0 оценок0% нашли этот документ полезным (0 голосов)
48 просмотров8 страниц
This document provides instructions for connecting Open-E systems to an external LDAP server and managing user accounts. Key steps include:
- Configuring both Open-E systems to use the same software version, workgroup, and LDAP setup (internal vs external) for authentication.
- Building the basic LDAP directory structure and ensuring the sambaDomainName matches the workgroup name set on Open-E clients.
- Creating user accounts with matching sambaID and primary group sambaID attributes to enable Samba access. The sambaID should be derived from the sambaDomainName entry.
This document provides instructions for connecting Open-E systems to an external LDAP server and managing user accounts. Key steps include:
- Configuring both Open-E systems to use the same software version, workgroup, and LDAP setup (internal vs external) for authentication.
- Building the basic LDAP directory structure and ensuring the sambaDomainName matches the workgroup name set on Open-E clients.
- Creating user accounts with matching sambaID and primary group sambaID attributes to enable Samba access. The sambaID should be derived from the sambaDomainName entry.
This document provides instructions for connecting Open-E systems to an external LDAP server and managing user accounts. Key steps include:
- Configuring both Open-E systems to use the same software version, workgroup, and LDAP setup (internal vs external) for authentication.
- Building the basic LDAP directory structure and ensuring the sambaDomainName matches the workgroup name set on Open-E clients.
- Creating user accounts with matching sambaID and primary group sambaID attributes to enable Samba access. The sambaID should be derived from the sambaDomainName entry.
- use the same software version on both systems, - use the same workgroup on both systems, - the source system should be configured with Internal LDAP, while the destination system uses Eternal LDAP to connect to the source system! All advanced settings should be left at default values! 2. Open-E system as client + LDAP server withot !am"a #here calle$ !%&A': - build the basic LDAP structure on "#$A% dn: dc=server,dc=nas dn: cn=admin,dc=server,dc=nas dn: ou=People,dc=server,dc=nas dn: ou=Computers,dc=server,dc=nas dn: ou=Groups,dc=server,dc=nas dn: cn=users,ou=Groups,dc=server,dc=nas - and % dn: sambaDomainName=workgroup_name,dc=server,dc=nas - for eample, if "#$A contains the entry% sambaDomainName=WO!GO"P,dc=server,dc=nas set the workgroup name on the &pen-E system also to '&#()#&*P, - there must be compatibility in samba"ID between the sambaDomain+ame entry and the entries for users and groups! If you need to rewrite samba"ID values for your users and groups, see the sections ,! and -! below! ................................................................................... (. Open-E system as client + E)ternal LDAP server with !am"a #here calle$ !%&*' "#$A configuration% - make sure the following line is present in the "amba config file /smb!conf0% domain logons = #es - create the basic LDAP structure /as detailed in point 1 above0 without a sambaDomain+ame entry /this entry will be automatically generated by "amba0, - use the same workgroup name on both the server and the client! +. ,ow to chec- !am"a!.Ds an$ why are they important/ 2irst of all, you need to check the eisting samba"ID for your sambaDomain+ame entry! *nder Linu, you can do this using ldapsearch% ldapsearc$ %& %$ '()*'+,*)-.*- %b dc=server,dc=nas %D cn=admin,dc=server,dc=nas %w secret where% 341!356!1,7!, - ldap server dc8server,dc8nas - basedn cn8admin,dc8server,dc8nas - rootdn secret - password 9elow you can find eample output from the ldapsearch command! :his record was generated in LDAP for a server using "amba with domain logons set to no /therefore, it is based on net9I&" name of the connecting server0! In this eample the net9I&" name is D""% / D00, server*nas dn: sambaDomainName=D00,dc=server,dc=nas sambaDomainName: D00 samba01D: 0%'%2%)'%),(++3))+,%-43'444)(%-').'(-4). samba5lgorit$micid6ase: '333 ob7ectClass: sambaDomain sambaNe&t"serid: '333 samba8inPwd9engt$: 2 sambaPwd:istor#9engt$: 3 samba9ogon;oC$gPwd: 3 samba8a&Pwd5ge: %' samba8inPwd5ge: 3 samba9ockoutDuration: .3 samba9ockoutObservationWindow: .3 samba9ockout;$res$old: 3 samba<orce9ogo==: %' sambae=use8ac$inePwdC$ange: 3 In contrast, this is a record generated for a server using "amba with domain logons set to #es /therefore, it is based on the workgroup name0! In this case the workgroup name is '&#()#&*P /this record will be automatically added after connecting the storage server to the LDAP server0 / WO!GO"P, server*nas dn: sambaDomainName=WO!GO"P,dc=server,dc=nas sambaDomainName: WO!GO"P samba01D: 0%'%2%)'%+44(32)-(%'(2424(().%-))'('(..) samba5lgorit$micid6ase: '333 ob7ectClass: sambaDomain sambaNe&t"serid: '333 samba8inPwd9engt$: 2 sambaPwd:istor#9engt$: 3 samba9ogon;oC$gPwd: 3 samba8a&Pwd5ge: %' samba8inPwd5ge: 3 samba9ockoutDuration: .3 samba9ockoutObservationWindow: .3 samba9ockout;$res$old: 3 samba<orce9ogo==: %' sambae=use8ac$inePwdC$ange: 3 As you can see the samba"IDs for these two entries are different! :his situation may occur when you connect "amba servers with different domain logons values to the same LDAP server! "ince users can have only one samba"ID, the result of this would be that only one of these two servers would have "amba access /because the LDAP users; samba"IDs can only be compatible with one sambaDomain+ame samba"ID0! :he solution is to use the same samba"ID for both the sambaDomain+ame entries! 2ollowing the previous eample, we can rewrite the samba"ID value from our old record ;dn% sambaDomain+ame8D"",dc8server,dc8nas; to record ;dn% sambaDomain+ame8'&#()#&*P,dc8server,dc8nas; <ow to do this in Linu= >reate a file called ;modify; with the following content% dn: sambaDomainName=WO!GO"P,dc=server,dc=nas replace: samba01D samba01D: 0%'%2%)'%),(++3))+,%-43'444)(%-').'(-4). where% a0 '&#()#&*P is the workgroup name that you indicated in your D"", b0 "-3---13-16455?1156-,@?3@@@14-,31734,@17 - correct samba"ID value /you can get this from the record ;dn%sambaDomain+ame8D"",dc8server,dc8nas;0 net type% ldapmodi=# %$ ')4*3*3*' %D cn=admin,dc=server,dc=nas %w secret %r %& %= modi=# where% 31@!?!?!3 - IP of LDAP server cn8admin,dc8server,dc8nas - rootdn /you can get this from AetcAldapAslapd!conf0 secret - password modify - your file After these modifications you must restart "amba /please restart your D"" or click again APPLB in the Authentication Cethod bo which will cause "amba to be restarted0! 0. !etting p ser sam"a!.Ds 'hen creating users for the eternal LDAP, you need to pay special attention to their samba"IDs! >orrect "amba entries for a user look like the following eample% uidNumber: '33' samba01D: 0%'%2%)'%),(++3))+,%-43'444)(%-').'(-4).%.33) gidNumber: '333 sambaPrimar#Group01D: 0%'%2%)'%),(++3))+,%-43'444)(%-').'(-4).%.33' As you can see, there is a ,-digit number appended to the regular samba"ID /which is taken from the '&#()#&*P eample above0! :his is generated in the following manner% samba"ID% uid+umber D 1 E 3??? sambaPrimary)roup"ID% gid+umber D 1 E 3??3 :hese entries must always match and conform to the schema above F otherwise the user will not be able to connect via "C9! Please also note the user password must always be encrypted using >#BP:! A proper entry looks like this% userPassword% G>#BP:HemaDInIPfs#@A 1. An e)ample LDAP $mp :his is an eample LDAP dump with 1 users and a single group! dn% dc8server,dc8nas obJect>lass% top obJect>lass% dc&bJect obJect>lass% organiKation o% server dc% server dn% cn8admin,dc8server,dc8nas obJect>lass% simple"ecurity&bJect obJect>lass% organiKational#ole cn% admin description% LDAP administrator userPassword% secret dn% ou8employees,dc8server,dc8nas obJect>lass% top obJect>lass% organiKational*nit ou% employees dn% cn8Lames 9ond,ou8employees,dc8server,dc8nas obJect>lass% inet&rgPerson obJect>lass% samba"amAccount obJect>lass% posiAccount obJect>lass% top given+ame% Lames sn% 9ond cn% Lames 9ond uid% Jbond mail% James!bondMcompany!com uid+umber% 3??? samba"ID% "-3---13-16455?1156-,@?3@@@14-,31734,@17-7??? sambaPwdLast"et% 31164,3,63 userPassword% G>#BP:HL&*IBm?->b1E sambaLCPassword% E-1>A>5@,34A4A11,A793?6272A5>95D samba+:Password% 66,52@EAEE62933@AD?59DD67?9@-65> gid+umber% 3??? sambaPrimary)roup"ID% "-3---13-16455?1156-,@?3@@@14-,31734,@17-7??3 homeDirectory% AhomeAusersA"amba)roupAnd sambaAcct2lags% N*O dn% cn8Lason 9ourne,ou8employees,dc8server,dc8nas obJect>lass% inet&rgPerson obJect>lass% samba"amAccount obJect>lass% posiAccount obJect>lass% top given+ame% Lason sn% 9ourne cn% Lason 9ourne uid% Jbourne mail% Jason!bourneMcompany!com uid+umber% 3??3 samba"ID% "-3---13-16455?1156-,@?3@@@14-,31734,@17-7??1 sambaPwdLast"et% 31164,3,63 userPassword% G>#BP:HemaDInIPfs#@A sambaLCPassword% E-1>A>5@,34A4A11,A793?6272A5>95D samba+:Password% 66,52@EAEE62933@AD?59DD67?9@-65> gid+umber% 3??? sambaPrimary)roup"ID% "-3---13-16455?1156-,@?3@@@14-,31734,@17-7??3 homeDirectory% AhomeAusersA"amba)roupAurne sambaAcct2lags% N*O dn% ou8groups,dc8server,dc8nas obJect>lass% top obJect>lass% organiKational*nit ou% groups dn% cn8"amba)roup,ou8groups,dc8server,dc8nas obJect>lass% posi)roup obJect>lass% samba)roupCapping obJect>lass% top cn% "amba)roup display+ame% "amba)roup gid+umber% 3??? samba"ID% "-3---13-16455?1156-,@?3@@@14-,31734,@17-7??3 samba)roup:ype% 1 dn% sambaDomain+ame87-33,dc8server,dc8nas sambaDomain+ame% 7-33 samba"ID% "-3---13-16455?1156-,@?3@@@14-,31734,@17 sambaAlgorithmic#id9ase% 3??? obJect>lass% sambaDomain samba+et*ser#id% 3??? VERSION HISTORY $ersion number Date Author +otes 3!?? 34A3?A1??4 "Kymon Duda Initial version
Learn Python Programming for Beginners: Best Step-by-Step Guide for Coding with Python, Great for Kids and Adults. Includes Practical Exercises on Data Analysis, Machine Learning and More.
Microsoft 365 Guide to Success: 10 Books in 1 | Kick-start Your Career Learning the Key Information to Master Your Microsoft Office Files to Optimize Your Tasks & Surprise Your Colleagues | Access, Excel, OneDrive, Outlook, PowerPoint, Word, Teams, etc.
CODING FOR ABSOLUTE BEGINNERS: How to Keep Your Data Safe from Hackers by Mastering the Basic Functions of Python, Java, and C++ (2022 Guide for Newbies)
Microsoft PowerPoint Guide for Success: Learn in a Guided Way to Create, Edit & Format Your Presentations Documents to Visual Explain Your Projects & Surprise Your Bosses And Colleagues | Big Four Consulting Firms Method
Microsoft Excel Guide for Success: Transform Your Work with Microsoft Excel, Unleash Formulas, Functions, and Charts to Optimize Tasks and Surpass Expectations [II EDITION]
Modern Tkinter for Busy Python Developers: Quickly Learn to Create Great Looking User Interfaces for Windows, Mac and Linux Using Python's Standard GUI Toolkit