Академический Документы
Профессиональный Документы
Культура Документы
De Documentacao
Tabela de conteúdo
1 Configuração
2 WebMin
3 OpenLDAP
4 Samba
4.1 Instalação do Samba
4.1.1 Habilitando o LDAP para Funcionar com o Samba
4.2 Configuração do Samba
4.3 Configurar o SMBLDAP-TOOLS
4.4 Populando o LDAP com informações default
4.5 Cadastrando um usuário inicial no LDAP
5 Habilitando autenticação LDAP no servidor Unix
6 Instalação da Interface Gráfica de Gerenciamento "GOsa2" (opcional)
Configuração
- Ubuntu Server 8.04 AMD64 - Hostname: terra.ft.unicamp.br
WebMin
- Download e Instalação do WebMin:
# wget http://prdownloads.sourceforge.net/webadmin/webmin_1.500_all.deb
# apt-get install libnet-ssleay-perl openssl libauthen-pam-perl libio-pty-perl libmd5-perl
# dpkg -i webmin_1.500_all.deb
OpenLDAP
- Instalação do OpenLDAP:
- Configuração do LDAP:
# dpkg-reconfigure slapd
No
DNS domain name: ft.unicamp.br
Name of your organization: ft.unicamp.br
Admin password: <senha>
Confirm password: <senha>
OK
HDB
No
Yes
No
Samba
Instalação do Samba
# apt-get install samba smbldap-tools smbclient samba-doc
# cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/
# gzip -d /etc/ldap/schema/samba.schema.gz
# vim /etc/ldap/slapd.conf
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/misc.schema
Alterar a linha
access to attrs=userPassword,shadowLastChange
por:
access to attrs=userPassword,sambaNTPassword,sambaLMPassword,shadowLastChange
Reiniciar o LDAP
# /etc/init.d/slapd restart
Configuração do Samba
Fazer um backup do smb.conf
cd /etc/samba
cp smb.conf smb.conf.original
workgroup = FT
security = user
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no
#######################################################################
#
# Begin: Custom LDAP Entries
#
ldap admin dn = cn=admin,dc=ft,dc=unicamp,dc=br
ldap suffix = dc=ft,dc=unicamp,dc=br
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
; Do ldap passwd sync
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
domain logons = yes
#
# End: Custom LDAP Entries
#
#####################################################
logon path =
Reinicie o samba :
# /etc/init.d/samba restart
# smbpasswd -w <senha>
Configurar o SMBLDAP-TOOLS
Copiar as configurações de exemplo do smbldap-tools:
# cd /usr/share/doc/smbldap-tools/examples/
# cp smbldap_bind.conf /etc/smbldap-tools/
# cp smbldap.conf.gz /etc/smbldap-tools/
# gzip -d /etc/smbldap-tools/smbldap.conf.gz
# cd /etc/smbldap-tools/
# net getlocalsid
SID for domain TERRA is: S-1-5-21-758858886-1708703244-130941401
# vim smbldap.conf
# vim smbldap_bind.conf
slaveDN="cn=admin,dc=ft,dc=unicamp,dc=br"
slavePw="<senha>"
masterDN="cn=admin,dc=ft,dc=unicamp,dc=br"
masterPw="<senha>"
Altere as permissões dos arquivos de configuração:
# <senha>
# smbldap-passwd marcelo
# vim /etc/ldap.conf
host 127.0.0.1
base dc=ft,dc=unicamp,dc=br
uri ldap://127.0.0.1/
rootbinddn cn=admin,dc=ft,dc=unicamp,dc=br
bind_policy soft
# cp /etc/ldap.conf /etc/ldap/ldap.conf
# vim /etc/auth-client-config/profile.d/open_ldap
[open_ldap]
nss_passwd=passwd: compat ldap
nss_group=group: compat ldap
nss_shadow=shadow: compat ldap
pam_auth=auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
pam_account=account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
pam_password=password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
pam_session=session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel/
session required pam_unix.so
session optional pam_ldap.so
# cp /etc/nsswitch.conf /etc/nsswitch.conf.original
# cd /etc/pam.d/
# mkdir bkup
# cp * bkup/
# auth-client-config -a -p open_ldap
# reboot
# cp /usr/share/doc/gosa/contrib/openldap/* /etc/ldap/schema/
# gunzip /etc/ldap/schema/*.gz
# vim /etc/ldap/slapd.conf
Altere a linha:
include /etc/ldap/schema/samba.schema
por:
include /etc/ldap/schema/samba3.schema
#Atributos do GOsa2
include /etc/ldap/schema/gosystem.schema
include /etc/ldap/schema/gofon.schema
include /etc/ldap/schema/goto.schema
include /etc/ldap/schema/gosa+samba3.schema
include /etc/ldap/schema/gofax.schema
include /etc/ldap/schema/goserver.schema
Obtido em "http://wiki.ft.unicamp.br/Servidor_Samba_com_OpenLdap"
Esta página foi modificada pela última vez às 19h01min, 19 de janeiro de 2010.
Conteúdo disponível sob GNU Free Documentation License 1.2.