Professional Documents
Culture Documents
04 LTS (Lucid)
hostname: eng
13
( !! )
domain name: eng.lnweng.com
My LDAP: lnweng.com
123456 ****
user: eng
123456
Assumptions
Ubuntu Server 10.04 is installed.
os
/etc/apt/sources.list
apt-get update
reboot
13
/etc/hostname : eng.lnweng.com
nano /etc/hostname
127.0.1.1
127.0.1.1 eng eng.lnweng.com
13
set
1 webmin
package ( webmin )
apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl
13
apt-show-versions libapt-pkg-perl
13
webmin_1.470_all.deb Desktop
dpkg -i webmin_1.510-2_all.deb
webmin
http://localhost:10000/
13
toolbar Firefox
Edit -> Preferences
13
Add Exception
Get Certificate
Confirm Security Exception
13
Browser cert
cert
browser
13
proceed anyway
login webmin
case 2. Firefox
13
13
login webmin
13
webmin
2 openldap
13
Yes
protocol LDAPv2 No
openldap
/etc/init.d/slapd restart
13
ldif file
backeng.ldif
nano backend.ldif
copy
13
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=lnweng,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=lnweng,dc=com
olcRootPW: 123456
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=lnweng,dc=com" write by
anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
13
samba
13
samba
samba /etc/samba/
cd /etc/samba/
smb.conf
cp smb.conf smb.conf.original
nano smb.conf
13
[global]
# Domain name ..
workgroup = LNWENG
# Server name - as seen by Windows PCs ..
netbios name = ENG
# Be a PDC ..
domain logons = Yes
domain master = Yes
# Be a WINS server ..
wins support = true
# Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del
unix password sync = no
ldap passwd sync = yes
13
# 4 OUs that Samba uses when creating user accounts, computer accounts, etc.
# (Because we are using smbldap-tools, call them 'Users', 'Computers', etc.)
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
# Samba and LDAP server are on the same server in this example.
ldap ssl = no
# Scripts for Samba to use if it creates users, groups, etc.
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
13
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
browseable = No
logon script = allusers.bat
[Profiles]
13
[printers]
comment = All Printers
path = /var/spool/samba
use client driver = Yes
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
public = yes
writable = yes
admin users = root
write list = root
[print$]
comment = Printer Drivers Share
path = /var/lib/samba/printers
write list = root
create mask = 0664
directory mask = 0775
admin users = root
[shared]
writeable = yes
path = /var/lib/samba/shared
public = yes
browseable = yes
[archive]
path = /exports/archive
browseable = yes
create mask = 755
directory mask = 755
read only = no
( )
4
13
2 smb.conf
13
smb.conf list
Ls /etc/samba
file smb.conf
cat /etc/samba/smb.conf
restart samba
13
samba samba-client
sudo smbclient -L localhost
: workgroup LNWENG
Master ENG
reboot smbclient -L localhost
( service smbd restart update )
profile netlogon
sudo mkdir -v -m 777 /var/lib/samba/profiles
13
Schema ldif
schema_convert.conf
nano schema_convert.conf
copy
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
13
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/samba.schema
Slapcat cn=samba.ldif
cn=samba.ldif
/tmp
13
dn: cn={12}samba,cn=schema,cn=config
cn: {12}samba
dn: cn=samba,cn=schema,cn=config
13
cn: samba
13
schema server
query
sudo ldapsearch -Y EXTERNAL -H ldapi:/// -D cn=admin,cn=config -b cn=config -W
olcDatabase={1}hdb
13
ldap server
samba
ldap samba
net getlocalsid
13
perl script
13
error script
populate server
13
sudo smbldap-populate
permission stop,start
sudo chown openldap:openldap /var/lib/ldap/*
sudo /etc/init.d/slapd stop
sudo slapindex
sudo chown openldap:openldap /var/lib/ldap/*
sudo /etc/init.d/slapd start
13
13
13
13
13
error
ldap.conf
nano /etc/ldap.conf
13
host 127.0.0.1
uri ldap://127.0.0.1/
rootbinddn cn=admin,dc=lnweng,dc=com
bind_policy soft
13
13
/etc/ldap.conf /etc/ldap/ldap.conf
cp /etc/ldap.conf /etc/ldap/ldap.conf
/etc/auth-client-config/profile.d/open_ldap
nano /etc/auth-client-config/profile.d/open_ldap
[open_ldap]
nss_passwd=passwd: compat ldap
nss_group=group: compat ldap
nss_shadow=shadow: compat ldap
pam_auth=auth
required pam_env.so
auth
auth
required pam_deny.so
13
auth
13
/etc/nsswitch.conf
cp /etc/nsswitch.conf /etc/nsswitch.conf.original
/etc/pam.d/
cd /etc/pam.d/
mkdir lnwengbackup
13
cp * lnwengbackup/
user database
sudo smbldap-useradd -a -m -P eng001
user
13
13
XD
ldap dns
13
O_O!!
login webmin
13
= eng = 123456
13
13
Create
13
"Apply configuration"
ip
13
ifconfig
13
create address
address 0 1 ;D
dns
/etc/resolv.conf
nano /etc/resolv.conf
resolv.conf
resolv.conf
13
search lnweng.com
nameserver 192.168.158.130
reboot
workstation ldap
workstation
smbldap-useradd -w client-eng01
windows xp professional sp2-3
-
client-eng01
13
- windows
13
computer name
13
change
domain domain
lnweng ok
13
server login
13
ok
13
yes
ctrl+alt+delete login
13
option
domain server
ok
13
windows
13
sudo apt-get install apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2common libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap php5-
13
/etc/php5/apache2/php.ini
13
nano /etc/php5/apache2/php.ini
ServeName eng.lnweng.com
apache2
/etc/init.d/apache2 restart
phpldapadmin
wget https://launchpad.net/~ubuntu-security-
13
proposed/+archive/ppa/+build/1744905/+files/phpldapadmin_1.2.0.5-1ubuntu1.10.04.1_all.deb
13
soft link
config.php
/etc/phpldapadmin/config.php
$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');
13
$servers->setValue('login','bind_id','cn=admin,dc=lnweng,dc=com');
apache2
/etc/init.d/apache2 restart
13
http://localhost/phpldapadmin/
login login
13
login search
domain dc=lnweng
13
dc=lnweng
user
: uid $
client-eng01
13
http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10
http://ubuntuforums.org/showthread.php?t=640760
http://islandlinux.org/howto/installing-samba-openldap-ubuntu#configure_samba
http://spalinux.com/category/ldap
http://spalinux.com/category/samba
http://www.samba.org
http://www.openldap.org
http://tuxnetworks.blogspot.com/2010/06/howto-phpldapadmin-on-1004-lucid-lynx.html
http://tuxnetworks.blogspot.com/2010/07/howto-samba-ldap-on-1004-lucid-short.html