Help - Search - Members - Calendar
Full Version: Centos 4.0 Samba Pdc With Ldap
Linuxhelp > Support > Guides Forum
Robert83
Hello everyone,

I was searching the net to do a Samba PDC using LDAP and I found one great howto along with a awesome script.

So you install a minimal centos 4.0 system, then do the following.

CODE
yum update
yum install mc samba-common samba openldap-clients perl-XML-NamespaceSupport perl-XML-SAX glibc-kernheaders glibc-headers glibc-devel cpp perl-HTML-Tagset perl-HTML-Parser perl-Convert-ASN1 perl-URI perl-libwww-perl perl-Digest-SHA1 openldap-servers perl-LDAP gcc


then download smbldap-tools.tgz file from here to /home
http://www.majen.net/smbldap/

for the current version (as of 2005.04.13)
CODE
cd /home
wget http://www.majen.net/smbldap/smbldap-installer-1.2.1.tgz
tar -xvzf smbldap-installer-1.2.1.tgz
cd smbldap-installer
./smb-ldap.pl

answer a few questions (basic) , it adds everything to ldap and configures samba , starts up everything, once it finished, you have a fully working CentOS 4.0 samba pdc with ldap.

to add a user manualy go to (for this example user1)
CODE
cd /opt/sbin/
smbldap-useradd -m -a user1
smbldap-passwd user1
smbpasswd user1


then download from ms http://support.microsoft.com/default.aspx?kbid=173673 , and use usrmgr.exe and srvmgr.exe to manage this domain controller (add delete users etc...)

note : you might wish to take a look at you /etc/samba/smb.conf file
I did the following :
uncomented delete user script
uncomented delete group script

and disabled roaming profiles (cause I have wireless here and even 70MB takes a lot of time to transfer at a max of 500~ kbyte/s
UPDATE
to disable roaming profiles under smbldap-installer/templates
edit smbldap.conf
and change the following
userSmbHome=
userProfile=

Once I find out how to install IDEALIX IMC , I will post that to, its a web based management tool , for managing samba domain controllers, from the screenshots I think it rocks.

Sincerely
Robert B

ps.: reading the entire documentation won't hurt. http://www.majen.net/smbldap/Samba-LDAP_sm...taller-1_2.html
Robert83
Backup Domain Controller (BDC) for the Primary Domain Controller (PDC)


Once again you install a minimal CentOS 4.x system, full update it with.

CODE
yum update
yum install mc samba-common samba openldap-clients perl-XML-NamespaceSupport perl-XML-SAX glibc-kernheaders glibc-headers glibc-devel cpp perl-HTML-Tagset perl-HTML-Parser perl-Convert-ASN1 perl-URI perl-libwww-perl perl-Digest-SHA1 openldap-servers perl-LDAP gcc


http://www.majen.net/smbldap/ go to this webpage to download THE EXACT SAME version of smbldap-tools you used to install the PDC, THE EXACT SAME NUMBERS!!!. And user the SAME domain names and passwords.

CODE
cd /home
wget http://www.majen.net/smbldap/archive/smbldap-installer-1.2.1.tgz
tar -xvzf smbldap-installer-1.2.1.tgz
cd smbldap-installer
./smb-ldap.pl



You already know which tools to use as described just above in the PDC setup guide. Will skip a few steps so that I can stop repeating myself and go into the real thing.

The first thing you must do is change on this BDC the following in
/etc/samba/smb.conf
CODE
domain master = no
wins support = no
wins server = ip_address_of_pdc_server


Don't forget to change the Share Definitions in your smb.conf file on the BDC as well to suit your needs.

Now you do the following on the BDC server , make sure samba is started up (/etc/init.d/smb start)
CODE
net rpc getsid
net join


you will be asked for the same password you use to join your windows clients to the samba domain.

the using Midnight Commander's or just mc ssh link or some other means whatever you like (easy is mc , then you select left and chose ssh and type in ip of server pdc, it looks like norton commander), copy from the pdc server /var/lib/ldap directory to bdc server /var/lib/ldap.

Berore the copy takes place make sure you stop the ldap server (/etc/init.d/ldap stop) on the bdc.

After the copy finished make sure that all files under /var/lib/ldap are owned by user ldap group ldap
CODE
cd /var/lib/ldap
chown ldap.ldap *


now you'll configure the slave ldap server on the bdc server like this
/etc/openldap/ldap.conf
CODE
HOST 192.168.1.109


you can use whatever ip you like, I'm only writing down the modifications you have to make, leave the rest alone.

/etc/openldap/slapd.conf

CODE
updatedn    cn=Manager,dc=yourdomainname,dc=com
updateref    ldap://192.168.1.104


instead of yourdomainname you type your real domain name you used for the pdc, and instead of that ip you type the ip of the pdc.

now you can start this ldap server on the bdc server

/etc/init.d/ldap start

On the PDC server you do the following modifications to your ldap config

/etc/openldap/ldap.conf

CODE
HOST 192.168.1.104


/etc/openldap/slapd.conf

CODE
replica          host=192.168.1.109
                     suffix="dc=yourdomainnamehere,dc=com"
                     binddn="cn=Manager,dc=yourdomainnamehere,dc=com"
                     bindmethod=simple credentials=yourpassword

replogfile      /var/lib/ldap/replogfile


now restart ldap here as well

CODE
/etc/init.d/ldap restart


now you can try adding a user to you pdc server, via usrmgr.exe from windows or directly with smbldap-tools, then look into /var/lib/ldap/replica directory and you can see what happened in those log files, if you go to bdc server, and type the following.

CODE
id username


it must returnt the exact same id as the pdc server does.

Amongs other things you should also copy over the /var/lib/samba directory from the samba pdc to the samba bdc , so if the pdc is dead for some reason clients loging into the network will run their startup script.

You can have as many bdc servers as you want , in fact you can even have them in different subnets, just make sure that you specify the following in the PDC config (ONLY WITH DIFFERENT SUBNETS)

/etc/samba/smb.conf

CODE
remote announce = 192.168.11.255/YOURDOMAIN 192.168.1.255/YOURDOMAIN
remote browse sync = 192.168.1.255 192.168.11.255


for the first parameter the foreign subnets are first, and your local subnet is last, for second parameter
your local subnet is first foreign subnet is last.

Sincerely
Robert B
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.