| Subcribe via RSS

Integrando LDAP e SAMBA

agosto 30th, 2010 Posted in Geral


Depois de configurado nosso servidor de autenticação LDAP, podemos integra-lo com o SAMBA de forma que os usuários do domínio possam ser autenticados pelo serviço de diretórios.

A primeira coisa a ser feita é configurar o smbldap.conf, vamos deixá-lo conforme o exemplo:

# net getlocalsid ALLIANCE3
SID for domain ALLIANCE3 is: XXXXXXXXXXXXXXXXXXXXXXXXXXXX

# vim /etc/smbldap-tools/smbldap.conf
SID=”S-1-5-21-3808036868-373539997-2379057846″
sambaDomain=”ALLIANCE3″
slaveLDAP=”127.0.0.1″
slavePort=”389″
masterLDAP=”127.0.0.1″
masterPort=”389″
suffix=”dc=alliance3,dc=net”
usersdn=”ou=Users,${suffix}”
computersdn=”ou=Computers,${suffix}”
groupsdn=”ou=Groups,${suffix}”
idmapdn=”ou=Idmap,${suffix}”
sambaUnixIdPooldn=”sambaDomainName=${sambaDomain},${suffix}”
scope=”sub”
hash_encrypt=”SSHA”
crypt_salt_format=”%s”
userLoginShell=”/bin/bash”
userHome=”/home/%U”
userHomeDirectoryMode=”700″
userGecos=”System User”
defaultUserGid=”513″
defaultComputerGid=”515″
skeletonDir=”/etc/skel”
defaultMaxPasswordAge=”45″
userSmbHome=”\\PDC-SRV\%U”
userProfile=”\\PDC-SRV\profiles\%U”
userHomeDrive=”H:”
userScript=”logon.bat”
mailDomain=”iallanis.info”
with_smbpasswd=”0″
smbpasswd=”/usr/bin/smbpasswd”
with_slappasswd=”0″
slappasswd=”/usr/sbin/slappasswd”

Com este SID editamos o smbldap.conf.

# vim /etc/smbldap-tools/smbldap.conf
SID=”XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”
sambaDomain=”ALLIANCE3″
slaveLDAP=”127.0.0.1″
slavePort=”389″
masterLDAP=”127.0.0.1″
masterPort=”389″
suffix=”dc=alliance3,dc=net”
usersdn=”ou=Users,${suffix}”
computersdn=”ou=Computers,${suffix}”
groupsdn=”ou=Groups,${suffix}”
idmapdn=”ou=Idmap,${suffix}”
sambaUnixIdPooldn=”sambaDomainName=${sambaDomain},${suffix}”
scope=”sub”
hash_encrypt=”SSHA”
crypt_salt_format=”%s”
userLoginShell=”/bin/bash”
userHome=”/home/%U”
userHomeDirectoryMode=”700″
userGecos=”System User”
defaultUserGid=”513″
defaultComputerGid=”515″
skeletonDir=”/etc/skel”
defaultMaxPasswordAge=”45″
userSmbHome=”\\PDC-SRV\%U”
userProfile=”\\PDC-SRV\profiles\%U”
userHomeDrive=”H:”
userScript=”logon.bat”
mailDomain=”iallanis.info”
with_smbpasswd=”0″
smbpasswd=”/usr/bin/smbpasswd”
with_slappasswd=”0″
slappasswd=”/usr/sbin/slappasswd”

Precisamos editar o arquivo smbldap_bind.conf

# vim /etc/smbldap-tools/smbldap_bind.conf
slaveDN=”cn=root,dc=alliance3,dc=net”
slavePw=”alliance”
masterDN=”cn=root,dc=alliance3,dc=net”
masterPw=”alliance”

Agora, podemos configurar o SAMBA.

# vim /etc/samba/smb.conf
[global]
workgroup = alliance3
server string = Servidor de alliance
netbios name =server
printcap name = /etc/printcap
load printers = yes
printing = lprng
logon script = %G.bat
guest account=nobody
log file = /var/log/samba/log.%m
max log size = 50
security = user
encrypt passwords=yes
smb passwd file=/etc/samba/smbpasswd
passwd program=/usr/bin/passwd %u
passwd chat = *New*password* %n *Retype*new*password* %n *passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
wins proxy = yes
dns proxy = yes
time server = yes
ldap ssl = no
nt acl support = yes
# Na linha abaixo especifique o IP do servidor Slapd
passdb backend = ldapsam:ldap://127.0.0.1
ldap passwd sync = yes
ldap delete dn = Yes
# Especifique o seu dominio
ldap admin dn = cn=root,dc=alliance3,dc=net
ldap suffix = dc=alliance3,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
# Novamente o IP do servidor Slapd
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
# Nas linhas abaixo sao necessarias para especificar corretamente a path dos
# utilitários para gerenciamento de usuarios e grupos para samba+ldap
# estes utilitarios sao do pacote smbldap-tools
add user script = /usr/sbin/smbldap-useradd -m “%u”
delete user script = /usr/sbin/smbldap-userdel “%u”
add group script = /usr/sbin/smbldap-groupadd -p “%g”
delete group script = /usr/sbin/smbldap-groupdel “%g”
add user to group script = /usr/sbin/smbldap-groupmod -m “%u” “%g”
delete user from group script = /usr/sbin/smbldap-groupmod -x “%u” “%g”
set primary group script = /usr/sbin/smbldap-usermod -g “%g” “%u”
add machine script = /usr/sbin/smbldap-useradd -w “%u”
interfaces = 172.16.254.252/24
bind interfaces only = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE

 

Agora podemos iniciar tudo.

# /etc/init.d/smb restart
# /etc/init.d/ldap restart

 

Vamos criar a senha do administrador e povoar a base LDAP.

smbpasswd -w alliance
# smbldap-populate

 

Pronto. Depois desse ponto todos os usuários devem ser gerenciados através do LDAP pois sua base SAMBA não será mais utilizada.
Bom, é isso, espero que vocês aproveitem.

Tags: ,
This entry was posted on segunda-feira, agosto 30th, 2010 at 9:36 and is filed under Geral. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Get Adobe Flash playerPlugin by wpburn.com wordpress themes
Monetizado com WP-HOTWords.