[Samba] example: Samba + OpenLDAP on FreeBSD (4.7)
Hello all, This message is simple instructions to install Samba + OpenLDAP on FreeBSD (4.7). Hope it would help someone. 1. To keep ports update, better install cvsupit in the beginning mis3# cd /usr/ports/net/cvsupit mis3# make install clean Reference: FreeBSD Unleashed (by Urban and Tiemann), p. 425 2. To use Samba + OpenLDAP with the option ldap ssl = start_tls in smb.conf, install the three following packages in order: mis3# cd /usr/ports/security/openssl mis3# make install clean mis3# cd /usr/ports/net/openldap2 mis3# make install clean mis3# cd /usr/ports/net/samba mis3# make install clean (a) Create a self-signed certificate (Openssl) in order to use the start_tls option mis3# cd /usr/local/openssl mis3# mkdir openldapCA; cd openldapCA mis3# ../misc/CA.sh -newca Answer the questions prompted. The important things to keep in mind: (1) PEM pass phrase couldn't be too long (that's according to experience, probably 15/16 chars. Maybe I was wrong about this point. However, when I first set a very long password, it couldn't work.) (2) Common name must be used as fully qualified domain name. For example: mis3.fgs.org.tw mis3# openssl req -new -nodes -keyout newreq.pem -out newreq.pem mis3# ../misc/CA.sh -sign mis3# cp demoCA/cacert.pem . mis3# mv newcert.pem servercrt.pem mis3# mv newreq.pem privatekey.pem mis3# chmod 600 privatekey.pem Reference: http://www.openldap.org/faq/data/cache/185.html (b) Configure OpenLDAP (1) Open /usr/local/etc/openldap/lapd.conf (OpenLDAP client config.) with text editor HOST mis3.fgs.org.tw BASE dc=fgs,dc=org,dc=tw ssl start_tls tal_checkpeer yes # this setting seems not necessary TLS_CACERT /usr/local/openssl/openldapCA/cacert.pem # Note: The host name and base settings are based on your own. (2) mis3# cp /usr/local/share/examples/samba/LDAP/samba.schema /usr/local/etc/openldap/schema/samba.schema copy the schema of samba (3) Open /usr/local/etc/openldap/slapd.conf (OpenLDAP server config.) with text editor # Add the following include include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema # The following is for TLS TLSCACertificateFile /usr/local/openssl/openldapCA/cacert.pem TLSCertificateFile /usr/local/openssl/openldapCA/servercrt.pem TLSCertificateKeyFile /usr/local/openssl/openldapCA/privatekey.pem # The following is for password hash method password-hash {CRYPT} # The following is for database setting. LDBM Database is fine. suffix dc=fgs,dc=org,dc=tw # must be consistent with ldap suffix option in smb.conf rootdn cn=Manager,dc=fgs,dc=org,dc=tw # must be consistent with the ldap admin dn option in smb.conf # cn stands for Common Name. This can be changed. For example: cn=Admin rootpw secret_passwd # the password is set here. I haven't figured out how to use hash password # So be sure this file is only accessible by root # Add some indices index uid pres,eq index rid eq # Leave ACL setting as a second-stage task. :) (4) To make sure mis3.fgs.org.tw can be reached, better edit /etc/hosts # Add mis3.fgs.org.tw to this lookup file 192.168.1.2 mis3.fgs.org.tw mis3 mis3.fgs.org.tw. # IP here is based on your own. (5) The way to start/stop OpenLDAP server (1) Manually: mis3# /usr/local/libexec/slapd start mis3# /usr/local/libexec/slapd stop (2) Start from boot mis3# cp /usr/local/etc/rc.d/slapd.sh.sample slapd.sh # then next time when reboot, the server will be brought up automatically. (6) Verify if the server works mis3# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts # You should be able to see the suffix you just defined in slapd.conf (c) Configure Samba It would be much easy to use SWAT for configuration. Make sure the service of swat is open In file /etc/inetd.conf, uncomment the last line (which should be related to swat) (1) For options related to OpenLDAP ldap server = mis3.fgs.org.tw # better keep consistent with the common name in CA ldap ssl = start tls ldap port = 389 # must be 389 for start tls ldap suffix = dc=fgs,dc=org,dc=tw ldap admin dn = cn=Manager,dc=fgs,dc=org,dc=tw (2) To store the password of rootdn, which is the value of rootpw in slapd.conf, into the database for samba,
[Samba] Samba PDC+LDAP on FreeBSD
Hello, I am trying to use Samba (2.2.7a)+ LDAP (2.0.25) as PDC on FreeBSD 4.7. But it turned out that LDAP is not easy-going!!! Without LDAP, things seems fine. I can join the Win2000 machine accounts and the shares are all right. However, when configurating samba with ldap support, then smbpasswd couldn't work anymore. I can only use # smbpasswd -w secretpassword to add the password for rootdn. Nothing else. I read some articles online but very few are especially for FreeBSD. In addition, a lot of articles about samba+LDAP didn't detail about the CA certificate. I am wondering if there is anyone could help me out this problems. I think I need to know: 1. What packages/ports do I need to install? Because most papers of LDAP online I could find mentioned little about Openssl. However, as I know, it's necessary for the option ldap ssl = start_tls in Samba . Also, I didn't find any ports of nss_ldap, but nss_ldap was mentioned by all samba+LDAP combination. What's wrong with that? nss_ladp didn't support FreeBSD? Without nss_ladp, can I still achieve my goal: Samba+ LDAP as PDC? 2. Individual configuration/setting for every package. 3. How to start every service? Any response would be appreciated. Long-Sheng Jan. 22, 03 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] import_smbpasswd.pl for samba + LDAP
Thank you for you guys' replies and suggesting readings. I'll read them first then give another questions!! Long-Sheng Jan. 15, 03 At 07:22 ¤U¤È 2003/1/14 +0200, you wrote: Mandrakesecure.net
[Samba] import_smbpasswd.pl for samba + LDAP
Hello All! I am trying to follow the instructions to store Samba's Uer/Machine Account information in an LDAP Directory (Samba-LDAP-HOWTO.html). Is there anyone knowing how to run this Perl script: import_smbpasswd.pl in examples/LDAP directory? I don't know Perl. :( In addition, is there more information/tutorial of LDAP available on line? Thank you very much. Long-Sheng Jan 14. 03 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Public shares under user security level
Hello, I am wondering if under user security level, is this possible to offer a public share to anyone without username/password? I tried the following setting: [global] security = user auto services = tmp default service = defaultshare null passwords = yes [tmp] path = /tmp read only = no public = yes guest ok = yes browseable = yes [defaultshare] copy = tmp But it failed. Anything options I should modify? Or should I modify the file for the option of username map? If so, how to do it? Thanks. Long-ShengDec. 15, 02 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Uninstall Samba?
Hello, I am wondering if anyone could help me out with the following questions: 1. How to uninstall Samba? 2. How to install/upgrade/uninstall Samba from Mandrake 9.0 to the latest Samba version via source code (I noticed that MDK9 installed Samba to different places. And the document:Using Samba mentioned the file inetd.conf but I couldn't find it in MDK9.) Thanks. Long-Sheng Dec. 11, 02 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Uninstall Samba?
In fact, my situation is that I did use Mandrake Control Center or package management (RPM) to install Samba (Samba-common, Samba-docs, Samba-winbind,...) and it works. Then I downloaded the latest verion of Samba (source code) and configured it, make; make install. It looks the installation was successful except Control Center or package management in MDK9.0 didn't recognize the new Samba because it is not rpm. Besides, the environment settings in MDK9.0 are different from the instructions (no inetd.conf, for example). Now I am trying to uninstall the new Samba installed via source code. What should I do? In addition, how to install Samba so that it would set PATH automatically to run Samba command more conveniently? Thanks for reply. Long-Sheng Dec. 11, 02 At 09:02 ¤U¤È 2002/12/10 -0600, you wrote: Long-Sheng, Make note of where mandrake puts various samba files. Use rpm to uninstall samba. See rpm --help for details. Then get the latest samba source code. Untar the source, cd to the directory and see ./configure --help for details about configuring where to put various files. Then run make and make install. www.samba.org has install instructions that have more details. Thanks, Dale -Original Message- From: Long-Sheng Kuo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 8:49 PM To: [EMAIL PROTECTED] Subject: [Samba] Uninstall Samba? Hello, I am wondering if anyone could help me out with the following questions: 1. How to uninstall Samba? 2. How to install/upgrade/uninstall Samba from Mandrake 9.0 to the latest Samba version via source code (I noticed that MDK9 installed Samba to different places. And the document:Using Samba mentioned the file inetd.conf but I couldn't find it in MDK9.) Thanks. Long-Sheng Dec. 11, 02 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba