[root@kenhgiaiphap_vn ~]# yum –y unstall openldap-servers openldap-client
Tạo password cho Ldap admin
# Dòng 86: chỉ định suffix
suffix "dc=kenhgiaiphap,dc=vn"
# Dòng 87: chỉ định admin suffix
rootdn "cn=Manager,dc=kenhgiaiphap,dc=vn"
# Dòng 93: copy password ở trên vào
rootpw {MD5}4QrcOUm6Wau+VuBX8g+IPg==
# Thêm đoạn sau vào cuối
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=kenhgiaiphap,dc=vn" write
by anonymous auth
by * none
access to *
by dn="cn=Manager,dc=kenhgiaiphap,dc=vn" write
by self write
by * read
[root@kenhgiaiphap_vn ~]# cd /usr/share/openldap/migration
[root@kenhgiaiphap_vn migration]# vi migrate_common.ph
# Dòng 71: chỉ định domain name
$DEFAULT_MAIL_DOMAIN = "kenhgiaiphap.vn";
# Dòng 74: chỉ định suffix
$DEFAULT_BASE = "dc=kenhgiaiphap,dc=vn";
[root@kenhgiaiphap_vn migration]# ./migrate_base.pl > base.ldif
[root@kenhgiaiphap_vn migration]# vi base.ldif
# Chỉ giữ lại những cái bạn cần
dn: dc=kenhgiaiphap,dc=vn
dc: server
objectClass: top
objectClass: domain
dn: ou=Hosts,dc= kenhgiaiphap,dc=vn
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc= kenhgiaiphap,dc=vn
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc= kenhgiaiphap,dc=vn
ou: Group
objectClass: top
objectClass: organizationalUnit
[root@kenhgiaiphap_vn migration]# ldapadd -x -W -D "cn=Manager,dc=server,dc=world" -f base.ldif
-Thêm User và Group vào LDAP server
[root@kenhgiaiphap_vn migration]# grep "x:[5-9][0-9][0-9]" /etc/passwd > passwd
[root@kenhgiaiphap_vn migration]# grep "x:[5-9][0-9][0-9]" /etc/group > group
[root@kenhgiaiphap_vn migration]# ./migrate_passwd.pl passwd > passwd.ldif
[root@kenhgiaiphap_vn migration]# ./migrate_group.pl group > group.ldif
[root@kenhgiaiphap_vn migration]# ldapadd -x -W -D "cn=Manager,dc= kenhgiaiphap,dc=vn" -f passwd.ldif
[root@kenhgiaiphap_vn migration]# ldapadd -x -W -D "cn=Manager,dc= kenhgiaiphap,dc=vn" -f group.ldif
2-Cài và cấu hình Samba PDC
[root@kenhgiaiphap_vn ~]# yum –y install samba
[root@kenhgiaiphap_vn ~]# cp /usr/share/doc/samba-0-9-6/LDAP/samba.schema /etc/openldap/schema/
[root@kenhgiaiphap_vn ~]# vi /etc/openldap/slapd.conf
| include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema # Thêm include /etc/openldap/schema/samba.schema # Thêm access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by dn="cn=Manager,dc=server,dc=world" write by anonymous auth by * none |
[root@kenhgiaiphap_vn ~]# service ldap restart
- Cài smbldap-tools
[root@kenhgiaiphap_vn ~]# yum --enablerepo=epel -y install smbldap-tools
[root@kenhgiaiphap_vn ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@kenhgiaiphap_vn ~]# cp /usr/share/doc/smbldap-tools-0-9-6/smb.conf /etc/samba/smb.conf
[root@kenhgiaiphap_vn ~]# vi /etc/samba/smb.conf
| # Dòng 3: đổi workgroup workgroup = kenhgiaiphapvn # Dòng 22: ldap passwd sync = yes # Dòng 33,34: đổi Dos charset = CP932 Unix charset = UTF-8 # Dòng 48: đổi LDAP admin DN passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager, dc=kenhgiaiphap,dc=vn # Dòng 50: đổi LDAP suffix ldap suffix = dc=kenhgiaiphap,dc=vn ldap group suffix = ou=Group ldap user suffix = ou=People # Dòng 60: bỏ dấu # delete group script = /usr/sbin/smbldap-groupdel "%g" # Dòng 64: thêm set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' admin users = admin |
[root@kenhgiaiphap_vn ~]# mkdir /home/netlogon
[root@kenhgiaiphap_vn ~]# service smb restart
[root@kenhgiaiphap_vn ~]# smbpasswd –W # Tạo password cho admin LDAP
[root@kenhgiaiphap_vn ~]# /usr/share/doc/smbldap-tools-0-9-6/configure.pl
[root@kenhgiaiphap_vn ~]# smbldap-populate
- Tạo user admin được chỉ định trong smb.conf
[root@kenhgiaiphap_vn ~]# smbldap-useradd –am admin –G “Domain Admins”
[root@kenhgiaiphap_vn ~]# smbldap-passwd admin
3-Join Linux client vào Samba PDC
Trên máy client: yum –y install samba
[root@kenhgiaiphap_vn ~]# vi /etc/samba/smb.conf
| Workgroup = kenhgiaiphapvn Security = domain Domain master = yes Domain logons = yes |
[root@kenhgiaiphap_vn ~]# service smb start
[root@kenhgiaiphap_vn ~]# setup
kenhgiaiphapvn là Workgroup
admin là username
4-Join Windows client vào Samba PDC
Nguon kenhgiaiphap.vn
No comments:
Post a Comment