Linuxhelp > Centos 4.0 Samba Pdc With Ldap

Full Version: Centos 4.0 Samba Pdc With Ldap

Robert83

Apr 13 2005, 11:08 AM

Hello everyone,

I was searching the net to do a Samba PDC using LDAP and I found one great howto along with a awesome script.

So you install a minimal centos 4.0 system, then do the following.

CODE

yum update
yum install mc samba-common samba openldap-clients perl-XML-NamespaceSupport perl-XML-SAX glibc-kernheaders glibc-headers glibc-devel cpp perl-HTML-Tagset perl-HTML-Parser perl-Convert-ASN1 perl-URI perl-libwww-perl perl-Digest-SHA1 openldap-servers perl-LDAP gcc

then download smbldap-tools.tgz file from here to /home
http://www.majen.net/smbldap/

for the current version (as of 2005.04.13)

CODE

cd /home
wget http://www.majen.net/smbldap/smbldap-installer-1.2.1.tgz
tar -xvzf smbldap-installer-1.2.1.tgz
cd smbldap-installer
./smb-ldap.pl

answer a few questions (basic) , it adds everything to ldap and configures samba , starts up everything, once it finished, you have a fully working CentOS 4.0 samba pdc with ldap.

to add a user manualy go to (for this example user1)

CODE

cd /opt/sbin/
smbldap-useradd -m -a user1
smbldap-passwd user1
smbpasswd user1

then download from ms http://support.microsoft.com/default.aspx?kbid=173673 , and use usrmgr.exe and srvmgr.exe to manage this domain controller (add delete users etc...)

note : you might wish to take a look at you /etc/samba/smb.conf file
I did the following :
uncomented delete user script
uncomented delete group script

and disabled roaming profiles (cause I have wireless here and even 70MB takes a lot of time to transfer at a max of 500~ kbyte/s
UPDATE
to disable roaming profiles under smbldap-installer/templates
edit smbldap.conf
and change the following
userSmbHome=
userProfile=

Once I find out how to install IDEALIX IMC , I will post that to, its a web based management tool , for managing samba domain controllers, from the screenshots I think it rocks.

Sincerely
Robert B

ps.: reading the entire documentation won't hurt. http://www.majen.net/smbldap/Samba-LDAP_sm...taller-1_2.html

Robert83

Jun 22 2006, 03:21 AM

Backup Domain Controller (BDC) for the Primary Domain Controller (PDC)

Once again you install a minimal CentOS 4.x system, full update it with.

CODE

http://www.majen.net/smbldap/ go to this webpage to download THE EXACT SAME version of smbldap-tools you used to install the PDC, THE EXACT SAME NUMBERS!!!. And user the SAME domain names and passwords.

CODE

cd /home
wget http://www.majen.net/smbldap/archive/smbldap-installer-1.2.1.tgz
tar -xvzf smbldap-installer-1.2.1.tgz
cd smbldap-installer
./smb-ldap.pl

You already know which tools to use as described just above in the PDC setup guide. Will skip a few steps so that I can stop repeating myself and go into the real thing.

The first thing you must do is change on this BDC the following in
/etc/samba/smb.conf

CODE

domain master = no
wins support = no
wins server = ip_address_of_pdc_server

Don't forget to change the Share Definitions in your smb.conf file on the BDC as well to suit your needs.

Now you do the following on the BDC server , make sure samba is started up (/etc/init.d/smb start)

CODE

net rpc getsid
net join

you will be asked for the same password you use to join your windows clients to the samba domain.

the using Midnight Commander's or just mc ssh link or some other means whatever you like (easy is mc , then you select left and chose ssh and type in ip of server pdc, it looks like norton commander), copy from the pdc server /var/lib/ldap directory to bdc server /var/lib/ldap.

Berore the copy takes place make sure you stop the ldap server (/etc/init.d/ldap stop) on the bdc.

After the copy finished make sure that all files under /var/lib/ldap are owned by user ldap group ldap

CODE

cd /var/lib/ldap
chown ldap.ldap *

now you'll configure the slave ldap server on the bdc server like this
/etc/openldap/ldap.conf

CODE

HOST 192.168.1.109

you can use whatever ip you like, I'm only writing down the modifications you have to make, leave the rest alone.

/etc/openldap/slapd.conf

CODE

updatedn cn=Manager,dc=yourdomainname,dc=com
updateref ldap://192.168.1.104

instead of yourdomainname you type your real domain name you used for the pdc, and instead of that ip you type the ip of the pdc.

now you can start this ldap server on the bdc server

/etc/init.d/ldap start

On the PDC server you do the following modifications to your ldap config

/etc/openldap/ldap.conf

CODE

HOST 192.168.1.104

/etc/openldap/slapd.conf

CODE

replica          host=192.168.1.109
                     suffix="dc=yourdomainnamehere,dc=com"
                     binddn="cn=Manager,dc=yourdomainnamehere,dc=com"
                     bindmethod=simple credentials=yourpassword

replogfile      /var/lib/ldap/replogfile

now restart ldap here as well

CODE

/etc/init.d/ldap restart

now you can try adding a user to you pdc server, via usrmgr.exe from windows or directly with smbldap-tools, then look into /var/lib/ldap/replica directory and you can see what happened in those log files, if you go to bdc server, and type the following.

CODE

id username

it must returnt the exact same id as the pdc server does.

Amongs other things you should also copy over the /var/lib/samba directory from the samba pdc to the samba bdc , so if the pdc is dead for some reason clients loging into the network will run their startup script.

You can have as many bdc servers as you want , in fact you can even have them in different subnets, just make sure that you specify the following in the PDC config (ONLY WITH DIFFERENT SUBNETS)

/etc/samba/smb.conf

CODE

remote announce = 192.168.11.255/YOURDOMAIN 192.168.1.255/YOURDOMAIN
remote browse sync = 192.168.1.255 192.168.11.255

for the first parameter the foreign subnets are first, and your local subnet is last, for second parameter
your local subnet is first foreign subnet is last.

Sincerely
Robert B

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.