager,o=abc123,c=BR] >
      . ldap slave bind password [] >
      . ldap tls support (1/0) [0] >
      . SID for domain matriz: SID of the domain (can be obtained with 'net getlocalsid netbiosname')
        SID for domain matriz [S-1-5-21-2040866544-2321739301-28210453] >
      . unix password encryption: encryption used for unix passwords
        unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] >
      . default user gidNumber [513] >
      . default computer gidNumber [515] >
      . default login shell [/bin/bash] >
      . default domain name to append to mail adress [] >
      backup old configuration files:
      writing new configuration file:
        /etc/smbldap-tools/smbldap.conf done.
        /etc/smbldap-tools/smbldap_bind.conf done.
  8. Preenchimento inicial