smbldap-tools (mandriva)

Notice: Undefined variable: suffix in /srv/www/lbr.com.br/site/modules/assunto/assunto.php(98) : eval()'d code on line 157
Nome do domínio smb: matriz
Nome da empresa:     abc123
Nome da Maquina:     smb-pdc
Senha do ldap:       umaqualquer
  1. Instalar e configurar o urpmi
  2. Alterar o nome da máquina no arquivo /etc/sysconfig/network
    HOSTNAME=smb-pdc
  3. Instalar os pacotes
    smbldap-tools
    openldap-servers
    samba-server
    samba-client
    
  4. Configurar o ldap
    • Criar a senha do ldap
      [root@linux root]# slappasswd
      New password: umaqualquer
      Re-enter new password: umaqualquer
      {SSHA}jeKKIJnrZpODMuoX8bxQ5Ozlh/2ehWzf
      
      essa senha será usada posteriormente. Deve ser copiada!
    • Editar o arquivo /etc/openldap/slapd.conf
      
      include         /usr/share/openldap/schema/core.schema
      include         /usr/share/openldap/schema/cosine.schema
      include         /usr/share/openldap/schema/inetorgperson.schema
      include         /usr/share/openldap/schema/java.schema
      include         /usr/share/openldap/schema/krb5-kdc.schema
      include         /usr/share/openldap/schema/misc.schema
      include         /usr/share/openldap/schema/nis.schema
      include         /usr/share/openldap/schema/openldap.schema
      
      include         /usr/share/openldap/schema/samba.schema
      
      
      database        bdb
      suffix          "dc=abc123,dc=BR"
      rootdn          "cn=Manager,dc=abc123,dc=BR"
      rootpw          {SSHA}jeKKIJnrZpODMuoX8bxQ5Ozlh/2ehWzf (esta é a senha criada anteriormente)
      directory       /var/lib/ldap
      index           objectClass,uid,uidNumber,gidNumber,memberUid   eq
      index           cn,mail,surname,givenname                       eq,subinitial
      
    • Iniciar o serviço do ldap
  5. Configurar o samba
    • editar o arquivo /etc/samba/smb.conf
      Alterar:
         workgroup = abc123
      netbios name = smb-pdc
      idmap uid = 10000-20000
      idmap gid = 10000-20000
      local master = yes
      os level = 255
      domain master = yes
      preferred master = yes
      domain logons = yes
      
      add user script = /usr/sbin/smbldap-useradd -m '%u'
      delete user script = /usr/sbin/smbldap-userdel '%u'
      add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
      delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
      set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
      add group script = /usr/sbin/smbldap-groupadd '%g' && /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}'
      delete group script = /usr/sbin/smbldap-groupdel '%g'
      
      add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u'
      passdb backend = ldapsam:ldap://127.0.0.1/
      idmap backend = ldap://127.0.0.1
      ldap admin dn = cn=manager,dc=abc123,dc=BR
      ldap suffix = dc=abc123,dc=BR
      
      ldap machine suffix = ou=Computers
      ldap user suffix = ou=Users
      ldap group suffix = ou=Groups
      ldap idmap suffix = ou=Idmap
      
      wins support = yes
      
    • Senha do ldap no samba
        smbpasswd -W
        New SMB password: umaqualquer
        Retype new SMB password: umaqualquer
        
    • Iniciar o serviço samba.
    • Configuração do Smbldap-tools
        Executar o comando:
        /usr/share/doc/smbldap-tools/configure.pl
        
        Responder as perguntas:
        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
               smbldap-tools script configuration
               -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
        Before starting, check
         . if your samba controller is up and running.
         . if the domain SID is defined (you can get it with the 'net getlocalsid')
        
         . you can leave the configuration using the Crtl-c key combination
         . empty value can be set with the "." caracter
        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
        Looking for configuration files...
        
        Samba Config File Location [/etc/samba/smb.conf] >
        smbldap Config file Location (global parameters) [/etc/smbldap-tools/smbldap.conf] >
        smbldap Config file Location (bind parameters) [/etc/smbldap-tools/smbldap_bind.conf] >
        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
        Let's start configuring the smbldap-tools scripts ...
        
        . workgroup name: name of the domain Samba act as a PDC
          workgroup name [matriz] >
        . netbios name: netbios name of the samba controler
          netbios name [netbiosname] >
        . logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
          logon drive [logondrive] > h:
        . logon home: home directory location (for Win95/98 or NT Workstation).
          (use %U as username) Ex:'netbiosnamehome%U'
          logon home (leave blank if you don't want homeDirectory) [netbiosnamehome%U] >
        . logon path: directory where roaming profiles are stored. Ex:'netbiosnameprofiles%U'
          logon path (leave blank if you don't want roaming profile) [netbiosnameprofiles%U] >
        . home directory prefix (use %U as username) [/home/%U] >
        . default user netlogon script (use %U as username) [%U.cmd] >
          default password validation time (time in days) [45] >
        . ldap suffix [dc=abc123,dc=BR] >
        . ldap group suffix [ou=Groups] >
        . ldap user suffix [ou=Users] >
        . ldap machine suffix [ou=Computers] >
        . Idmap suffix [ou=Idmap] >
        . sambaUnixIdPooldn: object where you want to store the next uidNumber
          and gidNumber available for new users and groups
          sambaUnixIdPooldn object (relative to ) [cn=NextFreeUnixId] >
        . ldap master server: IP adress or DNS name of the master (writable) ldap server
          ldap master server [127.0.0.1] >
        . ldap master port [389] >
        . ldap master bind dn [cn=Manager,dc=abc123,dc=BR] >
        . ldap master bind password [] >
        . ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
          ldap slave server [127.0.0.1] >
        . ldap slave port [389] >
        . ldap slave bind dn [cn=Manager,dc=abc123,dc=BR] >
        . ldap slave bind password [] >
        . ldap tls support (1/0) [0] >
        . SID for domain matriz: SID of the domain (can be obtained with 'net getlocalsid netbiosname')
          SID for domain matriz [S-1-5-21-2040866544-2321739301-28210453] >
        . unix password encryption: encryption used for unix passwords
          unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] >
        . default user gidNumber [513] >
        . default computer gidNumber [515] >
        . default login shell [/bin/bash] >
        . default domain name to append to mail adress [] > abc123.com.br
        -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
        backup old configuration files:
          /etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
          /etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
        writing new configuration file:
          /etc/smbldap-tools/smbldap.conf done.
          /etc/smbldap-tools/smbldap_bind.conf done.
        
        
    • Execute o comando:
       smbldap-populate -e /root/abc123.ldiff
      
    • Edite o arquivo criado /root/abc123.ldiff e modifique a linha:
      De: dn: cn=Idmap,dc=linkfast,dc=BR
      
      Para: dn: ou=cn=Idmap,dc=linkfast,dc=BR
      
    • Pare o serviço Ldap.
    • No diretório /var/lib/ldap, deixe apenas os arquivos: DB_CONFIG e DB_CONFIG.example. Apague os outros arquivos desse diretório.
    • Execute o comando:
      slapadd -l abc123.ldiff
      
      e depois o comando:
      slapcat
      
    • Inicie o serviço Ldap.
    • Preenchimento inicial
        smbldap-populate
        
IP
3.235.179.111