Pagine

Linux - Dominio Samba - 7/7 - Backup Domain Controller

yum --enablerepo=epel -y install smbldap-tools # install from EPEL

mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf

vi /etc/samba/smb.conf


# line 3: cambiare il workgroup
workgroup = INSTYLE


# line 12: commentarla

# min passwd length = 3

# line 22: cambiarla
ldap passwd sync = yes

# line 33,34: cambiarla
Dos charset = CP932
Unix charset = UTF-8

# line 42: change (sezione differente dal PDC)
Domain master = No


# line 47: change (LDAP server's IP address - differente dal PDC)
passdb backend = ldapsam:ldap://10.0.0.100/


# line 48: cambiare LDAP admin DN (LDAP server's one)

passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=instyle,dc=locale


# line 50: cambiare il suffisso LDAP (LDAP server's one)
ldap suffix = dc=instyle,dc=locale
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Hosts


# line 60: scommentare
delete group script = /usr/sbin/smbldap-groupdel "%g"

# line 64: aggiungere (specificando l'utente admin)
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
admin users = admin


mkdir /home/netlogon

etc/rc.d/init.d/smb restart


smbpasswd -W # aggiunge LDAP password admin

Setting stored password for "cn=Manager,dc=instyle,dc=locale" in secrets.tdb
New SMB password: # LDAP admin password
Retype new SMB password:

net rpc getsid # per ottenere il  SID nel PDC

Password: # admin password

Could not connect to server PDC-SRV  # nessun ploblema

The username or password was not correct. Storing SID S-1-5-21-2328488880-970186277-34454547544 for Domain INSTYLELOCALE in secrets.tdb   # Ricordarsi questo numero


/usr/share/doc/smbldap-tools-*/configure.pl

Use of $# is deprecated at /usr/share/doc/smbldap-tools-0.9.4/configure.pl line 314.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
smbldap-tools script configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Before starting, check
. if your samba controller is up and running.
. if the domain SID is defined (you can get it with the 'net getlocalsid')
. you can leave the configuration using the Crtl-c key combination
. empty value can be set with the "." character
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Looking for configuration files...
Samba Configuration File Path [/etc/samba/smb.conf] > # Invio


The default directory in which the smbldap configuration files are stored is shown. If you need to change this, enter the full directory path, then press enter to continue. Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] >   # Invio

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's start configuring the smbldap-tools scripts ...

. workgroup name: name of the domain Samba act as a PDC
workgroup name [InstyleLocale] > # Invio
. netbios name: netbios name of the samba controler
netbios name [PDC-SRV] > # Invio
. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
logon drive [H:] > # Invio
. logon home: home directory location (for Win95/98 or NT Workstation).
(use %U as username) Ex:'\\PDC-SRV\%U'
logon home (press the "." character if you don't want homeDirectory) [\\PDC-SRV\%U] > . # inserire un punto

. logon path: directory where roaming profiles are stored. Ex:'\\PDC-SRV\profiles\%U'
logon path (press the "." character if you don't want roaming profile) [\\PDC-SRV\profiles\%U] > . # inserire un punto
. home directory prefix (use %U as username) [/home/%U] > # Invio
. default users' homeDirectory mode [700] > # Invio
. default user netlogon script (use %U as username) [logon.bat] >   # Invio
default password validation time (time in days) [45] > # Invio
. ldap suffix [dc=instyle,dc=locale] > # Invio
. ldap group suffix [ou=Group] > # Invio
. ldap user suffix [ou=People] > # Invio
. ldap machine suffix [ou=Computers] > # Invio
. Idmap suffix [ou=Idmap] > # Invio
. sambaUnixIdPooldn: object where you want to store the next uidNumber and gidNumber available for new users and groups
sambaUnixIdPooldn object (relative to ) [sambaDomainName=InstyleLocale] >  # Invio
. ldap master server: IP adress or DNS name of the master (writable) ldap server ldap master server  [10.0.0.100] > # Invio

. ldap master port [389] > # Invio
. ldap master bind dn [cn=Manager,dc=instyle,dc=locale] >   # Invio
. ldap master bind password [] > # Invio
. ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one ldap slave server [10.0.0.100] >
# specificare l'ip del server secondario LDAP (Enter with empy if none)

. ldap slave port [389] > # Invio
. ldap slave bind dn [cn=Manager,dc=instyle,dc=locale] > # Invio
. ldap slave bind password [] > # Input if there is, if not input the same one with master
. ldap tls support (1/0) [0] > # Invio

. SID for domain INSTYLELOCALE: SID of the domain (can be obtained with 'net getlocalsid PDC-SRV')
SID for domain INSTYLELOCALE[S-1-5-21-1408951518-2773026720-1935188473] > S-1-5-21-2328488880-970186277-34454547544

# input SID (same to PDC)
. unix password encryption: encryption used for unix passwords unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > MD5   # MD5
. default user gidNumber [513] > # Enter
. default computer gidNumber [515] > # Invio
. default login shell [/bin/bash] > # Invio
. default skeleton directory [/etc/skel] > # Invio
. default domain name to append to mail adress [] > # Invio

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Use of uninitialized value in concatenation (.) or string at /usr/share/doc/smbldap-tools-0.9.4/configure.pl line 314, line 33.
backup old configuration files:
  /etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
  /etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
writing new configuration file:
  /etc/smbldap-tools/smbldap.conf done.
  /etc/smbldap-tools/smbldap_bind.conf done.

/etc/init.d/smb restart

Shutting down SMB services: [  OK  ]
Shutting down NMB services: [  OK  ]
Starting SMB services: [  OK  ]
Starting NMB services: [  OK  ]



pdbedit -L # Per verificare le info degli utenti

root:0:root # verificare che le info siano le stesse del PDC

nobody:99:nobody
admin:1000:admin
e-fd3s$:1001:E-FD3S$
localhost$:1003:Computer
rx-7$:4294967295: