Describe OpenLdap/NT4ToSamba here.

Configure samba

Tell ldap about samba schema

aptitude install samba-doc

cd /usr/share/doc/samba-doc/examples/LDAP
gunzip samba.schema.gz
cp samba.schema /etc/ldap/schema/

include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/misc.schema

access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword

/etc/init.d/slapd restart

Tell samba to use ldap

aptitude install smbldap-tools

passdb backend = tdbsam guest

passdb backend = ldapsam:ldap://127.0.0.1

#######################################################################
#COPY AND PASTE THE FOLLOWING UNDERNEATH "OBEY PAM RESTRICTIONS = NO"
#######################################################################
#
#       Begin: Custom LDAP Entries
#
ldap admin dn = cn=admin,dc=mycompany,dc=com
ldap suffix = dc=mycompany, dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
; Do ldap passwd sync
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
domain logons = yes
#
#       End: Custom LDAP Entries
#
#####################################################
#STOP COPYING HERE!
#####################################################

testparm

/etc/init.d/samba restart

smbpasswd -w mypasswordforldap

net getlocalsid
#or for remote domain
net rpc info -S domain_machinename -U Administrator

SID for domain DELLDEBIAN2 is: S-1-5-21-1372832259-xxxxxxxx-xxxxxxxx

cd /usr/share/doc/smbldap-tools/examples/
cp smbldap_bind.conf /etc/smbldap-tools/
cp smbldap.conf.gz /etc/smbldap-tools/
gzip -d /etc/smbldap-tools/smbldap.conf.gz

vi /etc/smbldap-tools/smbldap.conf

SID="S-1-5-21-1372832259-xxxxxxxx-xxxxxxxx" ## This line must have the same SID as when you ran "net getlocalsid"
sambaDomain="mydomainname"
ldapTLS="0"
suffix="dc=mycompany,dc=com"
userHome="/home/%U" ## This is found in the UNIX section.
userSmbHome=
userProfile=
userHomeDrive=
userScript=
mailDomain="mycompany.com"

vi /etc/smbldap-tools/smbldap_bind.conf

slaveDN="cn=admin,dc=mycompany,dc=com"
slavePw="mypassword"
masterDN="cn=admin,dc=mycompany,dc=com"
masterPw="mypassword"

chmod 0600 /etc/smbldap-tools/smbldap_bind.conf

*Populate samba groups:

smbldap-populate -u 30000 -g 30000
#or just
smbldap-populate

adding new entry: ou=Users,dc=......
adding new entry: ou=Groups,dc=......
adding new entry: ou=Computers,dc=......
adding new entry: ou=Idmap,dc=....
adding new entry: uid=root,ou=Users,dc=....
adding new entry: uid=nobody,ou=Users,dc=....
adding new entry: cn=Domain Admins,ou=Groups,dc=...

Adding new users

smbldap-useradd -a -m -M ricky -c "Richard M" ricky

-a allows Windows as well as Linux login
-m makes a home directory, leave this off if you do not need local access. PAM will be configured to automatically create a home directory.
-M sets up the username part of their email address
-c specifies their full name

change password

smbldap-passwd ricky

Join NT4 Domain

net rpc getsid -S myoldserverOR_ip_address -U Administrator

net rpc info -S myoldserverOR_ip_address -U Administrator

Domain Name: mydomainname
Domain SID: S-1-x-xx-xxxxx-xxxxx-xxxxx
Sequence number: 80xx
Num users: 277
Num domain groups: 5
Num local groups: 0

net rpc join -S [NT netbios name or IP] -U Administrator
or
net rpc join BDC  -I ip_address_of_the_server -UAdministrator -w domainname -S domainname_servername

net rpc join BDC -S domaincomputername -U Administrator

server:/etc/samba#  net rpc join BDC -S domaincomputername -U Administrator
Password:
Joined domain LIABILITY.

Migrate User Accounts

index  objectClass      eq
index  cn               pres,sub,eq
index  sn               pres,sub,eq
index  uid              pres,sub,eq
index  displayName      pres,sub,eq
index  uidNumber        eq
index  gidNumber        eq
index  memberUid        eq
index  sambaSID         eq
index  sambaDomainName  eq
index  default          sub

net rpc vampire -S [NT netbios name or IP] -W [domainname] -U Administrator

net rpc vampire -S domaincomputername -W xyzdomain -U Administrator

Fetching DOMAIN database
Creating unix group: 'Domain Admins'
Creating unix group: 'Domain Users'
Creating unix group: 'Domain Guests'
Creating unix group: 'Accounting'
Creating account: Administrator
Creating account: Guest
...
Creating unix group: 'Administrators'
Creating unix group: 'Backup Operators'
Creating unix group: 'Guests'
Creating unix group: 'Print Operators'
Creating unix group: 'Replicator'
Creating unix group: 'Server Operators'
Creating unix group: 'Users'

Troubleshooting

Jul 24 11:46:02 delldebian2 slapd[2602]: <= bdb_equality_candidates: (uidNumber) not indexed
Jul 24 11:46:05 delldebian2 slapd[2602]: <= bdb_equality_candidates: (uid) not indexed
Jul 24 11:46:05 delldebian2 slapd[2602]: <= bdb_equality_candidates: (uidNumber) not indexed
Jul 24 11:46:06 delldebian2 slapd[2602]: <= bdb_equality_candidates: (gidNumber) not indexed
Jul 24 11:46:06 delldebian2 slapd[2602]: <= bdb_equality_candidates: (sambaSID) not indexed
Jul 24 11:46:06 delldebian2 slapd[2602]: <= bdb_equality_candidates: (sambaSID) not indexed
Jul 24 11:46:06 delldebian2 slapd[2602]: <= bdb_equality_candidates: (sambaGroupType) not indexed
Jul 24 11:46:06 delldebian2 slapd[2602]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Jul 24 11:46:06 delldebian2 slapd[2602]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Jul 24 11:46:06 delldebian2 slapd[2602]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Jul 24 11:46:06 delldebian2 slapd[2602]: <= bdb_equality_candidates: (sambaSIDList) not indexed

index  objectClass      eq
index  cn               pres,sub,eq
index  sn               pres,sub,eq
index  uid              pres,sub,eq
index  displayName      pres,sub,eq
index  uidNumber        eq
index  gidNumber        eq
index  memberUid        eq
index  sambaSID         eq
index  sambaDomainName  eq
index  default          sub

MyWiki: OpenLdap/NT4ToSamba (last edited 2009-09-06 02:49:39 by localhost)