Configuring the OpenLDAP

Include in /etc/openldap/slapd.conf these lines below.

vi /etc/openldap/slapd.conf  
include       /etc/openldap/schema/cosine.schema
include       /etc/openldap/schema/inetorgperson.schema
include       /etc/openldap/schema/nis.schema
include       /etc/openldap/schema/misc.schema

Change some information about domain and password.

suffix          "dc=dongguan"
rootdn          "cn=Manager,dc=dongguan"
rootpw          secret

You MUST chage the roopw option to new password.

Creating the LDAP Base

cd /root/download
vi top.ldif
dn: dc=dongguan
dc: dongguan
objectClass: dcObject
objectClass: organizationalUnit
ou: Donggaun
service ldap stop

slapadd -v -l top.ldif

Restart the ldap server

service ldap stop
service ldap start

Installing Samba

Make sure you have installed the packages in CentOS 5.4 from “http://enterprisesamba.org

Installing the samba.schema

cp /usr/doc/samba-$VERSION/examples/LDAP/samba.schema /etc/openldap/schema

Add support for samba.schema in ldap.

vi /etc/openldap/slapd.conf
include       /etc/openldap/schema/samba.schema

Restart the OpenLDAP server.

service ldap stop
service ldap start

Configuring Samba

cd /etc/samba/
vi smb.conf
#======================= Global Settings =====================================
[global]
 workgroup = DOMAIN
 netbios name = test
 server string = Samba PDC Server
 security = user
 log file = /var/log/samba/log.%m
 max log size = 50
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 domain master = yes
 preferred master = yes
 domain logons = yes
 ##wins support = yes
 wins server = 192.168.85.22 192.168.81.1 192.168.86.1
 dns proxy = no
 logon path =
 logon home =
 logon drive =
                            
 #LDAP CONFIGURATION  
 ldap ssl            = off
 ldap delete dn      = yes
 passdb backend      = ldapsam:ldap://127.0.0.1/
 ldap admin dn       = cn=Manager,dc=dongguan,dc=local
 ldap suffix         = dc=donggaun,dc=local
 ldap group suffix   = ou=Groups
 ldap user suffix    = ou=Users
 ldap machine suffix = ou=Computers
        
 add machine script             = /usr/local/sbin/smbldap-useradd -w "%u"
 add user script                = /usr/local/sbin/smbldap-useradd -a -m "%u"
 delete user script             = /usr/local/sbin/smbldap-userdel "%u"
 add group script               = /usr/local/sbin/smbldap-groupadd -p "%g"
 delete group script            = /usr/local/sbin/smbldap-groupdel "%g"
 add user to group script       = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
 delete user from group script  = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
 set primary group script       = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
    
 #============================ Share Definitions ==============================    
 [homes]
    comment = Home Directories
    browseable = no
    writable = yes
   
 [netlogon]
    comment  = Netlogon Logon Service
    path     = /home/netlogon
    guest ok = yes
    browseable = no
   
 #[profiles]
 #   comment = Users Profile
 #   path = /home/profiles
 #   writable     = yes
 #   browseable   = no
 #   create mask  = 0600
 #   directory mask = 0700

Creating netlogon directory.

mkdir /home/netlogon

Starting Samba

After start the samba process we MUST run the below command:

 smbpasswd -w secret

secret is the passord of LDAP Dabatase.

Now we can start the samba process.

service smb start

Smbldap-tools Utility

SMBLDAP-TOOLS is a package containing some useful scripts for managing users and groups with LDAP and Samba. They can be used to add, delete, and modify users and groups.

Download the packages and the dependecies from http://dag.wieers.com

http://dag.wieers.com/rpm/packages/smbldap-tools/

Configuring smbldap-tools

vi /etc/smbldap-tools/smbldap.conf

We need to change the SID parameter, inside the smbldap.conf have instructions howto get the SID.

# Put your own SID. To obtain this number do: "net getlocalsid".
# If not defined, parameter is taking from "net getlocalsid" return
SID="S-1-5-21-612188557-877389365-4264499814"

Change the domain.

sambaDomain="PA-DOMAIN"

Disabel the TLS access to LDAP.

ldapTLS="0"

Change the suffix parameter.

suffix="dc=dongguan"

Find the below line.

sambaUnixIdPooldn="sambaDomainName=IDEALX-NT,${suffix}"

And change to:

sambaUnixIdPooldn="sambaDomainName=PA-DOMAIN,${suffix}"

Save the file.

Edit the smbldap_bind.conf

vi /etc/smbldap-tools/smbldap_bind.conf
slaveDN="cn=Manager,dc=dongguan,dc=local"
slavePw="secret" 
masterDN="cn=Manager,dc=dongguan,dc=local"
masterPw="secret"

(*) where “secret” means your Ldap password.

smbldap-tools commands

You must run the command smbldap-populate to create all basics groups.

smbldap-populate

Below have the instruction how to create a new user on LDAP Database:

smbldap-useradd -m -a USER
smbldap-passwd USER
smbldap-groupadd GROUP