samba ldap howto.pdf


Vista previa del archivo PDF samba-ldap-howto.pdf


Página 1...3 4 56756

Vista previa de texto


The SAMBA-LDAP-PDC Howto

2

Revision : 1.24

Context of this Howto

This Howto aims at helping to configure an Samba + OpenLDAP Primary Domain Controler
for Microsoft Windows Workstations (and, using nss ldap and pam ldap, a unique source of
authentification for all workstations, including Linux and other Unix systems).
For the need of our example, we settled the following context :
• All workstations and servers are in the same LAN 192.168.1.0/24,
• DNS resolution is okay (using Bind or Djbdns for example), and out of the scope of this
Howto 5 ,
• We want to configure the Microsoft Windows NT Domain named IDEALX-NT,
• We will have a central Primary Domain Controler named PDC-SRV (netbios name)
on the host 192.168.1.1/32 ,
• We want this Primary Domain Controller to be the WINS server and the Master Browser
Server of the IDEALX-NT domain,
• All authentifications objects (users and groups) will be stored on an OpenLDAP server,
using the base DN : dc=IDEALX,dc=ORG,
• Samba6 Users accounts will be stored in ou=Users,dc=IDEALX,dc=ORG,
• Samba Computers accounts will be stored in ou=Computers,dc=IDEALX,dc=ORG,
• Samba7 Groups accounts will be stored in ou=Groups,dc=IDEALX,dc=ORG,
Separating Samba accounts (Users and Computers) and Groups is a optional way to do the job.
We could store all this datas under the same DN, but we made this distinction to make the
LDAP tree more human-readable8 . Feel free to change those statements (Microsoft Windows
NT Domain Name, LDAP tree) for a context who feet you better, if desired.
In this Howto, we took the RedHat Linux 7.2 as a base, and tried to conform to FHS 9
recommandations. All RPMS and SRPMS packages for RedHat Linux 7.2 are available on
the http://samba.idealx.org/ project page. This do not mean Samba only work on RedHat
Linux of course (nor only on Linux for short), but just that this choice present the advantage
to be quickly reproductible by anybody (RedHat Linux is very common on the server market
nowadays, and supported by many vendors).
5

DNS resolution must be ok to use Samba without spending hours trying to understand why that think is
supposed to work and don’t !
6
and other Posix accounts so the PDC will provide an unique source of authentification for Windows and
Unix stations
7
and other Posix groups so the PDC will provide an unique source of system datas for Windows and Unix
stations
8
additionnaly, there is a potential issue with computer management via LDAP : see 10 on page 28
9
see http://www.pathname.com/fhs/ for more info on FHS

page 5/56

adplus-dvertising