Agosto « 2009 « Jhony Maseto

Base Ldap + Domínio Samba

21 21UTC Agosto 21UTC 2009

Recentemente tivemos que criar um novo servidor de LDAP aqui para a empresa, segue os passos utilizados:

Versões dos pacotes:

CentOS release 5.2 (Final) 2.6.18-92.el5

Nota: Habilitar o repo centos-plus e atualizar o so.

samba-common-3.0.28-1.el5_2.1

samba-client-3.0.28-1.el5_2.1

samba-3.0.28-1.el5_2.1

Para instalar o pacote smbldap-tools-0.9.4-1.el5.rf executar o abaixo:

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Criar o usuário ldap antes de instalar os rpms.

nss_ldap-253-12.el5

python-ldap-2.2.0-2.1

openldap-clients-2.3.27-8.el5_2.4

smbldap-tools-0.9.5-1.el5.rf

openldap-2.3.27-8.el5_2.4

openldap-servers-2.3.27-8.el5_2.4

Não instalar -> cyrus-sasl-ldap-2.1.22-4

php-ldap-5.1.6-20.el5_2.1

openldap-devel-2.3.27-8.el5_2.4

php

apache

phpldapadmin-1.1.0.6.tar.gz

##################

Editar o arquivo /etc/ldap.conf:

host 127.0.0.1

base o=empresa

ssl no

tls_cacertdir /etc/openldap/cacerts

pam_password md5

##################

Criar arquivo /etc/ldap.secret com mode 600 com a senha do manager do ldap.

#################

Editar o arquivo /etc/samba/smb.conf:

workgroup = [nome do domínio]

server string = Samba Server

netbios name = MYSERVER

Comentar a linha:

; passdb backend = tdbsam

Descomentar as linhas:

domain master = yes

domain logons = yes

preferred master = yes

add user script = /usr/sbin/useradd “%u” -n -g users

add group script = /usr/sbin/groupadd “%g”

add machine script = /usr/sbin/useradd -n -c “Workstation (%u)” -M -d /nohome -s /bin/false “%u”

delete user script = /usr/sbin/userdel “%u”

delete user from group script = /usr/sbin/userdel “%u” “%g”

delete group script = /usr/sbin/groupdel “%g”

passdb backend = ldapsam:ldap://127.0.0.1

ldap admin dn = “cn=manager, o=empresa”

ldap group suffix = ou=Group

ldap user suffix = ou=People

ldap machine suffix = ou=Hosts

ldap suffix = o=empresa

ldap ssl= off

idmap uid = 16777216-33554431

idmap gid = 16777216-33554431

wins support = yes

################

Executar o comando smbpasswd -w senha do manager do ldap

Editar o arquivo /etc/smbldap-tools/smbldap_bind.conf:

slaveDN=”cn=manager,o=empresa”

slavePw=”senhadomanager”

masterDN=”cn=manager,o=empresa”

masterPw=”senhadomanager”

###################

Executar os comandos:

cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

chown ldap. /var/lib/ldap/DB_CONFIG

cp /usr/share/doc/samba-3.0.28/LDAP/samba.schema /etc/openldap/schema/

###################

Editar o arquivo /etc/openldap/slapd.conf:

Incluir os schemas adicionais necessários:

include /etc/openldap/schema/samba.schema

suffix “o=empresa”

rootdn “cn=manager,o=empresa”

rootpw {SSHA}KOllLHHyDoeyY0IEdqy18v/BH+4bB2Lt (gerar a senha com o comando slappasswd)

##########################

Editar o arquivo /etc/smbldap-tools/smbldap.conf:

Executar “net getlocalsid” e inserir o SID resultante em SID=

sambaDomain=”nomedodominionosamba”

slaveLDAP=”127.0.0.1″ (alterar para o ip do ldap)

masterLDAP=”127.0.0.1″ (alterar para o ip do ldap)

suffix=”o=empresa

“ldapTLS=”0″

usersdn=”ou=People,o=empresa”

computersdn=”ou=Hosts,o=empresa”

groupsdn=”ou=Groups,o=empresa”

idmapdn=”ou=Idmap,o=empresa”

sambaUnixIdPooldn=”cn=NextFreeUnixId,o=empresa” (depende da estrutura do LDAP)

userLoginShell=”/bin/false”

defaultUserGid=”65535″ (configurar para o grupo primário do usuário padrão)

defaultMaxPasswordAge=”99″ (desabilitar expiração de senhas)

userSmbHome=”"

userProfile=”"

userScript=”%U.bat”

mailDomain=”empresa.com.br”

######################

Executar o comando service ldap start.

######################

Editar o arquivo /etc/nsswitch.conf:

passwd: files ldap

shadow: files ldap

group: files ldap

####################

Descompactar o arquivo phpldapadmin-1.1.0.6.tar.gz na pasta /var/www/html.

####################

Editar o arquivo config.php com os dados do ip do servidor LDAP.

Inserir no arquivo /var/lib/ldap/DB_CONFIG as linhas abaixo:

### INICIO ARQUIVO DB_CONFIG ###

# Define o tamanho do arquivo de cache.

set_cachesize 0 52428800 0

#### Set database flags ####

# Remove automaticamente arquivos de logs.
set_flags DB_LOG_AUTOREMOVE

# Setando valores dos LOGS

set_lg_regionmax 262144
set_lg_max 10485760
set_lg_bsize 2097152
set_lg_dir /var/lib/ldap/
# Increase locks
set_lk_max_locks 3000
set_lk_max_objects 1500
set_lk_max_lockers 1500

### FIM ARQUIVO DB_CONFIG ###

rodar smbldap-populate para popular a base com os atributos necessários para o domínio.

Espero que ajude.

Deixar um comentário » | Linux | Link Permanente
Escrito por jhony

Jhony Maseto

Base Ldap + Domínio Samba

Tópicos recentes

Categorias

Link's

Arquivos