18/05/13

Home About Request Guide Contribute Contact

Build a Samba PDC with LDAP backend - BSD Guides

NEWS

ADMINISTRATION

SERVER

NETWORKING

SECURITY

SOFTWARE

HARDWARE

THE SHELL

USEFUL STUFF
Follow @bsdguides

Build a Samba PDC with LDAP backend

December 21, 2008 by Sylhouette Leave a Comment

General Information
Build a Samba PDC on FreeBSD with a ldap backend. This will not let you authenticate ssh users just a plain samba server for your windows clients.

SUBSCRIBE!
Get the latest posts via Feed Burner Enter your email address... Go

Requirements
Shell access is assumed. You should perform the following as root.

CONTRIBUTE
BS DGu id es depends on your contribution and participation! If you find this site helpful and are willing to help out, click here to find out how OR Signup and Join to become a part of this site.

Installation
First we going to install all the required ports so make sure your ports tree is up to date. The name of the server is serv01 The domain name is doublel.local So the FQDN is serv01.smbdomain.local Thus my /etc/hosts file looks like this

SEARCH BSDGUIDES
Search this website Search

: : 1 1 2 7 . 0 . 0 . 1 1 9 2 . 1 6 8 . 5 0 . 1 9 5 1 9 2 . 1 6 8 . 5 0 . 1 9 5

l o c a l h o s tl o c a l h o s t . s m b d o m a i n . l o c a l l o c a l h o s tl o c a l h o s t . s m b d o m a i n . l o c a l s e r v 0 1 . s m b d o m a i n . l o c a ls e r v 0 1 s e r v 0 1 . s m b d o m a i n . l o c a l .

RECENT POSTS
Automatic binary updates for OpenBSD Awesome mini wireless keyboard and mouse Upgrading FreeBSD 9.0 to 9.1 using freebsd-update FreeBSD 9.1 released Lettuce shoots dog

We need to install the following ports: 1. /net/openldap24-server 2. /net/samba3 (should work with samba32-devel also) 3. /net/nss_ldap 4. /net/smbldap-tools O p en ld ap b acken d server You can accept the default selected options

#c d/ u s r / p o r t s / n e t / o p e n l d a p 2 4 s e r v e r #m a k ei n s t a l lc l e a n S amb a

#c d/ u s r / p o r t s / n e t / s a m b a 3 #m a k ei n s t a l lc l e a n Select the setting below

+ + | O p t i o n sf o rs a m b a3 . 0 . 3 2 _ 1 , 1 | |+ +|

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

1/11

18/05/13
|| [ X ]L D A P || [ X ]A D S || [ X ]C U P S || [ X ]W I N B I N D

Build a Samba PDC with LDAP backend - BSD Guides

W i t hL D A Ps u p p o r t W i t hA c t i v eD i r e c t o r ys u p p o r t W i t hC U P Sp r i n t i n gs u p p o r t W i t hW i n B I N Ds u p p o r t || || || || || || || || || || || || || || || || || || C a n c e l |

|| [ X ]A C L _ S U P P O R T W i t hA C Ls u p p o r t || [ X ]A I O _ S U P P O R T W i t hA s y n c r o n o u sI Os u p p o r t || []F A M _ S U P P O R T W i t hF i l eA l t e r a t i o nM o n i t o r || [ X ]S Y S L O G || [ X ]Q U O T A S || [ X ]U T M P || []C L U S T E R || []D N S U P D A T E || [ X ]P O P T || [ X ]P C H || []M A X _ D E B U G || []S M B T O R T U R E | W i t hS y s l o gs u p p o r t W i t hD i s kq u o t as u p p o r t W i t hU T M Pa c c o u n t i n gs u p p o r t W i t he x p e r i m e n t a lc l u s t e rs u p p o r t W i t hd y n a m i cD N Su p d a t e ( r e q u i r eA D S ) W i t hs y s t e m w i d eP O P Tl i b r a r y W i t hp r e c o m p i l e dh e a d e r so p t i m i z a t i o n W i t hm a x i m u md e b u g g i n g W i t hs m b t o r t u r e [ O K ]

|| []P A M _ S M B P A S S W i t hP A Ma u t h e n t i c a t i o nv sp a s s d bb a c k e n d s

|| []E X P _ M O D U L E S W i t he x p e r i m e n t a lm o d u l e s

+ + + + + + I n stall n ss_ld ap

#c d/ u s r / p o r t s / n e t / n s s _ l d a p / #m a k ei n s t a l lc l e a n I n stall smb ld ap -to o ls

#c d/ u s r / p o r t s / n e t / s m b l d a p t o o l s #m a k ei n s t a l lc l e a n

Configuration
Prep are th e o p en ld ap co n fig file (/u sr/lo cal/etc/o p en ld ap /slap d .co n f) First we need to create a password for the openldap server

#s l a p p a s s w dsv e r y s e c u r e p a s s w o r d { S S H A } 2 p C G r V M h M h 3 c C + L a k U X A p e b b 9 j w I C f 5 e No te: Copy the output!! Open the /usr/local/etc/openldap/slapd.conf file and make sure it looks like the following

#v i/ u s r / l o c a l / e t c / o p e n l d a p / s l a p d . c o n f

# #S e es l a p d . c o n f ( 5 )f o rd e t a i l so nc o n f i g u r a t i o no p t i o n s . #T h i sf i l es h o u l dN O Tb ew o r l dr e a d a b l e . # i n c l u d e i n c l u d e i n c l u d e i n c l u d e i n c l u d e i n c l u d e i n c l u d e l o g l e v e l2 5 6 p i d f i l e a r g s f i l e / v a r / r u n / o p e n l d a p / s l a p d . p i d / v a r / r u n / o p e n l d a p / s l a p d . a r g s / u s r / l o c a l / e t c / o p e n l d a p / s c h e m a / c o r e . s c h e m a / u s r / l o c a l / e t c / o p e n l d a p / s c h e m a / c o s i n e . s c h e m a / u s r / l o c a l / e t c / o p e n l d a p / s c h e m a / i n e t o r g p e r s o n . s c h e m a / u s r / l o c a l / e t c / o p e n l d a p / s c h e m a / m i s c . s c h e m a / u s r / l o c a l / e t c / o p e n l d a p / s c h e m a / n i s . s c h e m a / u s r / l o c a l / e t c / o p e n l d a p / s c h e m a / o p e n l d a p . s c h e m a / u s r / l o c a l / e t c / o p e n l d a p / s c h e m a / s a m b a . s c h e m a

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

2/11

18/05/13
#L o a dd y n a m i cb a c k e n dm o d u l e s : m o d u l e p a t h m o d u l e l o a d

Build a Samba PDC with LDAP backend - BSD Guides

/ u s r / l o c a l / l i b e x e c / o p e n l d a p b a c k _ b d b

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #B D Bd a t a b a s ed e f i n i t i o n s # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # d a t a b a s e s u f f i x r o o t d n r o o t p w d i r e c t o r y b d b " d c = s m b d o m a i n , d c = l o c a l " " c n = M a n a g e r , d c = s m b d o m a i n , d c = l o c a l " { S S H A } 2 p C G r V M h M h 3 c C + L a k U X A p e b b 9 j w I C f 5 e / u s r / l o c a l / v a r / d b / o p e n l d a p d a t a

# r o o t p w=v e r y s e c u r e p a s s w o r d

#I n d i c e st om a i n t a i n i n d e x i n d e x i n d e x i n d e x i n d e x i n d e x i n d e x i n d e x i n d e x i n d e x i n d e x i n d e x o b j e c t C l a s s c n s n u i d d i s p l a y N a m e u i d N u m b e r g i d N u m b e r m e m b e r U I D s a m b a S I D s a m b a P r i m a r y G r o u p S I D s a m b a D o m a i n N a m e d e f a u l t e q p r e s , s u b , e q p r e s , s u b , e q p r e s , s u b , e q p r e s , s u b , e q e q e q e q e q e q e q s u b

Now we need to create and copy some files. First, we want to create the database dir of openldap. In this case this is /usr/local/var/db/openldap-data. If you want another location change the directory directive in the slapd.conf file. Also we set the right permissions on the directory and files of openldap.

#m k d i rp/ u s r / l o c a l / v a r / d b / o p e n l d a p d a t a #c p/ u s r / l o c a l / e t c / o p e n l d a p / D B _ C O N F I G . e x a m p l e / u s r / l o c a l / v a r / d b / o p e n l d a p d a t a / D B _ C O N F I G #c h o w nRl d a p : l d a p/ u s r / l o c a l / v a r / d b / o p e n l d a p d a t a #c h o w nRl d a p : l d a p/ u s r / l o c a l / e t c / o p e n l d a p / #c h m o dR0 7 0 0/ u s r / l o c a l / v a r / d b / o p e n l d a p d a t a #c h m o d0 4 0 0/ u s r / l o c a l / e t c / o p e n l d a p / s l a p d . c o n f Also we need to copy the samba schema to the final directory.

#c p/ u s r / l o c a l / s h a r e / e x a m p l e s / s a m b a / L D A P / s a m b a . s c h e m a / u s r / l o c a l / e t c / o p e n l d a p / s c h e m a / Then we want to make sure slapd logs to syslog. Add the lines to the file /etc/syslog.conf

#v i/ e t c / s y s l o g . c o n f ! s l a p d * . * / v a r / l o g / s l a p d . l o g

Now we create the log file and restart the syslog deamon

#t o u c h/ v a r / l o g / s l a p d . l o g #/ e t c / r c . d / s y s l o g dr e s t a r t n ss_ld ap .co n f

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

3/11

18/05/13

Build a Samba PDC with LDAP backend - BSD Guides

Make sure the file /usr/local/etc/nss_ldap.conf looks like the following

#v i/ u s r / l o c a l / e t c / n s s _ l d a p . c o n f b a s ed c = s m b d o m a i n , d c = l o c a l b i n d _ p o l i c ys o f t b i n d _ t i m e l i m i t1 0 h o s tl o c a l h o s t i d l e _ t i m e l i m i t3 6 0 0 l d a p _ v e r s i o n3 n s s _ b a s e _ g r o u p o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l ? o n e n s s _ b a s e _ p a s s w do u = P e o p l e , d c = s m b d o m a i n , d c = l o c a l ? o n e n s s _ b a s e _ p a s s w do u = C o m p u t e r s , d c = s m b d o m a i n , d c = l o c a l ? o n e n s s _ b a s e _ s h a d o wo u = P e o p l e , d c = s m b d o m a i n , d c = l o c a l ? o n e n s s _ c o n n e c t _ p o l i c yp e r s i s t n s s _ p a g e d _ r e s u l t sy e s p a g e s i z e1 0 0 0 p o r t3 8 9 s c o p eo n e t i m e l i m i t3 0 Now we link the file /usr/local/etc/nss_ldap.conf to /usr/local/etc/openldap/ldap.conf

#r m/ u s r / l o c a l / e t c / o p e n l d a p / l d a p . c o n f #l ns/ u s r / l o c a l / e t c / n s s _ l d a p . c o n f/ u s r / l o c a l / e t c / o p e n l d a p / l d a p . c o n f #l ns/ u s r / l o c a l / e t c / n s s _ l d a p . c o n f/ u s r / l o c a l / e t c / l d a p . c o n f To make sure the slapd deamon (the openldap server) starts at a reboot we need to edit the /etc/rc.conf file.

#e c h o" # e n a b l es l a p d " > > / e t c / r c . c o n f #e c h os l a p d _ e n a b l e = \ " Y E S \ "> > / e t c / r c . c o n f #e c h os l a p d _ f l a g s = ' h\ " l d a p i : / / % 2 f v a r % 2 f r u n % 2 f o p e n l d a p % 2 f l d a p i / l d a p : / / 0 . 0 . 0 . 0 /l d a p : / / 1 2 7 . 0 . 0 . 1 / \ " '> > / e t c / r c . c o n f #e c h os l a p d _ s o c k e t s = \ " / v a r / r u n / o p e n l d a p / l d a p i \ "> > / e t c / r c . c o n f And we try to start it!

#/ u s r / l o c a l / e t c / r c . d / s l a p ds t a r t S t a r t i n gs l a p d . #p sa x|g r e ps l a p 1 1 3 8 3 ? ? S s 1 1 3 8 5 p 2 S + /etc/n ssw itch .co n f Edit the /etc/nsswitch file and make sure to edit the group: and passwd: line, so change compat to files ldap. The file looks like this after editing 0 : 0 0 , 0 1/ u s r / l o c a l / l i b e x e c / s l a p dhl d a p i : / / % 2 f v a r 0 : 0 0 , 0 0g r e ps l a p

g r o u p :f i l e sl d a p g r o u p _ c o m p a t :n i s h o s t s :f i l e sd n s n e t w o r k s :f i l e s p a s s w d :f i l e sl d a p p a s s w d _ c o m p a t :n i s s h e l l s :f i l e s

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

4/11

18/05/13
s e r v i c e s :c o m p a t s e r v i c e s _ c o m p a t :n i s p r o t o c o l s :f i l e s r p c :f i l e s S amb a

Build a Samba PDC with LDAP backend - BSD Guides

All my data (shares) and other samba related files like username are in /usr/local/samba. So first we create that dir

#m k d i r/ u s r / l o c a l / s a m b a We also create a usermap file named usermap

#v i/ u s r / l o c a l / s a m b a / u s e r m a p r o o t=a d m i n i s t r a t o r To create the following /usr/local/etc/smb.conf file, you must remove or empty the original one. Make sure you replace fxp0 for your own network interface, or comment out the line interfaces = and bind interfaces only =

#r m/ u s r / l o c a l / e t c / s m b . c o n f #v i/ u s r / l o c a l / e t c / s m b . c o n f #G l o b a lp a r a m e t e r s [ g l o b a l ] w o r k g r o u p=S M B D O M A I N s e r v e rs t r i n g=S a m b aS e r v e r n e t b i o sn a m e=s e r v 0 1 h o s t sa l l o w=1 9 2 . 1 6 8 . 5 0 .1 2 7 .1 0 . 0 . 1 . i n t e r f a c e s=f x p 0 ,l o b i n di n t e r f a c e so n l y=Y e s #p a s s w db a c k e n d e n c r y p tp a s s w o r d s=y e s p a s s d bb a c k e n d =l d a p s a m : l d a p : / / s e r v 0 1 . s m b d o m a i n . l o c a l / e n a b l ep r i v i l e g e s=y e s p a mp a s s w o r dc h a n g e =Y e s p a s s w dp r o g r a m=/ u s r / b i n / p a s s w d% u p a s s w dc h a t=* N e w * U N I X * p a s s w o r d *% n n* R e T y p e * n e w * U N I X * p a s s w o r d * % n n*p a s s w d : * a l l * a u t h e n t i c a t i o n * t o k e n s * u p d a t e d * s u c c e s s f u l l y * u n i xp a s s w o r ds y n c=Y e s #L o go p t i o n s l o gl e v e l=1 l o gf i l e=/ v a r / l o g / s a m b a / % m m a xl o gs i z e=5 0 s y s l o g=0 #N a m er e s o l u t i o n n a m er e s o l v eo r d e r=w i n sb c a s th o s t #m i s c t i m e s e r v e r=Y e s s o c k e to p t i o n s=T C P _ N O D E L A YS O _ R C V B U F = 8 1 9 2S O _ S N D B U F = 8 1 9 2 u s es e n d f i l e=y e s v e t of i l e s=/ * . e m l / * . n w s / * . { * } / v e t oo p l o c kf i l e s=/ * . d o c / * . x l s / * . m d b / d e a d t i m e #D o s A t t r i b u t e =1 2 0

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

5/11

18/05/13
m a ph i d d e n=N o m a ps y s t e m=N o m a pa r c h i v e=N o m a pr e a do n l y=N o s t o r ed o sa t t r i b u t e s=Y e s

Build a Samba PDC with LDAP backend - BSD Guides

#p r i n t e r s-c o n f i g u r e dt ou s eC U P Sa n da u t o m a t i c a l l yl o a dt h e m l o a dp r i n t e r s=Y e s p r i n t c a pn a m e=C U P S p r i n t i n g=c u p s c u p so p t i o n s=R a w s h o wa d dp r i n t e rw i z a r d=N o #s c r i p t si n v o k e db ys a m b a a d du s e rs c r i p t m% u d e l e t eu s e rs c r i p t % u a d dg r o u ps c r i p t p% g d e l e t eg r o u ps c r i p t % g a d du s e rt og r o u ps c r i p t m% u% g d e l e t eu s e rf r o mg r o u ps c r i p t=/ u s r / l o c a l / s b i n / s m b l d a p g r o u p m o d x% u% g s e tp r i m a r yg r o u ps c r i p t g% g% u >a d dm a c h i n es c r i p t =/ u s r / l o c a l / s b i n / s m b l d a p u s e r a d dw% m =/ u s r / l o c a l / s b i n / s m b l d a p u s e r m o d=/ u s r / l o c a l / s b i n / s m b l d a p g r o u p m o d =/ u s r / l o c a l / s b i n / s m b l d a p g r o u p d e l =/ u s r / l o c a l / s b i n / s m b l d a p g r o u p a d d =/ u s r / l o c a l / s b i n / s m b l d a p u s e r d e l =/ u s r / l o c a l / s b i n / s m b l d a p u s e r a d d-

#L D A P i C o n f i g u r a t i o n l d a pd e l e t ed n l d a ps s l l d a pp a s s w ds y n c l d a ps u f f i x l d a pm a c h i n es u f f i x l d a pu s e rs u f f i x l d a pg r o u ps u f f i x l d a pi d m a ps u f f i x l d a pa d m i nd n i d m a pb a c k e n d l d a p : l d a p : / / s e r v 0 1 . s m b d o m a i n . l o c a l i d m a pu i d i d m a pg i d #l o g o no p t i o n s l o g o ns c r i p t=l o g o n . b a t l o g o np a t h=\ % L p r o f i l e s % u l o g o np a t h= l o g o nh o m e=\ % L % U l o g o nd r i v e=H : #s e t t i n gu pa sd o m a i nc o n t r o l l e r u s e r n a m em a p=/ u s r / l o c a l / s a m b a / u s e r m a p p r e f e r r e dm a s t e r=Y e s w i n ss u p p o r t=Y e s d o m a i nl o g o n s=Y e s d o m a i nm a s t e r=Y e s l o c a lm a s t e r=Y e s o sl e v e l=6 4 m a pa c li n h e r i t=Y e s =1 0 0 0 0 2 0 0 0 0 =1 0 0 0 0 2 0 0 0 0 =Y e s =o f f =Y e s =d c = s m b d o m a i n , d c = l o c a l =o u = C o m p u t e r s =o u = P e o p l e =o u = G r o u p s =o u = I d m a p =c n = M a n a g e r , d c = s m b d o m a i n , d c = l o c a l =

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

6/11

18/05/13
u n i xc h a r s e t =U T F 8

Build a Samba PDC with LDAP backend - BSD Guides

# = = = = = = = = = = = = = = = = = = = = = = = = = = = =S h a r eD e f i n i t i o n s = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = [ n e t l o g o n ] c o m m e n t=N e t w o r kL o g o nS e r v i c e p a t h=/ u s r / l o c a l / e t c / s a m b a / n e t l o g o n g u e s to k=y e s l o c k i n g=n o [ h o m e s ] c o m m e n t=H o m eD i r e c t o r i e s v a l i du s e r s=% S r e a do n l y=N o b r o w s e a b l e=N o [ P r o f i l e s ] c o m m e n t=N e t w o r kP r o f i l e sS e r v i c e p a t h=/ u s r / l o c a l / e t c / s a m b a / p r o f i l e s r e a do n l y=N o p r o f i l ea c l s=y e s h i d ef i l e s=/ d e s k t o p . i n i / n t u s e r . i n i / N T U S E R . * / p r o f i l ea c l s=Y e s

[ p r i n t e r s ] c o m m e n t=A l lP r i n t e r s p a t h=/ v a r / s p o o l / s a m b a b r o w s e a b l e=N o g u e s to k=Y e s p r i n t a b l e=Y e s u s ec l i e n td r i v e r=Y e s d e f a u l td e v m o d e=Y e s [ p r i n t $ ] c o m m e n t=P r i n t e rD r i v e r s p a t h=/ u s r / l o c a l / s a m b a / p r i n t e r d r i v e r s b r o w s e a b l e=y e s g u e s to k=n o r e a do n l y=y e s w r i t el i s t=r o o t [ d a t a ] c o m m e n t=D a t aD i r e c t o r y p a t h=/ h o m e / d a t a w r i t el i s t=@ s m b d o m a i n r e a do n l y=N o c r e a t em a s k=0 7 7 7 d i r e c t o r ym a s k=0 7 7 7 Create the following directories: netlogon, profiles, printer-drivers and the share data, and give them proper permissions.

#m k d i r/ u s r / l o c a l / s a m b a / n e t l o g o n #m k d i r/ u s r / l o c a l / s a m b a / p r o f i l e s #m k d i r/ u s r / l o c a l / s a m b a / p r i n t e r d r i v e r s #m k d i r/ u s r / l o c a l / s a m b a / d a t a #c h m o d7 7 7/ u s r / l o c a l / s a m b a / p r o f i l e s Check the smb.conf file by doing a testparm

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

7/11

18/05/13
#t e s t p a r m/ u s r / l o c a l / e t c / s m b . c o n f You should see the following without errors

Build a Samba PDC with LDAP backend - BSD Guides

L o a ds m bc o n f i gf i l e sf r o m/ u s r / l o c a l / e t c / s m b . c o n f P r o c e s s i n gs e c t i o n" [ n e t l o g o n ] " P r o c e s s i n gs e c t i o n" [ h o m e s ] " P r o c e s s i n gs e c t i o n" [ P r o f i l e s ] " P r o c e s s i n gs e c t i o n" [ p r i n t e r s ] " P r o c e s s i n gs e c t i o n" [ p r i n t $ ] " P r o c e s s i n gs e c t i o n" [ d a t a ] " L o a d e ds e r v i c e sf i l eO K . S e r v e rr o l e :R O L E _ D O M A I N _ P D C P r e s se n t e rt os e ead u m po fy o u rs e r v i c ed e f i n i t i o n s We need to store the password from the ldap server in the secret.tdb file of samba. First we stop the openldap server(also for later when we import the data)

#/ u s r / l o c a l / e t c / r c . d / s l a p ds t o p S t o p p i n gs l a p d . W a i t i n gf o rP I D S :4 9 8 5 1 . # #s m b p a s s w d wv e r y s e c u r e p a s s w o r d S e t t i n gs t o r e dp a s s w o r df o r" c n = M a n a g e r , d c = s m b d o m a i n , d c = l o c a l "i n s e c r e t s . t d b Make sure samba can start and will restart after a reboot

#e c h o" # e n a b l eS a m b a "> > / e t c / r c . c o n f #e c h on m b d _ e n a b l e = " Y E S "> > / e t c / r c . c o n f #e c h os m b d _ e n a b l e = " Y E S "> > / e t c / r c . c o n f #e c h ow i n b i n d d _ e n a b l e = " Y E S "> > / e t c / r c . c o n f #e c h oc u p s d _ e n a b l e = " Y E S "> > / e t c / r c . c o n f Now we start samba

#/ u s r / l o c a l / e t c / r c . d / s a m b as t a r t R e m o v i n gs t a l eS a m b at d bf i l e s :. . . . . . .d o n e S t a r t i n gn m b d . S t a r t i n gs m b d . S t a r t i n gw i n b i n d d . Test if samba has started.

#p sa x|g r e pm d b 1 0 9 3 ? ? S s 1 0 9 5 ? ? I 1 1 0 0 ? ? S s 0 : 0 0 . 0 3/ u s r / l o c a l / s b i n / n m b dDs 0 : 0 0 . 0 0/ u s r / l o c a l / s b i n / n m b dDs 0 : 0 0 . 0 1/ u s r / l o c a l / s b i n / s m b dDs / u s r / l o c a l / e t c / s m b . c o n f / u s r / l o c a l / e t c / s m b . c o n f / u s r / l o c a l / e t c / s m b . c o n f To make sure samba starts after the ldap server starts we need to edit the startup scrpit of samba. So we put slapd after cupsd at the second line starting with # REQUIRE:

#v i/ u s r / l o c a l / e t c / r c . d / s a m b a P R O V I D E :n m b ds m b d P R O V I D E :w i n b i n d d R E Q U I R E :N E T W O R K I N GS E R V E R SD A E M O Nl d c o n f i gr e s o l v R E Q U I R E :c u p s ds l a p d

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

8/11

18/05/13
B E F O R E :L O G I N K E Y W O R D :s h u t d o w n smb ld ap -to o ls

Build a Samba PDC with LDAP backend - BSD Guides

If you run the script you must answer a few questions. I put [HIT ENTER] after the lines that need no change, behind the others I put [<--- NEEDS CHANGE] After the question ldap tls support (1/0) [0] there is a little timeout, now the script trys to get the SID and this can take a few seconds!

#/ u s r / l o c a l / s h a r e / e x a m p l e s / s m b l d a p t o o l s / c o n f i g u r e . p l U s eo f$ #i sd e p r e c a t e da t/ u s r / l o c a l / s h a r e / e x a m p l e s / s m b l d a p t o o l s / c o n f i g u r e . p ll i n e3 1 4 . = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = s m b l d a p t o o l ss c r i p tc o n f i g u r a t i o n = = = = = = = = = = = = = = = = = B e f o r es t a r t i n g ,c h e c k .i fy o u rs a m b ac o n t r o l l e ri su pa n dr u n n i n g . .i ft h ed o m a i nS I Di sd e f i n e d( y o uc a ng e ti tw i t ht h e' n e t g e t l o c a l s i d ' ) .y o uc a nl e a v et h ec o n f i g u r a t i o nu s i n gt h eC r t l ck e yc o m b i n a t i o n .e m p t yv a l u ec a nb es e tw i t ht h e" . "c h a r a c t e r = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = L o o k i n gf o rc o n f i g u r a t i o nf i l e s . . . S a m b aC o n f i g u r a t i o nF i l eP a t h[ / u s r / l o c a l / e t c / s m b . c o n f ] [ H I TE N T E R ] T h ed e f a u l td i r e c t o r yi nw h i c ht h es m b l d a pc o n f i g u r a t i o nf i l e sa r e s t o r e di ss h o w n . I fy o un e e dt oc h a n g et h i s ,e n t e rt h ef u l ld i r e c t o r yp a t h ,t h e np r e s s e n t e rt oc o n t i n u e . S m b l d a p t o o l sC o n f i g u r a t i o nD i r e c t o r yP a t h[ / e t c / o p t / I D E A L X / s m b l d a p t o o l s / ]/ u s r / l o c a l / e t c / s m b l d a p t o o l s[ < -N E E D SC H A N G E ] = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = L e t ' ss t a r tc o n f i g u r i n gt h es m b l d a p t o o l ss c r i p t s. . . .w o r k g r o u pn a m e :n a m eo ft h ed o m a i nS a m b aa c ta saP D C w o r k g r o u pn a m e[ s m b d o m a i n ][ H I TE N T E R ] .n e t b i o sn a m e :n e t b i o sn a m eo ft h es a m b ac o n t r o l e r n e t b i o sn a m e[ s e r v 0 1 ][ H I TE N T E R ] .l o g o nd r i v e :l o c a lp a t ht ow h i c ht h eh o m ed i r e c t o r yw i l lb ec o n n e c t e d ( f o rN TW o r k s t a t i o n s ) .E x :' H : ' l o g o nd r i v e[ H : ][ H I TE N T E R ] .l o g o nh o m e :h o m ed i r e c t o r yl o c a t i o n( f o rW i n 9 5 / 9 8o rN TW o r k s t a t i o n ) . ( u s e% Ua su s e r n a m e )E x : ' \ s e r v 0 1 % U ' l o g o nh o m e( p r e s st h e" . "c h a r a c t e ri fy o ud o n ' tw a n th o m e D i r e c t o r y ) [ \ % L % U ][ H I TE N T E R ] .l o g o np a t h :d i r e c t o r yw h e r er o a m i n gp r o f i l e sa r es t o r e d . E x : ' \ s e r v 0 1 p r o f i l e s % U ' l o g o np a t h( p r e s st h e" . "c h a r a c t e ri fy o ud o n ' tw a n tr o a m i n g p r o f i l e )[ \ s e r v 0 1 p r o f i l e s % U ][ H I TE N T E R ] .h o m ed i r e c t o r yp r e f i x( u s e% Ua su s e r n a m e )[ / h o m e / % U ][ H I TE N T E R ] .d e f a u l tu s e r s 'h o m e D i r e c t o r ym o d e[ 7 0 0 ][ H I TE N T E R ] .d e f a u l tu s e rn e t l o g o ns c r i p t( u s e% Ua su s e r n a m e )[ l o g o n . b a t ][ H I T E N T E R ] d e f a u l tp a s s w o r dv a l i d a t i o nt i m e( t i m ei nd a y s )[ 4 5 ]1 0 0 0 0 0 [ < N E E D SC H A N G E ] .l d a ps u f f i x[ d c = s m b d o m a i n , d c = l o c a l ][ H I TE N T E R ] .l d a pg r o u ps u f f i x[ o u = G r o u p s ][ H I TE N T E R ]

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

9/11

18/05/13

Build a Samba PDC with LDAP backend - BSD Guides

.l d a pu s e rs u f f i x[ o u = P e o p l e ][ H I TE N T E R ] .l d a pm a c h i n es u f f i x[ o u = C o m p u t e r s ][ H I TE N T E R ] .I d m a ps u f f i x[ o u = I d m a p ][ H I TE N T E R ] .s a m b a U n i x I d P o o l d n :o b j e c tw h e r ey o uw a n tt os t o r et h en e x tu i d N u m b e r a n dg i d N u m b e ra v a i l a b l ef o rn e wu s e r sa n dg r o u p s s a m b a U n i x I d P o o l d no b j e c t( r e l a t i v et o$ { s u f f i x } ) [ s a m b a D o m a i n N a m e = s m b d o m a i n ][ H I TE N T E R ] .l d a pm a s t e rs e r v e r :I Pa d r e s so rD N Sn a m eo ft h em a s t e r( w r i t a b l e ) l d a ps e r v e r l d a pm a s t e rs e r v e r[ s e r v 0 1 . s m b d o m a i n . l o c a l ][ H I TE N T E R ] .l d a pm a s t e rp o r t[ 3 8 9 ][ H I TE N T E R ] .l d a pm a s t e rb i n dd n[ c n = M a n a g e r , d c = s m b d o m a i n , d c = l o c a l ][ H I TE N T E R ] l d a pm a s t e rb i n dp a s s w o r d[ ]v e r y s e c u r e p a s s w o r d .l d a ps l a v es e r v e r :I Pa d r e s so rD N Sn a m eo ft h es l a v el d a ps e r v e r : c a na l s ob et h em a s t e ro n e l d a ps l a v es e r v e r[ s e r v 0 1 . s m b d o m a i n . l o c a l ][ H I TE N T E R ] .l d a ps l a v ep o r t[ 3 8 9 ][ H I TE N T E R ] .l d a ps l a v eb i n dd n[ c n = M a n a g e r , d c = s m b d o m a i n , d c = l o c a l ][ H I TE N T E R ] .l d a ps l a v eb i n dp a s s w o r d[ ]v e r y s e c u r e p a s s w o r d .l d a pt l ss u p p o r t( 1 / 0 )[ 0 ][ H I TE N T E R ] .S I Df o rd o m a i ns m b d o m a i n :S I Do ft h ed o m a i n( c a nb eo b t a i n e dw i t h ' n e tg e t l o c a l s i ds e r v 0 1 ' ) S I Df o rd o m a i ns m b d o m a i n[ S 1 5 2 1 2 6 0 9 9 9 8 2 1 1 3 6 7 6 0 4 8 6 3 4 7 3 5 0 4 3 4 8 ] [ H I TE N T E R ] .u n i xp a s s w o r de n c r y p t i o n :e n c r y p t i o nu s e df o ru n i xp a s s w o r d s u n i xp a s s w o r de n c r y p t i o n( C R Y P T ,M D 5 ,S M D 5 ,S S H A ,S H A )[ S S H A ][ H I T E N T E R ] .d e f a u l tu s e rg i d N u m b e r[ 5 1 3 ][ H I TE N T E R ] .d e f a u l tc o m p u t e rg i d N u m b e r[ 5 1 5 ][ H I TE N T E R ] .d e f a u l tl o g i ns h e l l[ / b i n / s h ][ H I TE N T E R ] .d e f a u l ts k e l e t o nd i r e c t o r y[ / e t c / s k e l ][ H I TE N T E R ] .d e f a u l td o m a i nn a m et oa p p e n dt om a i la d r e s s[ ][ H I TE N T E R ] = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = U s eo fu n i n i t i a l i z e dv a l u ei nc o n c a t e n a t i o n( . )o rs t r i n ga t / u s r / l o c a l / s h a r e / e x a m p l e s / s m b l d a p t o o l s / c o n f i g u r e . p ll i n e3 1 4 , / u s r / l o c a l / e t c / s m b l d a p t o o l s / s m b l d a p . c o n f . o l d / u s r / l o c a l / e t c / s m b l d a p t o o l s / s m b l d a p _ b i n d . c o n f > / u s r / l o c a l / e t c / s m b l d a p t o o l s / s m b l d a p _ b i n d . c o n f . o l d w r i t i n gn e wc o n f i g u r a t i o nf i l e : / u s r / l o c a l / e t c / s m b l d a p t o o l s / s m b l d a p . c o n fd o n e . / u s r / l o c a l / e t c / s m b l d a p t o o l s / s m b l d a p _ b i n d . c o n fd o n e . Now we start the ldap server again

#/ u s r / l o c a l / e t c / r c . d / s l a p ds t a r t And we populate the database

#s m b l d a p p o p u l a t eu1 0 0 0 0g1 0 0 0 0r1 0 0 0 0 P o p u l a t i n gL D A Pd i r e c t o r yf o rd o m a i ns m b d o m a i n( S 1 5 2 1 2 6 0 9 9 9 8 2 1 1 3 6 7 6 0 4 8 6 3 4 7 3 5 0 4 3 4 8 ) ( u s i n gb u i l t i nd i r e c t o r ys t r u c t u r e ) a d d i n gn e we n t r y :d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :o u = P e o p l e , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :o u = C o m p u t e r s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :o u = I d m a p , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :u i d = r o o t , o u = P e o p l e , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :u i d = n o b o d y , o u = P e o p l e , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :c n = D o m a i nA d m i n s , o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :c n = D o m a i nU s e r s , o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

10/11

18/05/13

Build a Samba PDC with LDAP backend - BSD Guides

a d d i n gn e we n t r y :c n = D o m a i nG u e s t s , o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :c n = D o m a i nC o m p u t e r s , o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :c n = A d m i n i s t r a t o r s , o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :c n = A c c o u n tO p e r a t o r s , o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :c n = P r i n tO p e r a t o r s , o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :c n = B a c k u pO p e r a t o r s , o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :c n = R e p l i c a t o r s , o u = G r o u p s , d c = s m b d o m a i n , d c = l o c a l a d d i n gn e we n t r y :s a m b a D o m a i n N a m e = s m b d o m a i n , d c = s m b d o m a i n , d c = l o c a l P l e a s ep r o v i d eap a s s w o r df o rt h ed o m a i nr o o t : C h a n g i n gU N I Xa n ds a m b ap a s s w o r d sf o rr o o t N e wp a s s w o r d : R e t y p en e wp a s s w o r d : The password can be any password and does not have to be the ldap password ( very-securepassword). It is the root (administrator) password for samba. Now we need to configure winbind:

#n e tr p cj o i nSs e r v 0 1U r o o t p a s s w o r d : j o i n e dd o m a i ns m b d o m a i n For the administration of the server you can use USERMGR.exe from Microsoft. That is it!
Filed Under: Server Tagged With: FreeBSD, Samba

Speak Your Mind

Name * Email * Website

Post Comment

LEARN MORE
Privacy Terms

USEFUL STUFF
Blogarama The Blog Directory OpenBSD Journal The NetBSD Project OpenBSD The FreeBSD Project Mac OSX

META
Register Log in Entries RSS Comments RSS
Blog Directory

RETURN TO TOP OF PAGE

COPY RIGHT 2013 NEWS THEME ON GENESIS FRAMEWORK WORDPRESS LOG IN

www.bsdguides.org/2008/build-a-samba-pdc-with-ldap-backend/

11/11