Linux、Python爱好者,推广者。
分类: LINUX
2009-05-09 17:07:02
系统AS4.1
所需软件:openldap、samba、phpldapadmin-
安装好openldap、samba(见配置文件)
[root@pdc samba]# grep -v "#" smb.conf |grep -v ";"|uniq
[global]
workgroup = ldap.com
netbios name = pdc
server string = Samba Server %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
os level = 64
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = "cn=root,dc=ldap,dc=com"
ldap suffix = dc=ldap,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -a '%u'
delete user script = /usr/local/sbin/smbldap-userdel '%u'
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u''%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
log file = /var/log/samba/%m.log
log level = 2
max log size = 50
security = user
encrypt passwords = yes
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
preferred master = yes
domain master = yes
domain logons = yes
logon drive = H:
unix charset = cp936
[homes]
comment = Home Directories
browseable = no
writable = yes
[profiles]
path = /home/samba/profiles
writable = yes
browseable = no
create mask = 0600
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
read only = yes
browseable = no
write list= root
[share]
comment=Share
path=/home/samba/share
guest ok=yes
browseable=yes
writable = yes
create mask=0644
[root@pdc openldap]# grep -v "#" slapd.conf |uniq
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/radius.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix "dc=ldap,dc=com"
rootdn "cn=root,dc=ldap,dc=com"
rootpw 123
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
loglevel 1
access to attrs=shadowLastChange,userPassword
by self write
by * auth
access to dn.base="dc=ldap,dc=com"
by dn="uid=samba,ou=Users,dc=ldap,dc=com" write
by * none
access to dn="ou=Users,dc=ldap,dc=com"
by dn="uid=samba,ou=Users,dc=ldap,dc=com" write
by * none
access to dn="ou=Groups,dc=ldap,dc=com"
by dn="uid=samba,ou=Users,dc=ldap,dc=com" write
by * none
access to *
by self read
by * read
安装smbldap-tools-
Tar zxvf smbldap-tools-
Cd smbldap-tools-
安装时需要Perl 模块:Crypt::SmbHash、Digest::SHA1、IO::Socket::SSL、Net::SSLeay去这里搜索,这些远远不够,一会执行脚本是会提示缺少很多perl的软件包,都到这个网站里找。
Cd /usr/local/sbin
编辑smbldap_tools.pm这个文件,按照你的需要设置一下变量:
my $smbldap_conf="/etc/smbldap-tools/smbldap.conf";
my $smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf";
执行configure.pl这个脚本,大部分都是回车。
但SID for domain LDAP.COM: SID of the domain (can be obtained with 'net getlocalsid PDC')
要求SID时默认没有列出,这时需要执行net getlocalsid PDC这个命令才能获得,并复制过来,第一次执行时没有获得SID,这时把/etc/samba/secrets.tdb文件删掉,再重新生成smbpasswd –w 123
当上面都完成后执行smbldap-populate这个脚本,在这里出现了很多错误,根据提示去上面网站下载perl的软件包,每个软件解压之后进入解压目录执行perl Makefile.PL
make install
smbldap-populate 可能提示您输入域管理员的密码,域管理员在默认情况下称为 root。给这个用户设置的密码应该不同于slapd.conf中使用的 rootdn 密码,也不同于 Linux 机器的 root 用户密码。
使用 smbldap-useradd命令创建域帐户,smbldap-passwd这个命令设置域帐户密码。
smbldap-useradd –a –g “Domain Users” user1
smbldap-passwd user1
这时使用通过web使用phpldapadmin就可以查看新创建的用户user1,把windowsXP/2003加入域中,就可以使用user1用户登录了。
参考网站:https://www6.software.ibm.com/developerworks/cn/education/linux/l-ldapsamba/section4.html
Perl包下载:~dankogai/Jcode-2.07/Jcode.pm
