Related Articles
|
Cách lên openldap trên centos 6 này khá dể hơn cái centos 5. Sau đây là các bước làm ở đây mình đã cấu hình DNS rồi nếu ai chưa thì làm nhe’ mình ko hướng dẫn cấu hình DNS ở đây. Bước 1: ta cài các gói như bên dưới. openldap-servers-2.4.23-20.el6.i686 openldap-clients-2.4.23-20.el6.i686 openldap-2.4.23-20.el6.i686 openldap–devel-2.4.23-20.el6.i686 Bước 2: Tiến hành cấu hình ta chỉnh sữa 2 file db vs monitor trong vi /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif dn: olcDatabase={1}monitor objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to * by dn.base=”gidNumber=0+uidNumber=0,cn=peercred,cn=externa l,cn=auth” read by dn.base=”cn=manager,dc=phong,dc=com” read by * none olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: 7a3a2b66-ccf3-1030-9422-33bcd35a9fee creatorsName: cn=config createTimestamp: 20120106204805Z entryCSN: 20120106204805.639580Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20120106204805Z vi /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcSuffix: dc=phong,dc=com olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=phong,dc=com olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap olcDbCacheSize: 1000 olcDbCheckpoint: 1024 15 olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass pres,eq olcDbIndex: cn pres,eq,sub olcDbIndex: uid pres,eq,sub olcDbIndex: uidNumber pres,eq olcDbIndex: gidNumber pres,eq olcDbIndex: ou pres,eq,sub olcDbIndex: loginShell pres,eq olcDbIndex: mail pres,eq,sub olcDbIndex: sn pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbIndex: memberUid pres,eq,sub olcDbIndex: nisMapName pres,eq,sub olcDbIndex: nisMapEntry pres,eq,sub olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 7a3a3dea-ccf3-1030-9423-33bcd35a9fee creatorsName: cn=config createTimestamp: 20120106204805Z entryCSN: 20120106204805.639580Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20120106204805Z olcRootPW: {SSHA}BTF7/U8OamDQSc+fLT2z4oxWMfh4+POx olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapdkey.pem olcAccess: to attrs=userPassword by self write by anonymous auth by dn.base=”cn=Manager,dc=phong,dc=com” write by * none olcAccess: to * by self write by dn.base=”cn=Manager,dc=phong,dc=com” write by * read Lệnh kiểm tra: slaptest -u [root@server ~]# slaptest -u config file testing succeeded Mình tạo ra 1 file để tạo ou group cho ldap. vi base.ldif dn: dc=phong,dc=com dc: phong objectClass: top objectClass: domain dn: ou=People,dc=phong,dc=com ou: People objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=phong,dc=com ou: Group objectClass: top objectClass: organizationalUnit Xong ta lưu lại và nhấn lệnh cho add vào ldap. ldapadd -x -W -D “cn=Manager,dc=phong,dc=com” -f base.ldif xong rồi ta lấy tool ldapdmin xem coi có các ou vừa tạo chưa
 Đây là đường dẫn video http://www.youtube.com/watch?v=P0Fqj…ature=youtu.be Nếu được sự ủng hộ lần sau mình sẽ post lên cách cấu hình PDC trên Centos6 để win join vào lấy được ánh xạ ổ đĩa mạng và profiles trên server
|
|
Sao đây mình bổ sung thêm một đoạn script để add các user local vào ldap. Các user có uid từ 500-> 599. vi ldapuser.sh #!/bin/bash SUFFIX=’dc=phong,dc=com’ LDIF=’ldapuser.ldif‘ echo -n > $LDIF for line in `grep “x:[5-9][0-9][0-9]:” /etc/passwd | sed -e “s/ /%/g”` do UID1=`echo $line | cut -d: -f1` NAME=`echo $line | cut -d: -f5 | cut -d, -f1` if [ ! “$NAME” ] then NAME=$UID1 else NAME=`echo $NAME | sed -e “s/%/ /g”` fi SN=`echo $NAME | awk ‘{print $2}’` if [ ! “$SN” ] then SN=$NAME fi GIVEN=`echo $NAME | awk ‘{print $1}’` UID2=`echo $line | cut -d: -f3` GID=`echo $line | cut -d: -f4` PASS=`grep $UID1: /etc/shadow | cut -d: -f2` SHELL=`echo $line | cut -d: -f7` HOME=`echo $line | cut -d: -f6` EXPIRE=`passwd -S $UID1 | awk ‘{print $7}’` FLAG=`grep $UID1: /etc/shadow | cut -d: -f9` if [ ! “$FLAG” ] then FLAG=”0″ fi WARN=`passwd -S $UID1 | awk ‘{print $6}’` MIN=`passwd -S $UID1 | awk ‘{print $4}’` MAX=`passwd -S $UID1 | awk ‘{print $5}’` LAST=`grep $UID1: /etc/shadow | cut -d: -f3` echo “dn: uid=$UID1,ou=people,$SUFFIX” >> $LDIF echo “objectClass: inetOrgPerson” >> $LDIF echo “objectClass: posixAccount” >> $LDIF echo “objectClass: shadowAccount” >> $LDIF echo “uid: $UID1″ >> $LDIF echo “sn: $SN” >> $LDIF echo “givenName: $GIVEN” >> $LDIF echo “cn: $NAME” >> $LDIF echo “displayName: $NAME” >> $LDIF echo “uidNumber: $UID2″ >> $LDIF echo “gidNumber: $GID” >> $LDIF echo “userPassword: {crypt}$PASS” >> $LDIF echo “gecos: $NAME” >> $LDIF echo “loginShell: $SHELL” >> $LDIF echo “homeDirectory: $HOME” >> $LDIF echo “shadowExpire: $EXPIRE” >> $LDIF echo “shadowFlag: $FLAG” >> $LDIF echo “shadowWarning: $WARN” >> $LDIF echo “shadowMin: $MIN” >> $LDIF echo “shadowMax: $MAX” >> $LDIF echo “shadowLastChange: $LAST” >> $LDIF echo >> $LDIF done Khi các bạn tạo xong save lại và chạy dòng lệnh như bên dưới để add vào. ldapadd -x -D “cn=Manager,dc=phong,dc=com” -W -f ldapuser.ldif chúc các bạn thành công. Sưu Tầm
|
|
Cách lên PDC trên CentOS 6.0: Kiểm tra xem các gói samba đã được cài đặt chưa nhé : [root@server ~]# rpm –qa | grep samba samba-common-3.5.4-68.el6.i686 samba-3.5.4-68.el6.i686 samba-client-3.5.4-68.el6.i686 Các bạn tìm thêm “smbldap-tools-0.9.6-3.el6.noarch” [root@server]# rpm –qa | grep smbldap-tools smbldap-tools-0.9.6-3.el6.noarch Lên PDC chỉ cần các gói như vậy là đủ tới đây làm gần giống như lên PDC trên centOS 5: [root@server]#mv /etc/samba/smb.conf /etc/samba/smb.conf.bak [root@server /]# cd /usr/share/doc/smbldap-tools-0.9.6/smb.conf /etc/samba/smb.conf Các bạn nhớ nhấn Y cho đè nhé
 [root@server ~]#vi /etc/samba/smb.conf workgroup = phong #min passwd length = 3 ldap passwd sync =yes Dos charset =CP932 Unix charset =UTF-8 passdb backend = ldapsam:ldap://server.phong.com/ ldap admin dn =cn=Manager,dc=phong,dc=com ldap suffix =dc=phong,dc=com ldap group suffix = ou=groups ldap user suffix = ou=people delete group script = /usr/sbin/smbldap-groupdel “%g” set primary group script = /usr/sbin/smbldap-usermod -g ‘%g’ ‘%u’ admin users = admin ldap ssl = no #xuống cuối file thêm vào mấy dòng bên dưới [homes] comment = Home Directories path = /home/%U read only = No browseable = No #xong rồi các bạn save lại [root@servser~]#mkdir /home/netlogon [root@servser~]#mkdir /home/profiles [root@servser~]#chmod 777 /home/profiles #Ở đây ta tạo ra 2 thư mục netlogon vs profiles này có ý nghĩa như sao #netlogon chứ tập tin logon.bat “logon.cmd” để tạo 1 đoạn script để ánh xạ ổ đĩa mạng trên server xuống mỗi khi user logon vào. #profiles ở đây có chứ năng lưu trữ profiles của user được lưu trên server. #Mình thì nghĩ như vậy ko bt đúng ko ai có ý nghĩ khác cho mình tham khảo [root@servser~]#service nmb restart [root@servser~]#service smb restart [root@servser~]smbpasswd -W #tạo pass cho cn=Manager [root@servser~]perl /usr/share/doc/smbldap-tools-0.9.6/configure.pl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- smbldap-tools script configuration -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Before starting, check . if your samba controller is up and running. . if the domain SID is defined (you can get it with the ‘net getlocalsid’) . you can leave the configuration using the Ctrl-c key combination . empty value can be set with the “.” character -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Looking for configuration files… Samba Configuration File Path [/etc/samba/smb.conf] > The default directory in which the smbldap configuration files are stored is shown. If you need to change this, enter the full directory path, then press enter to continue. Smbldap-tools Configuration Directory Path [/etc/smbldap-tools] > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Let’s start configuring the smbldap-tools scripts … . workgroup name: name of the domain Samba acts as a PDC for workgroup name [phong] > . netbios name: netbios name of the samba controller netbios name [server] > . logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: ‘H:’ logon drive [H:] > . logon home: home directory location (for Win95/98 or NT Workstation). (use %U as username) Ex:’\\server\%U’ logon home (press the “.” character if you don’t want homeDirectory) [\\192.168.9.1\%U] > . logon path: directory where roaming profiles are stored. Ex:’\\server\profiles\%U’ logon path (press the “.” character if you don’t want roaming profiles) [\\192.168.9.1\profiles\%U] > . home directory prefix (use %U as username) [/home/%U] > . default users’ homeDirectory mode [700] > . default user netlogon script (use %U as username) [logon.bat] > default password validation time (time in days) [45] > . ldap suffix [dc=phong,dc=com] > . ldap group suffix [ou=Groups] > . ldap user suffix [ou=people] > . ldap machine suffix [ou=Computers] > . Idmap suffix [ou=Idmap] > . sambaUnixIdPooldn: object where you want to store the next uidNumber and gidNumber available for new users and groups sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=phong] > . ldap master server: IP address or DNS name of the master (writable) ldap server ldap master server [server.phong.com] > . ldap master port [389] > . ldap master bind dn [cn=Manager,dc=phong,dc=com] > ldap master bind password [] > . ldap slave server: IP address or DNS name of the slave ldap server: can also be the master one ldap slave server [server.phong.com] > . ldap slave port [389] > . ldap slave bind dn [cn=Manager,dc=phong,dc=com] > . ldap slave bind password [] > . ldap tls support (1/0) [0] > 0 . SID for domain phong: SID of the domain (can be obtained with ‘net getlocalsid server’) SID for domain phong [S-1-5-21-2076072542-3734890575-2257465984] > . unix password encryption: encryption used for unix passwords unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > . default user gidNumber [513] > . default computer gidNumber [515] > . default login shell [/bin/bash] > . default skeleton directory [/etc/skel] > . default domain name to append to mail address [] > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= backup old configuration files: /etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old /etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old writing new configuration file: /etc/smbldap-tools/smbldap.conf done. /etc/smbldap-tools/smbldap_bind.conf done. Các bạn hãy enter hết có pass thì đánh vào chủ yếu cái này chỉ lấy dữ liệu từ bên file smb.conf qua thôi. [root@server /]# smbldap-populate   |
