分类: 系统运维
2009-09-27 10:20:34
四.Samba+ldap
接下来的工作就是让两者进行工作
这里我们使用smbldap-tools里面的configure.pl来完成我们的工作
[root@smb1 openldap]# /usr/share/doc/smbldap-tools-0.9.4/configure.pl
Use of $# is deprecated at /usr/share/doc/smbldap-tools-0.9.4/configure.pl line 314.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
smbldap-tools script configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Before starting, check
. if your samba controller is up and running.
. if the domain SID is defined (you can get it with the 'net getlocalsid')
. you can leave the configuration using the Crtl-c key combination
. empty value can be set with the "." character
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Looking for configuration files...
Samba Configuration File Path [/etc/samba/smb.conf] >
The default directory in which the smbldap configuration files are stored is shown.
If you need to change this, enter the full directory path, then press enter to continue.
Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] >
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's start configuring the smbldap-tools scripts ...
. workgroup name: name of the domain Samba act as a PDC
workgroup name [WLF] > #工作组的名字,跟samba里面的配置一样
. netbios name: netbios name of the samba controler
netbios name [smb1] > #netbios名字,也跟samba里面的配置一样
. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
logon drive [H:] >
. logon home: home directory location (for Win95/98 or NT Workstation).
(use %U as username) Ex:'\\smb1\%U'
logon home (press the "." character if you don't want homeDirectory) [\\smb1\%U] >
. logon path: directory where roaming profiles are stored. Ex:'\\smb1\profiles\%U'
logon path (press the "." character if you don't want roaming profile) [\\smb1\profiles\%U] >
. home directory prefix (use %U as username) [/home/%U] >
. default users' homeDirectory mode [700] >
. default user netlogon script (use %U as username) [logon.bat] >
default password validation time (time in days) [45] >
. ldap suffix [dc=wlf,dc=org] > #这是ldap的basedn,和slapd.conf与smb.conf中的一致
. ldap group suffix [ou=Groups] >
. ldap user suffix [ou=Users] >
. ldap machine suffix [ou=Computers] >
. Idmap suffix [ou=Idmap] >
. sambaUnixIdPooldn: object where you want to store the next uidNumber
and gidNumber available for new users and groups
sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=WLF] >
. ldap master server: IP adress or DNS name of the master (writable) ldap server
ldap master server [127.0.0.1] >
. ldap master port [389] >
. ldap master bind dn [cn=admin,dc=wlf,dc=org] >
. ldap master bind password [] >
. ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
ldap slave server [127.0.0.1] >
. ldap slave port [389] >
. ldap slave bind dn [cn=admin,dc=wlf,dc=org] >
. ldap slave bind password [] >
. ldap tls support (1/0) [0] >
. SID for domain WLF: SID of the domain (can be obtained with 'net getlocalsid smb1')
SID for domain WLF [S-1-5-21-1266335732-2591488235-3663481555] >
. unix password encryption: encryption used for unix passwords
unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] >
. default user gidNumber [513] >
. default computer gidNumber [515] >
. default login shell [/bin/bash] >
. default skeleton directory [/etc/skel] >
. default domain name to append to mail adress [] > wlf.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Use of uninitialized value in concatenation (.) or string at /usr/share/doc/smbldap-tools-0.9.4/configure.pl line 314,
backup old configuration files:
/etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
/etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
writing new configuration file:
/etc/smbldap-tools/smbldap.conf done.
/etc/smbldap-tools/smbldap_bind.conf done.
正常结束之后,我们就可以用smbldap-populate来汇入samba所用到的一些组,用户等对象。
[root@smb1 openldap]# smbldap-populate
Populating LDAP directory for domain WLF (S-1-5-21-1266335732-2591488235-3663481555)
(using builtin directory structure)
adding new entry: dc=wlf,dc=org
adding new entry: ou=Users,dc=wlf,dc=org
adding new entry: ou=Groups,dc=wlf,dc=org
adding new entry: ou=Computers,dc=wlf,dc=org
adding new entry: ou=Idmap,dc=wlf,dc=org
adding new entry: uid=root,ou=Users,dc=wlf,dc=org
adding new entry: uid=nobody,ou=Users,dc=wlf,dc=org
adding new entry: cn=Domain Admins,ou=Groups,dc=wlf,dc=org
adding new entry: cn=Domain Users,ou=Groups,dc=wlf,dc=org
adding new entry: cn=Domain Guests,ou=Groups,dc=wlf,dc=org
adding new entry: cn=Domain Computers,ou=Groups,dc=wlf,dc=org
adding new entry: cn=Administrators,ou=Groups,dc=wlf,dc=org
adding new entry: cn=Account Operators,ou=Groups,dc=wlf,dc=org
adding new entry: cn=Print Operators,ou=Groups,dc=wlf,dc=org
adding new entry: cn=Backup Operators,ou=Groups,dc=wlf,dc=org
adding new entry: cn=Replicators,ou=Groups,dc=wlf,dc=org
adding new entry: sambaDomainName=WLF,dc=wlf,dc=org
Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:
[root@smb1 openldap]#
出现上述提示表示一切结果正常。
然后我们还需要做一小步,使用smbpasswd 来添加一个ldap的管理员密码到secret.tdb中
smbpasswd -w password
最后,修改/etc/hosts档,将自己的机器名和ip地址添加一hosts档中
192.168.253.51 smb1.wlf.org smb1 #这是我们添加的行。
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
在安装完后,并且服务器都启动后,我们可以用smbclient来验证一下是否一切正常
[root@smb1 openldap]# smbclient -L localhost -U root
Password:
Domain=[WLF] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
Sharename Type Comment
--------- ---- -------
public Disk
IPC$ IPC IPC Service (Samba Server 3.0.33-3.7.el5)
root Disk Home Directories
Domain=[WLF] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
Server Comment
--------- -------
SMB1 Samba Server 3.0.33-3.7.el5
Workgroup Master
--------- -------
MSHOME CHINA-3414AD3A5
WLF SMB1
[root@smb1 openldap]#
如果能出现以上提示,就表示一切正常。
