smbldap-tools (SuSe)

Notice: Undefined variable: suffix in /srv/www/lbr.com.br/site/modules/assunto/assunto.php(98) : eval()'d code on line 179
Nome do domínio smb: matriz
Nome da empresa:     abc123
Nome da Maquina:     smb-pdc
Senha do ldap:       umaqualquer
  1. Instalar e configurar o apt-get
  2. Instalar os pacotes
    smbldap-tools
    openldap-server
    samba-server
    samba-doc
    perl-ldap
    
  3. Configurar o ldap
    • Criar a senha do ldap
      [root@linux root]# slappasswd
      New password: umaqualquer
      Re-enter new password: umaqualquer
      {SSHA}jeKKIJnrZpODMuoX8bxQ5Ozlh/2ehWzf
      
      essa senha será usada posteriormente. Deve ser copiada!
    • Copiar o schema do samba
      cp /usr/share/doc/[versao do samba]/examples/LDAP/samba.schema /etc/openldap/schema
      
    • Editar o arquivo /etc/openldap/slapd.conf
      include         /etc/openldap/schema/core.schema
      include         /etc/openldap/schema/cosine.schema
      include         /etc/openldap/schema/inetorgperson.schema
      include         /etc/openldap/schema/java.schema
      include         /etc/openldap/schema/krb5-kdc.schema
      include         /etc/openldap/schema/misc.schema
      include         /etc/openldap/schema/nis.schema
      include         /etc/openldap/schema/openldap.schema
      
      include         /etc/openldap/schema/samba.schema
      
      database        bdb
      suffix          "o=abc123,c=BR"
      rootdn          "cn=Manager,o=abc123,c=BR"
      rootpw          {SSHA}jeKKIJnrZpODMuoX8bxQ5Ozlh/2ehWzf (esta é a senha criada anteriormente)
      directory       /var/lib/openldap-data
      index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
      index   cn,mail,surname,givenname                       eq,sub
      
      access to attrs=userPassword,sambaNTPassword,sambaLMPassword
            by dn="cn=Manager,o=abc123,c=BR" write
            by self write
            by anonymous auth
            by * none
      
      acess to attr=shadowLastChange
            by self write
            by * read
      
      access to *
            by * read
      
    • Iniciar o serviço do ldap
      service ldap start
      
  4. Copiar os executaveis
    cp /usr/share/doc/packages/samba/examples/LDAP/smbldap-tools-0.9.1/smbldap_tools.pm /usr/lib/perl5/vendor_perl/5.8.3/
    cp /usr/share/doc/packages/samba/examples/LDAP/smbldap-tools-0.9.1/smbldap-* /usr/local/bin/
    chmod u+x /usr/local/bin/smbldap-*
    
  5. Configurar o samba
    • editar o arquivo /etc/samba/smb.conf
      Logo apos os parametros do Global inclur as seguintes linhas:
      
      #=========================== smb-ldap config ==============================
              ldap delete dn = No
              add user script = /usr/sbin/smbldap-useradd -a -m "%u"
              delete user script = /usr/sbin/smbldap-userdel "%u"
              add machine script = /usr/sbin/smbldap-useradd -w "%u"
              add group script = /usr/sbin/smbldap-groupadd -p "%g"
              delete group script = /usr/sbin/smbldap-groupdel "%g"
              add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
              delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
              set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
      #============================ domain config ===============================
              os level = 1
              preferred master = Yes
              domain master = Yes
              local master = Yes
              domain logons = Yes
              wins support = Yes
      #============================= ldap config ================================
              passdb backend = ldapsam:ldap://127.0.0.1/
              ldap passwd sync = Yes
              ldap admin dn = cn=Manager,o=abc123,c=BR
              ldap suffix = o=abc123,c=BR
              ldap group suffix = ou=Groups
              ldap user suffix = ou=Users
              ldap machine suffix = ou=Computers
              ldap idmap suffix = ou=Idmap
              idmap uid=10000-20000
              idmap gid=10000-20000
              idmap backend = ldap://127.0.0.1
              ldap filter = (uid=%u)
      
    • Senha do ldap no samba
        smbpasswd -w umaqualquer
        
    • Configuração do Smbldap-tools
        chmod u+x /usr/share/doc/packages/samba/examples/LDAP/smbldap-tools-0.9.1/configure.pl
        /usr/share/doc/packages/samba/examples/LDAP/smbldap-tools-0.9.1/configure.pl
        
        cd /usr/share/doc/smbldap-tools-0.8.5/
        chmod u+x configure.pl
        ./configure.pl
        
        Unrecognized escape p passed through at ./configure.pl line 194.
        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
               smbldap-tools script configuration
               -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
        Before starting, check
         . if your samba controller is up and running.
         . if the domain SID is defined (you can get it with the 'net getlocalsid')
        
         . you can leave the configuration using the Crtl-c key combination
         . empty value can be set with the "." caracter
        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
        Looking for configuration files...
        
        Samba Config File Location [/etc/samba/smb.conf] >
        smbldap Config file Location (global parameters) [/etc/smbldap-tools/smbldap.conf] >
        smbldap Config file Location (bind parameters) [/etc/smbldap-tools/smbldap_bind.conf] >
        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
        Let's start configuring the smbldap-tools scripts ...
        
        . workgroup name: name of the domain Samba act as a PDC
          workgroup name [matriz] >
        . netbios name: netbios name of the samba controler
          netbios name [netbiosname] >
        . logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
          logon drive [logondrive] > h:
        . logon home: home directory location (for Win95/98 or NT Workstation).
          (use %U as username) Ex:'
        etbiosnamehome%U'
          logon home (leave blank if you don't want homeDirectory) [
        etbiosnamehome%U] >
        . logon path: directory where roaming profiles are stored. Ex:'
        etbiosnameprofiles%U'
          logon path (leave blank if you don't want roaming profile) [
        etbiosnameprofiles%U] >
        . home directory prefix (use %U as username) [/home/%U] >
        . default user netlogon script (use %U as username) [%U.cmd] >
          default password validation time (time in days) [45] >
        . ldap suffix [o=abc123,c=BR] >
        . ldap group suffix [ou=Groups] >
        . ldap user suffix [ou=Users] >
        . ldap machine suffix [ou=Computers] >
        . Idmap suffix [ou=Idmap] >
        . sambaUnixIdPooldn: object where you want to store the next uidNumber
          and gidNumber available for new users and groups
          sambaUnixIdPooldn object (relative to ) [cn=NextFreeUnixId] >
        . ldap master server: IP adress or DNS name of the master (writable) ldap server
          ldap master server [127.0.0.1] >
        . ldap master port [389] >
        . ldap master bind dn [cn=Manager,o=abc123,c=BR] >
        . ldap master bind password [] >
        . ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
          ldap slave server [127.0.0.1] >
        . ldap slave port [389] >
        . ldap slave bind dn [cn=Manager,o=abc123,c=BR] >
        . ldap slave bind password [] >
        . ldap tls support (1/0) [0] >
        . SID for domain matriz: SID of the domain (can be obtained with 'net getlocalsid netbiosname')
          SID for domain matriz [S-1-5-21-2040866544-2321739301-28210453] >
        . unix password encryption: encryption used for unix passwords
          unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] >
        . default user gidNumber [513] >
        . default computer gidNumber [515] >
        . default login shell [/bin/bash] >
        . default domain name to append to mail adress [] > abc123.com.br
        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
        backup old configuration files:
          /etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
          /etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
        writing new configuration file:
          /etc/smbldap-tools/smbldap.conf done.
          /etc/smbldap-tools/smbldap_bind.conf done.
        
        
    • Preenchimento inicial
        smbldap-populate
        
IP
3.236.51.151