[Samba] example: Samba + OpenLDAP on FreeBSD (4.7)
Hello all,
This message is simple instructions to install Samba + OpenLDAP on
FreeBSD (4.7). Hope it would help someone.
1. To keep ports update, better install cvsupit in the beginning
mis3# cd /usr/ports/net/cvsupit
mis3# make install clean
Reference: FreeBSD Unleashed (by Urban and Tiemann), p. 425
2. To use Samba + OpenLDAP with the option ldap ssl = start_tls in
smb.conf, install the three following packages in order:
mis3# cd /usr/ports/security/openssl
mis3# make install clean
mis3# cd /usr/ports/net/openldap2
mis3# make install clean
mis3# cd /usr/ports/net/samba
mis3# make install clean
(a) Create a self-signed certificate (Openssl) in order to use the
start_tls option
mis3# cd /usr/local/openssl
mis3# mkdir openldapCA; cd openldapCA
mis3# ../misc/CA.sh -newca
Answer the questions prompted. The important things to keep in mind:
(1) PEM pass phrase couldn't be too long (that's according to
experience, probably 15/16 chars. Maybe I was wrong about this point.
However, when I first set a very long password, it couldn't work.)
(2) Common name must be used as fully qualified domain name. For
example: mis3.fgs.org.tw
mis3# openssl req -new -nodes -keyout newreq.pem -out newreq.pem
mis3# ../misc/CA.sh -sign
mis3# cp demoCA/cacert.pem .
mis3# mv newcert.pem servercrt.pem
mis3# mv newreq.pem privatekey.pem
mis3# chmod 600 privatekey.pem
Reference: http://www.openldap.org/faq/data/cache/185.html
(b) Configure OpenLDAP
(1) Open /usr/local/etc/openldap/lapd.conf (OpenLDAP client config.)
with text editor
HOST mis3.fgs.org.tw
BASE dc=fgs,dc=org,dc=tw
ssl start_tls
tal_checkpeer yes # this setting seems not necessary
TLS_CACERT /usr/local/openssl/openldapCA/cacert.pem
# Note: The host name and base settings are based on your own.
(2) mis3# cp /usr/local/share/examples/samba/LDAP/samba.schema
/usr/local/etc/openldap/schema/samba.schema
copy the schema of samba
(3) Open /usr/local/etc/openldap/slapd.conf (OpenLDAP server
config.) with text editor
# Add the following include
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
# The following is for TLS
TLSCACertificateFile /usr/local/openssl/openldapCA/cacert.pem
TLSCertificateFile /usr/local/openssl/openldapCA/servercrt.pem
TLSCertificateKeyFile /usr/local/openssl/openldapCA/privatekey.pem
# The following is for password hash method
password-hash {CRYPT}
# The following is for database setting. LDBM Database is fine.
suffix dc=fgs,dc=org,dc=tw # must be consistent with
ldap suffix option in smb.conf
rootdn cn=Manager,dc=fgs,dc=org,dc=tw # must be
consistent with the ldap admin dn option in smb.conf
# cn stands for Common Name. This can be changed. For example:
cn=Admin
rootpw secret_passwd # the password is set here. I
haven't figured out how to use hash password
# So be sure this file is only accessible by root
# Add some indices
index uid pres,eq
index rid eq
# Leave ACL setting as a second-stage task. :)
(4) To make sure mis3.fgs.org.tw can be reached, better edit /etc/hosts
# Add mis3.fgs.org.tw to this lookup file
192.168.1.2 mis3.fgs.org.tw mis3 mis3.fgs.org.tw.
# IP here is based on your own.
(5) The way to start/stop OpenLDAP server
(1) Manually:
mis3# /usr/local/libexec/slapd start
mis3# /usr/local/libexec/slapd stop
(2) Start from boot
mis3# cp /usr/local/etc/rc.d/slapd.sh.sample slapd.sh
# then next time when reboot, the server will be brought up
automatically.
(6) Verify if the server works
mis3# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# You should be able to see the suffix you just defined in
slapd.conf
(c) Configure Samba
It would be much easy to use SWAT for configuration. Make sure the
service of swat is open
In file /etc/inetd.conf, uncomment the last line (which should be
related to swat)
(1) For options related to OpenLDAP
ldap server = mis3.fgs.org.tw # better keep consistent with
the common name in CA
ldap ssl = start tls
ldap port = 389 # must be 389 for start tls
ldap suffix = dc=fgs,dc=org,dc=tw
ldap admin dn = cn=Manager,dc=fgs,dc=org,dc=tw
(2) To store the password of rootdn, which is the value of rootpw
in slapd.conf, into the database for samba,
[Samba] Samba PDC+LDAP on FreeBSD
Hello, I am trying to use Samba (2.2.7a)+ LDAP (2.0.25) as PDC on FreeBSD 4.7. But it turned out that LDAP is not easy-going!!! Without LDAP, things seems fine. I can join the Win2000 machine accounts and the shares are all right. However, when configurating samba with ldap support, then smbpasswd couldn't work anymore. I can only use # smbpasswd -w secretpassword to add the password for rootdn. Nothing else. I read some articles online but very few are especially for FreeBSD. In addition, a lot of articles about samba+LDAP didn't detail about the CA certificate. I am wondering if there is anyone could help me out this problems. I think I need to know: 1. What packages/ports do I need to install? Because most papers of LDAP online I could find mentioned little about Openssl. However, as I know, it's necessary for the option ldap ssl = start_tls in Samba . Also, I didn't find any ports of nss_ldap, but nss_ldap was mentioned by all samba+LDAP combination. What's wrong with that? nss_ladp didn't support FreeBSD? Without nss_ladp, can I still achieve my goal: Samba+ LDAP as PDC? 2. Individual configuration/setting for every package. 3. How to start every service? Any response would be appreciated. Long-Sheng Jan. 22, 03 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] import_smbpasswd.pl for samba + LDAP
Thank you for you guys' replies and suggesting readings. I'll read them first then give another questions!! Long-Sheng Jan. 15, 03 At 07:22 ¤U¤È 2003/1/14 +0200, you wrote: Mandrakesecure.net
[Samba] import_smbpasswd.pl for samba + LDAP
Hello All! I am trying to follow the instructions to store Samba's Uer/Machine Account information in an LDAP Directory (Samba-LDAP-HOWTO.html). Is there anyone knowing how to run this Perl script: import_smbpasswd.pl in examples/LDAP directory? I don't know Perl. :( In addition, is there more information/tutorial of LDAP available on line? Thank you very much. Long-Sheng Jan 14. 03 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Public shares under user security level
Hello, I am wondering if under user security level, is this possible to offer a public share to anyone without username/password? I tried the following setting: [global] security = user auto services = tmp default service = defaultshare null passwords = yes [tmp] path = /tmp read only = no public = yes guest ok = yes browseable = yes [defaultshare] copy = tmp But it failed. Anything options I should modify? Or should I modify the file for the option of username map? If so, how to do it? Thanks. Long-ShengDec. 15, 02 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Uninstall Samba?
Hello, I am wondering if anyone could help me out with the following questions: 1. How to uninstall Samba? 2. How to install/upgrade/uninstall Samba from Mandrake 9.0 to the latest Samba version via source code (I noticed that MDK9 installed Samba to different places. And the document:Using Samba mentioned the file inetd.conf but I couldn't find it in MDK9.) Thanks. Long-Sheng Dec. 11, 02 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Uninstall Samba?
In fact, my situation is that I did use Mandrake Control Center or package management (RPM) to install Samba (Samba-common, Samba-docs, Samba-winbind,...) and it works. Then I downloaded the latest verion of Samba (source code) and configured it, make; make install. It looks the installation was successful except Control Center or package management in MDK9.0 didn't recognize the new Samba because it is not rpm. Besides, the environment settings in MDK9.0 are different from the instructions (no inetd.conf, for example). Now I am trying to uninstall the new Samba installed via source code. What should I do? In addition, how to install Samba so that it would set PATH automatically to run Samba command more conveniently? Thanks for reply. Long-Sheng Dec. 11, 02 At 09:02 ¤U¤È 2002/12/10 -0600, you wrote: Long-Sheng, Make note of where mandrake puts various samba files. Use rpm to uninstall samba. See rpm --help for details. Then get the latest samba source code. Untar the source, cd to the directory and see ./configure --help for details about configuring where to put various files. Then run make and make install. www.samba.org has install instructions that have more details. Thanks, Dale -Original Message- From: Long-Sheng Kuo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 8:49 PM To: [EMAIL PROTECTED] Subject: [Samba] Uninstall Samba? Hello, I am wondering if anyone could help me out with the following questions: 1. How to uninstall Samba? 2. How to install/upgrade/uninstall Samba from Mandrake 9.0 to the latest Samba version via source code (I noticed that MDK9 installed Samba to different places. And the document:Using Samba mentioned the file inetd.conf but I couldn't find it in MDK9.) Thanks. Long-Sheng Dec. 11, 02 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
