Here's what I've done so far:
1. Installed everything via RPMS: [EMAIL PROTECTED] root]# rpm -qa | grep openldap openldap-2.1.29-1 openldap-clients-2.1.29-1 openldap-servers-2.1.29-1 openldap-devel-2.1.29-1 [EMAIL PROTECTED] root]# rpm -qa | grep samba samba-3.0.3-5 samba-client-3.0.3-5 samba-common-3.0.3-5 samba-swat-3.0.3-5 [EMAIL PROTECTED] root]# rpm -qa | grep smbldap smbldap-tools-0.8.4-1.1.fc2.dag [EMAIL PROTECTED] root]#
2. Made my SSL certificates and put them in /var/ssl.
3. Made my slapd.conf: --- Start slapd.conf --- include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema
allow bind_v2
passwd-hash {SSHA]
pidfile /var/run/slapd.pid
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /var/ssl/cacert.pem TLSCertificateFile /var/ssl/ldapcrt.pem TLSCertificateKeyFile /var/ssl/ldapkey.pem TLSVerifyClient 0
security ssf=1 update_ssf=112 simple_bind=64
access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=userPassword by dn="cn=Manager,dc=soil,dc=ncsu,dc=edu" write by self write by * auth access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=mail by dn="cn=Manager,dc=soil,dc=ncsu,dc=edu" write by self write by * auth access to dn=".*,ou=People,dc=soil,dc=ncsu,dc=edu" by * read access to dn=".*,dc=soil,dc=ncsu,dc=edu" by self write by * read
database ldbm suffix "dc=soil,dc=ncsu,dc=edu" rootdn "cn=Manager,dc=soil,dc=ncsu,dc=edu" rootpw _thepassword_
directory /var/lib/ldap
index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial --- End slapd.conf ---
4. Made the smb.conf: --- Start smb.conf --- [global]
; Basic server settings workgroup = testdomain netbios name = smbtest server string = Samba Server %v security = user allow trusted domains = yes
log level = 0 log file = /var/log/samba/log.%m max log size = 50
domain logons = Yes os level = 65 local master = yes domain master = yes preferred master = yes encrypt passwords = yes
passwd program = /usr/local/sbin/smbldap-passwd %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* unix password sync = yes
; User and Machine Account Backends ldap ssl = start_tls passdb backend = ldapsam:ldap://smbtest.soil.ncsu.edu:389 ldap suffix = dc=soil,dc=ncsu,dc=edu ldap admin dn = cn=Manager,dc=soil,dc=ncsu,dc=edu ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers admin users = administrator
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; where to store user profiles logon home = logon path =
ldap delete dn = Yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
[netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon read only = yes write list = dom_admins
[Homes] username = tfugere writeable = Yes force create mode = 0770 force directory mode = 02770 browseable = No --- End smb.conf ---
5. Made my smbldap*.conf: --- Start smbldap.conf --- UID_START="1000" GID_START="1000" SID="S-1-5-21-2625200706-2048882972-3065312840" slaveLDAP="smbtest.soil.ncsu.edu" slavePort="389" masterLDAP="smbtest.soil.ncsu.edu" masterPort="389" ldapTLS="1" verify="require" cafile="/var/ssl/cacert.pem" clientcert="/var/ssl/ldapcrt.pem" clientkey="/var/ssl/ldapkey.pem" suffix="dc=soil,dc=ncsu,dc=edu" usersdn="ou=People,dc=soil,dc=ncsu,dc=edu" computersdn="ou=Computers,dc=soil,dc=ncsu,dc=edu" groupsdn="ou=Groups,dc=soil,dc=ncsu,dc=edu" scope="sub" hash_encrypt="SSHA" userLoginShell="/bin/bash" userHomePrefix="/home/" userGecos="System User" defaultUserGid="513" defaultComputerGid="553" skeletonDir="/etc/skel" defaultMaxPasswordAge="45" userSmbHome="" userProfile="" userHomeDrive="logondrive" userScript="" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" mk_ntpasswd="/usr/sbin/mkntpwd" --- End smbldap.conf --- --- Begin smbldap_bind.conf --- slaveDN="cn=Manager,dc=soil,dc=ncsu,dc=edu" slavePw="_hidden_" masterDN="cn=Manager,dc=soil,dc=ncsu,dc=edu" masterPw="_hidden_" --- End smbldap_bind.conf ---
6. Started up the services: /etc/init.d/ldap start /etc/init.d/smb start
7. Set the root password: smbpasswd -w _thepassword_
8. Put in some test data: http://www.soil.ncsu.edu/tony_temp/smbtest.ldif
9. Did a search on the LDAP DB:
ldapsearch -x -Z -D 'cn=Manager,dc=soil,dc=ncsu,dc=edu' -b 'dc=soil,dc=ncsu,dc=edu' -W '(objectclass=*)'
Results: http://www.soil.ncsu.edu/tony_temp/ldapsearch.out
10. Set the root user password: smbldap-passwd root
11. Changed the local security policy on the Windows XP machine:
Domain member: Digitally encrypt or sign secure data channel (always) Disabled
Domain member: Digitally encrypt secure data channel (when possible) Disabled
Domain member: Digitally sign secure data channel (when possible) Disabled
12. Tried to join the domain through a Windows XP machine and got this error when using root user:
The following error occurred when attempting to join the domain "testdomain":
The user name could not be found.
13. Tried to navigate to the domain via my network places and was successful.
-- Tony Fugere [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba