From 8734c9d5e8f146ba44189fb33cde6ecc2943e991 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Fri, 4 Mar 2005 07:07:44 +0000 Subject: Updating in readiness for 3.0.12 (This used to be commit 40b6b9752607be6edd5fabaa21d8d2da4f48dc41) --- docs/Samba-Guide/Chap06-MakingHappyUsers.xml | 566 ++++++++++++++++++--------- 1 file changed, 372 insertions(+), 194 deletions(-) diff --git a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml index 4f72876dc2..21a328cedb 100644 --- a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml +++ b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml @@ -9,7 +9,12 @@ ]> - Making Users Happy + Making Happy Users + + +This chapter is under reconstruction/modification. The data here is incomplete at this time. +Please check back in a few days time as the contents are undergoing change. + It has been said, A day that is without troubles is not fulfilling. Rather, give @@ -964,11 +969,17 @@ Red Hat Linux - All configuration files and locations are shown for SUSE Linux 9.0. The file locations for - Red Hat Linux are similar. You may need to adjust the locations for your particular - Linux system distribution/implementation. + All configuration files and locations are shown for SUSE Linux 9.2 and are equaly valid for SUSE + Linux Enterprise Server 9. The file locations for Red Hat Linux are similar. You may need to + adjust the locations for your particular Linux system distribution/implementation. + +The following information applies to Samba-3.0.12 when used with the Idealx smbldap-tools scripts +version 0.8.7. If using a different version of Samba, or of the smbldap-tools tarball, please +verify that the versions you are about to use are matching. + + The steps in the process involve changes from the network configuration shown in . @@ -1000,7 +1011,7 @@ SUSE Linux 8.x - SUSE Linux 9 + SUSE Linux 9.x Red Hat Linux 9 @@ -1055,8 +1066,6 @@ follow these guidelines, the resulting system should work fine. - - /etc/openldap/slapd.conf @@ -1066,16 +1075,16 @@ - /var/lib/ldap + /data/ldap group account user account - Remove all files from the directory /var/lib/ldap, making certain that + Remove all files from the directory /data/ldap, making certain that the directory exists with permissions: -&rootprompt; ls -al /var/lib | grep ldap +&rootprompt; ls -al /data | grep ldap drwx------ 2 ldap ldap 48 Dec 15 22:11 ldap This may require you to add a user and a group account for LDAP if they do not exist. @@ -1091,12 +1100,20 @@ include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema -include /etc/openldap/schema/samba.schema +include /etc/openldap/schema/samba3.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args -database ldbm +access to * + by self write + by users read + by anonymous auth + +database bdb +checkpoint 1024 5 +cachesize 10000 + suffix "dc=abmas,dc=biz" rootdn "cn=Manager,dc=abmas,dc=biz" @@ -1198,40 +1215,52 @@ index default sub Configuration File for NSS LDAP Support &smbmdash; <filename>/etc/ldap.conf</filename> -SIZELIMIT 200 -TIMELIMIT 15 -DEREF never - host 127.0.0.1 + base dc=abmas,dc=biz + binddn cn=Manager,dc=abmas,dc=biz bindpw not24get +timelimit 50 +bind_timelimit 50 +bind_policy hard + +idle_timelimit 3600 + pam_password exop -nss_base_passwd ou=People,dc=abmas,dc=biz?one -nss_base_shadow ou=People,dc=abmas,dc=biz?one +nss_base_passwd ou=People,dc=abmas,dc=biz?one +nss_base_shadow ou=People,dc=abmas,dc=biz?one nss_base_group ou=Groups,dc=abmas,dc=biz?one + +ssl off Configuration File for NSS LDAP Clients Support &smbmdash; <filename>/etc/ldap.conf</filename> -SIZELIMIT 200 -TIMELIMIT 15 -DEREF never +host 172.16.0.1 -host 172.16.0.1 base dc=abmas,dc=biz + binddn cn=Manager,dc=abmas,dc=biz bindpw not24get +timelimit 50 +bind_timelimit 50 +bind_policy hard + +idle_timelimit 3600 + pam_password exop nss_base_passwd ou=People,dc=abmas,dc=biz?one nss_base_shadow ou=People,dc=abmas,dc=biz?one nss_base_group ou=Groups,dc=abmas,dc=biz?one + +ssl off @@ -1317,10 +1346,11 @@ session optional pam_mail.so Samba RPM Packages - Verify that the Samba-3.0.2 (or later) packages are installed on each SUSE Linux server - before following the steps below. If Samba-3.0.2 (or later) is not installed, you have the + Verify that the Samba-3.0.12 (or later) packages are installed on each SUSE Linux server + before following the steps below. If Samba-3.0.12 (or later) is not installed, you have the choice to either build your own or to obtain the packages from a dependable source. - Packages for SUSE Linux 8.2 and 9.0, and Red Hat 9.0 are included on the CD-ROM that + Packages for SUSE Linux 8.x, 9.x and SUSE Linux Enterprise Server 9, as well as for + Red Hat Fedora Core and Red Hat Enteprise Linux Server 3 and 4 are included on the CD-ROM that is included at the back of this book. @@ -1331,31 +1361,40 @@ session optional pam_mail.so , , and into the /etc/samba/ directory. The three files should be added together to form the &smb.conf; - file. + master file. It is a good practice to call this file something like + smb.conf.master, and then to perform all file edits + on the master file. The operational &smb.conf; is then generated as shown in + the next step. testparm - Verify the contents of the &smb.conf; file that is generated by Samba - as it collates all the included files. You do this by executing: + Create and verify the contents of the &smb.conf; file that is generated by: + +&rootprompt; testparm -s smb.conf.master > smb.conf + + Immediately follow this with the following: -&rootprompt; testparm -s > test.conf +&rootprompt; testparm The output that is created should be free from errors, as shown here: +Load smb config files from /etc/samba/smb.conf +Processing section "[accounts]" +Processing section "[service]" +Processing section "[pidata]" Processing section "[homes]" Processing section "[printers]" Processing section "[apps]" Processing section "[netlogon]" Processing section "[profiles]" Processing section "[profdata]" -Processing section "[IPC$]" -Processing section "[accounts]" -Processing section "[service]" -Processing section "[pidata]" +Processing section "[print$]" Loaded services file OK. +Server role: ROLE_DOMAIN_PDC +Press enter to see a dump of your service definitions @@ -1404,11 +1443,16 @@ Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb A report such as the following means that the Domain Security Identifier (SID) has not yet been written to the secrets.tdb or to the LDAP backend: -[2003/12/16 22:32:20, 0] utils/net.c:net_getlocalsid(414) - Can't fetch domain SID for name: MASSIVE +[2005/03/03 23:19:34, 0] lib/smbldap.c:smbldap_connect_system(852) + failed to bind to server ldap://massive.abmas.biz with dn="cn=Manager,dc=abmas,dc=biz" Error: Can't contact LDAP server + (unknown) +[2005/03/03 23:19:48, 0] lib/smbldap.c:smbldap_search_suffix(1169) + smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out) - When the Domain has been created and written to the secrets.tdb - file, the output should look like this: + The attempt to read the SID will attempt to bind to the LDAP server. Because the LDAP server + is not running this operation will fail by way of a time out, as shown above. This is + normal output, do not worry about this error message. When the Domain has been created and + written to the secrets.tdb file, the output should look like this: SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 @@ -1448,7 +1492,7 @@ SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 of the PDC. rsync is a useful tool here as it resembles the NT replication service quite closely. If you do use NFS, do not forget to start the NFS server as follows: -&rootprompt; rcnfs start +&rootprompt; rcnfsserver start @@ -1468,6 +1512,7 @@ SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 interfaceseth1, lo bind interfaces onlyYes passdb backendldapsam:ldap://massive.abmas.biz + enable privilegesYes username map/etc/samba/smbusers log level1 syslog0 @@ -1478,18 +1523,22 @@ SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 time serverYes printcap nameCUPS show add printer wizardNo - add user script/var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' - delete user script/var/lib/samba/sbin/smbldap-userdel.pl '%u' - add group script/var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' - delete group script/var/lib/samba/sbin/smbldap-groupdel.pl '%g' - add user to group script/var/lib/samba/sbin/ - smbldap-groupmod.pl -m '%u' '%g' - delete user from group script/var/lib/samba/sbin/ - smbldap-groupmod.pl -x '%u' '%g' - set primary group script/var/lib/samba/sbin/ - smbldap-usermod.pl -g '%g' '%u' - add machine script/var/lib/samba/sbin/ - smbldap-useradd.pl -w '%u' + add user script/opt/IDEALX/sbin/smbldap-useradd -m "%u" + delete user script/opt/IDEALX/sbin/smbldap-userdel "%u" + add group script/opt/IDEALX/sbin/smbldap-groupadd -p "%g" + delete group script/opt/IDEALX/sbin/smbldap-groupdel "%g" + add user to group script/opt/IDEALX/sbin/ + smbldap-groupmod -m "%u" "%g" + delete user from group script/opt/IDEALX/sbin/ + smbldap-groupmod -x "%u" "%g" + set primary group script/opt/IDEALX/sbin/ + smbldap-usermod -g "%g" "%u" + add machine script/opt/IDEALX/sbin/ + smbldap-useradd -w "%u" + + + +LDAP Based &smb.conf; File, Server: MASSIVE &smbmdash; global Section: Part B logon scriptscripts\logon.bat logon path\\%L\profiles\%U logon driveX: @@ -1500,10 +1549,6 @@ SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 ldap machine suffixou=People ldap user suffixou=People ldap group suffixou=Groups - - - -LDAP Based &smb.conf; File, Server: MASSIVE &smbmdash; global Section: Part B ldap idmap suffixou=Idmap ldap admin dncn=Manager,dc=abmas,dc=biz idmap backendldap:ldap://massive.abmas.biz @@ -1518,43 +1563,52 @@ SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 - Install and Configure Idealx SMB-LDAP Scripts + Install and Configure Idealx smbldap-tools Scripts Idealx smbldap-tools The Idealx scripts, or equivalent, are necessary to permit Samba-3 to manage accounts - on the LDAP server. You have chosen the Idealx scripts since they are part of the - Samba-3 package distribution. On your SUSE Linux system, you find these scripts in the - /usr/share/doc/packages/samba3/Examples/LDAP/smbldap-tools - directory. On a Red Hat Linux system, they are in a similar path. If you cannot find - the scripts on your system, it is easy enough to download them from the Idealx + on the LDAP server. You have chosen the Idealx scripts since they are the best known + LDAP configuration scripts. The use of these scripts will help avoid the necessity + to create custom scripts. It is easy to download them from the Idealx Web Site. The tarball may - be directly downloaded - for this site, also. + be directly downloaded + for this site, also. Alternately, you may obtain the + smbldap-tools-0.8.7-3.src.rpm + file that may be used to build an installable RPM package for your Linux system. - - In your installation, the smbldap-tools are located in /var/lib/samba/sbin. - They can be installed in any convenient directory of your choice, in which case you must - change the path to them in your &smb.conf; file on the PDC (MASSIVE). - + +The smbldap-tools scripts can be installed in any convenient directory of your choice, in which case you must +change the path to them in your &smb.conf; file on the PDC (MASSIVE). + + The smbldap-tools are located in /opt/IDEALX/sbin. The scripts are not needed on BDC machines because all LDAP updates are handled by the PDC alone. + + Installation of smbldap-tools from the tarball + + + To perform a manual installation of the smbldap-tools scripts the following procedure may be used: + + - Create the /var/lib/samba/sbin directory, and set its permissions + Create the /opt/IDEALX/sbin directory, and set its permissions and ownership as shown here: -&rootprompt; mkdir -p /var/lib/samba/sbin -&rootprompt; chown root.root /var/lib/samba/sbin -&rootprompt; chmod 755 /var/lib/samba/sbin +&rootprompt; mkdir -p /opt/IDEALX/sbin +&rootprompt; chown root.root /opt/IDEALX/sbin +&rootprompt; chmod 755 /opt/IDEALX/sbin +&rootprompt; mkdir -p /etc/smbldap-tools +&rootprompt; chown root.root /etc/smbldap-tools +&rootprompt; chmod 755 /etc/smbldap-tools @@ -1565,118 +1619,30 @@ SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 - Copy all the .pl and .pm files into the - /var/lib/samba/sbin directory, as shown here: - -&rootprompt; cd /usr/share/doc/packages/samba3/Examples/LDAP/smbldap-tools -&rootprompt; cp *.pl *.pm /var/lib/samba/sbin - - - - - mkntpasswd - - You must compile the mkntpasswd tool and then install it into - the /var/lib/samba/sbin directory, as shown here: + Copy all the smbldap-* and the configure.pl files into the + /opt/IDEALX/sbin directory, as shown here: -&rootprompt; cd mkntpwd -&rootprompt; make -gcc -O2 -DMPU8086 -c -o getopt.o getopt.c -gcc -O2 -DMPU8086 -c -o md4.o md4.c -gcc -O2 -DMPU8086 -c -o mkntpwd.o mkntpwd.c -mkntpwd.c: In function `main': -mkntpwd.c:37: warning: return type of `main' is not `int' -gcc -O2 -DMPU8086 -c -o smbdes.o smbdes.c -gcc -O2 -DMPU8086 -o mkntpwd getopt.o md4.o mkntpwd.o smbdes.o -&rootprompt; cp mkntpwd /var/lib/samba/sbin +&rootprompt; cd smbldap-tools-0.8.7/ +&rootprompt; cp smbldap-* configure.pl *pm /opt/IDEALX/sbin/ +&rootprompt; cp smbldap*conf /etc/smbldap-tools/ +&rootprompt; chmod 750 /opt/IDEALX/sbin/smbldap-* +&rootprompt; chmod 750 /opt/IDEALX/sbin/configure.pl +&rootprompt; chmod 640 /etc/smbldap-tools/smbldap.conf +&rootprompt; chmod 600 /etc/smbldap-tools/smbldap_bind.conf - The smbldap-tools scripts must now be configured. - Change to the /var/lib/samba/sbin directory, and edit the - /var/lib/samba/sbin/smbldap_conf.pm to affect the changes + The smbldap-tools scripts master control file must now be configured. + Change to the /opt/IDEALX/sbin directory, then edit the + /opt/IDEALX/sbin/smbldap_conf.pm to affect the changes shown here: -# Put your own SID -# to obtain this number do: "net getlocalsid" -#$SID='S-1-5-21-1671648649-242858427-2873575837'; -$SID='S-1-5-21-3504140859-1010554828-2431957765'; -... -# LDAP Suffix -# Ex: $suffix = "dc=IDEALX,dc=ORG"; -$suffix = "dc=abmas,dc=biz"; -... -# Where are stored Users -# Ex: $usersdn = "ou=Users,$suffix"; ... -$usersou = q(People); -$usersdn = "ou=$usersou,$suffix"; - -# Where are stored Computers -# Ex: $computersdn = "ou=Computers,$suffix"; ... -$computersou = q(People); -$computersdn = "ou=$computersou,$suffix"; - -# Where are stored Groups -# Ex $groupsdn = "ou=Groups,$suffix"; ... -$groupsou = q(Groups); -$groupsdn = "ou=$groupsou,$suffix"; - -# Default scope Used -$scope = "sub"; - -# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) -$hash_encrypt="MD5"; -... -############################ -# Credential Configuration # -############################ -# Bind DN used -# Ex: $binddn = "cn=admin,$suffix"; ... -$binddn = "cn=Manager,$suffix"; - -# Bind DN passwd used -# Ex: $bindpasswd = 'secret'; for 'secret' -$bindpasswd = 'not24get'; ... -# Login defs -# Default Login Shell -# Ex: $_userLoginShell = q(/bin/bash); -#$_userLoginShell = q(_LOGINSHELL_); -$_userLoginShell = q(/bin/bash); - -# Home directory prefix (without username) -# Ex: $_userHomePrefix = q(/home/); -#$_userHomePrefix = q(_HOMEPREFIX_); -$_userHomePrefix = q(/home/); -... -# The UNC path to home drives location without the -# username last extension (will be dynamically prepended) -# Ex: q(\\\\My-PDC-netbios-name\\homes) -# Just comment this if you want to use the smb.conf -# 'logon home' directive # and/or desabling roaming profiles -#$_userSmbHome = q(\\\\_PDCNAME_\\homes); -$_userSmbHome = q(\\\\MASSIVE\\homes); - -# The UNC path to profiles locations without the username -# last extension (will be dynamically prepended) -# Ex: q(\\\\My-PDC-netbios-name\\profiles\\) -# Just comment this if you want to use the smb.conf -# 'logon path' directive and/or desabling roaming profiles -$_userProfile = q(\\\\MASSIVE\\profiles\\); - -# The default Home Drive Letter mapping -# (automatically mapped at logon time if home directory exists) -# Ex: q(U:) for U: -#$_userHomeDrive = q(_HOMEDRIVE_); -$_userHomeDrive = q(H:); -... -# Allows not to use smbpasswd -# (if $with_smbpasswd == 0 in smbldap_conf.pm) but -# prefer mkntpwd... most of the time, it's a wise choice :-) -$with_smbpasswd = 0; -$smbpasswd = "/usr/bin/smbpasswd"; -$mk_ntpasswd = "/var/lib/samba/sbin/mkntpwd"; +# ugly funcs using global variables and spawning openldap clients + +my $smbldap_conf="/etc/smbldap-tools/smbldap.conf"; +my $smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf"; ... @@ -1685,15 +1651,205 @@ $mk_ntpasswd = "/var/lib/samba/sbin/mkntpwd"; To complete the configuration of the smbldap-tools, set the permissions and ownership by executing the following commands: -&rootprompt; chown root.root /var/lib/samba/sbin/* -&rootprompt; chmod 755 /var/lib/samba/sbin/smb*pl -&rootprompt; chmod 640 /var/lib/samba/sbin/smb*pm -&rootprompt; chmod 555 /var/lib/samba/sbin/mkntpwd +&rootprompt; chown root.root /opt/IDEALX/sbin/* +&rootprompt; chmod 755 /opt/IDEALX/sbin/smbldap-* +&rootprompt; chmod 640 /opt/IDEALX/sbin/smb*pm - The smbldap-tools scripts are now ready for use. + The smbldap-tools scripts are now ready for the configuration step outlined in + Configuration of smbldap-tools. + + + + Installing smbldap-tools from the RPM Package + + + In the event that you have elected to use the RPM package provided by Idealx, download the + source RPM smbldap-tools-0.8.7-3.src.rpm, then follow the following procedure: + + + + + + Install the source RPM that has been downloaded as follows: + +&rootprompt; rpm -i smbldap-tools-0.8.7-3.src.rpm + + + + + Change into the directory in which the SPEC files are located. On SUSE Linux: + +&rootprompt; cd /usr/src/packages/SPECS + + On Red Hat Linux systems: + +&rootprompt; cd /usr/src/redhat/SPECS + + + + + Edit the smbldap-tools.spec file to change the value of the + _sysconfig macro as shown here: + +%define _prefix /opt/IDEALX +%define _sysconfdir /etc + + Note: Any suitable directory can be specified. + + + + Build the package by executing: + +&rootprompt; rpmbuild -ba -v smbldap-tools.spec + + A build process that has completed without error will place the installable binary + files in the directory ../RPMS/noarch. + + + + Install the binary package by executing: + +&rootprompt; rpm -Uvh ../RPMS/noarch/smbldap-tools-0.8.7-3.noarch.rpm + + + + + + + The Idealx scripts should now be ready for configuration using the steps outlined in + Configuration of smbldap-tools. + + + + + + Configuration of smbldap-tools + + + Prior to use the smbldap-tools must be configured to match the settings in the &smb.conf; file + and to match the settings in the /etc/openldap/slapd.conf file. The assumption + is made that the &smb.conf; file has correct contents. The following procedure will ensure that + this is completed correctly: + + + + The smbldap-tools require that the netbios name (machine name) of the Samba server be included + in the &smb.conf; file. + + + + + + Change into the directory that contains the configure.pl script. + +&rootprompt; cd /opt/IDEALX/sbin + + + + + Execute the configure.pl script as follows: + +&rootprompt; ./configure.pl + + The interactive use of this script for the PDC is demonstrated here: + +Unrecognized escape \p passed through at ./configure.pl line 194. +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + smbldap-tools script configuration + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +Before starting, check + . if your samba controller is up and running. + . if the domain SID is defined (you can get it with the 'net getlocalsid') + + . you can leave the configuration using the Crtl-c key combination + . empty value can be set with the "." caracter +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +Looking for configuration files... + +Samba Config File Location [/etc/samba/smb.conf] > +smbldap Config file Location (global parameters) [/etc/smbldap-tools/smbldap.conf] > +smbldap Config file Location (bind parameters) [/etc/smbldap-tools/smbldap_bind.conf] > +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +Let's start configuring the smbldap-tools scripts ... + +. workgroup name: name of the domain Samba act as a PDC + workgroup name [MEGANET2] > +. netbios name: netbios name of the samba controler + netbios name [MASSIVE] > +. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:' + logon drive [X:] > +. logon home: home directory location (for Win95/98 or NT Workstation). + (use %U as username) Ex:'\\MASSIVE\home\%U' + logon home (leave blank if you don't want homeDirectory) [\\MASSIVE\home\%U] > \\MASSIVE\%U +. logon path: directory where roaming profiles are stored. Ex:'\\MASSIVE\profiles\%U' + logon path (leave blank if you don't want roaming profile) [\\MASSIVE\profiles\%U] > +. home directory prefix (use %U as username) [/home/%U] > /home/users/%U +. default user netlogon script (use %U as username) [%U.cmd] > scripts\login.cmd + default password validation time (time in days) [45] > 0 +. ldap suffix [dc=abmas,dc=biz] > +. ldap group suffix [ou=Groups] > +. ldap user suffix [ou=People] > +. ldap machine suffix [ou=People] > +. Idmap suffix [ou=Idmap] > +. sambaUnixIdPooldn: object where you want to store the next uidNumber + and gidNumber available for new users and groups + sambaUnixIdPooldn object (relative to ${suffix}) [cn=NextFreeUnixId] > +. ldap master server: IP adress or DNS name of the master (writable) ldap server +Use of uninitialized value in scalar chomp at ./configure.pl line 138, <STDIN> line 17. +Use of uninitialized value in hash element at ./configure.pl line 140, <STDIN> line 17. +Use of uninitialized value in concatenation (.) or string at ./configure.pl line 144, <STDIN> line 17. +Use of uninitialized value in string at ./configure.pl line 145, <STDIN> line 17. + ldap master server [] > 127.0.0.1 +. ldap master port [389] > +. ldap master bind dn [cn=Manager,dc=abmas,dc=biz] > +. ldap master bind password [] > +. ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one +Use of uninitialized value in scalar chomp at ./configure.pl line 138, <STDIN> line 21. +Use of uninitialized value in hash element at ./configure.pl line 140, <STDIN> line 21. +Use of uninitialized value in concatenation (.) or string at ./configure.pl line 144, <STDIN> line 21. +Use of uninitialized value in string at ./configure.pl line 145, <STDIN> line 21. + ldap slave server [] > 127.0.0.1 +. ldap slave port [389] > +. ldap slave bind dn [cn=Manager,dc=abmas,dc=biz] > +. ldap slave bind password [] > +. ldap tls support (1/0) [0] > +. SID for domain MEGANET2: SID of the domain (can be obtained with 'net getlocalsid MASSIVE') + SID for domain MEGANET2 [S-1-5-21-3504140859-1010554828-2431957765] > +. unix password encryption: encryption used for unix passwords + unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > MD5 +. default user gidNumber [513] > +. default computer gidNumber [515] > +. default login shell [/bin/bash] > +. default domain name to append to mail adress [] > abmas.biz +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +backup old configuration files: + /etc/smbldap-tools/smbldap.conf->etc/smbldap-tools/smbldap.conf.old + /etc/smbldap-tools/smbldap_bind.conf->etc/smbldap-tools/smbldap_bind.conf.old +writing new configuration file: + /etc/smbldap-tools/smbldap.conf done. + /etc/smbldap-tools/smbldap_bind.conf done. + + Since a slave LDAP server has not been configured it is necessary to specify the IP + address of the master LDAP server for both the master and the slave configuration + prompts. + + + + Change to the directory that contains the smbldap.conf file + then verify its contents. + + + + + + The smbldap-tools are now ready for use. + + + + @@ -1755,10 +1911,10 @@ $mk_ntpasswd = "/var/lib/samba/sbin/mkntpwd"; - smbldap-populate.pl + smbldap-populate The following steps initialize the LDAP database, and then you can add user and group - accounts that Samba can use. You use the smbldap-populate.pl to + accounts that Samba can use. You use the smbldap-populate to seed the LDAP database. You then manually add the accounts shown in . The list of users does not cover all 500 network users; it provides examples only. @@ -1857,33 +2013,53 @@ Starting ldap-server done - Change to the /var/lib/samba/sbin directory. + Change to the /opt/IDEALX/sbin directory. Execute the script that will populate the LDAP database as shown here: &rootprompt; ./smbldap-populate.pl + + The expected output from this is: + +Using workgroup name from smb.conf: sambaDomainName=MEGANET2 +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +=> Warning: you must update smbldap.conf configuration file to : +=> sambaUnixIdPooldn parameter must be set to "sambaDomainName=MEGANET2,dc=abmas,dc=biz" +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Using builtin directory structure adding new entry: dc=abmas,dc=biz adding new entry: ou=People,dc=abmas,dc=biz adding new entry: ou=Groups,dc=abmas,dc=biz -adding new entry: ou=Computers,dc=abmas,dc=biz -adding new entry: uid=Administrator,ou=People,dc=abmas,dc=biz +entry ou=People,dc=abmas,dc=biz already exist. +adding new entry: ou=Idmap,dc=abmas,dc=biz +adding new entry: sambaDomainName=MEGANET2,dc=abmas,dc=biz +adding new entry: uid=root,ou=People,dc=abmas,dc=biz adding new entry: uid=nobody,ou=People,dc=abmas,dc=biz adding new entry: cn=Domain Admins,ou=Groups,dc=abmas,dc=biz adding new entry: cn=Domain Users,ou=Groups,dc=abmas,dc=biz adding new entry: cn=Domain Guests,ou=Groups,dc=abmas,dc=biz +adding new entry: cn=Domain Computers,ou=Groups,dc=abmas,dc=biz adding new entry: cn=Administrators,ou=Groups,dc=abmas,dc=biz -adding new entry: cn=Users,ou=Groups,dc=abmas,dc=biz -adding new entry: cn=Guests,ou=Groups,dc=abmas,dc=biz -adding new entry: cn=Power Users,ou=Groups,dc=abmas,dc=biz -adding new entry: cn=Account Operators,ou=Groups,dc=abmas,dc=biz -adding new entry: cn=Server Operators,ou=Groups,dc=abmas,dc=biz adding new entry: cn=Print Operators,ou=Groups,dc=abmas,dc=biz adding new entry: cn=Backup Operators,ou=Groups,dc=abmas,dc=biz -adding new entry: cn=Replicator,ou=Groups,dc=abmas,dc=biz -adding new entry: cn=Domain Computers,ou=Groups,dc=abmas,dc=biz +adding new entry: cn=Replicators,ou=Groups,dc=abmas,dc=biz + + + + + Edit the /etc/smbldap-tools/smbldap.conf file so that the following + information is changed from: + +# Where to store next uidNumber and gidNumber available +sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" + + to read, after modification: + +# Where to store next uidNumber and gidNumber available +#sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" +sambaUnixIdPooldn="sambaDomainName=MEGANET2,dc=abmas,dc=biz" @@ -2083,7 +2259,7 @@ uid=1002(chrisr) gid=513(Domain Users) groups=513(Domain Users) management of user and group accounts requires that the UID=0. You decide to rectify this immediately as demonstrated here: -&rootprompt; cd /var/lib/samba/sbin +&rootprompt; cd /opt/IDEALX/sbin &rootprompt; ./smbldap-usermod.pl -u 0 Administrator @@ -2641,6 +2817,7 @@ smb: \> q workgroupMEGANET2 netbios nameBLDG1 passdb backendldapsam:ldap://massive.abmas.biz + enable privilegesYes username map/etc/samba/smbusers log level1 syslog0 @@ -2678,6 +2855,7 @@ smb: \> q workgroupMEGANET2 netbios nameBLDG2 passdb backendldapsam:ldap://massive.abmas.biz + enable privilegesYes username map/etc/samba/smbusers log level1 syslog0 -- cgit