ldapsam オプションを追加する --- (A)$ su
変更を最小限にするため、--with-ldapsam の追加だけを行います
CFLAGS="$RPM_OPT_FLAGS" ./configure \
--prefix=%{_prefix} \
--localstatedir=/var \
--sysconfdir=/etc \
--with-privatedir=%{_sysconfdir}/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=%{_datadir}/swat/using_samba \
--with-swatdir=%{_datadir}/swat \
--with-libsmbclient \
--with-acl-support \
--with-shared-modules=idmap_rid \
--enable-cups=yes \
--with-ldapsam
# /etc/rc.d/init.d/ldap restart # slapd.conf を変更したので slapd を再起動
#...
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/samba.schema ./samba-3.0.14a/examples/LDAP/ からコピーしてくる
#...
NT ドメイン名: "SambaDomain"# vi /etc/smbldap-tools/smbldap.conf
ファイルサーバ名: "SambaServer"
LDAP サフィックス: "dc=solar"
LDAP サーバと SAMBA サーバは同一コンピュータ
LDAP <---> SAMBA 間の通信は暗号化しない
SAMBA ユーザは shell を使わない
SAMBA ユーザのホームディレクトリは /home/sambauser/who とする
ファイル属性: root:root 644# vi /etc/smbldap-tools/smbldap_bind.conf
sambaDomain="SambaDomain"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
suffix="dc=solar"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
userLoginShell="/sbin/nologin"
userHome="/home/sambauser/%U"
userGecos="Samba User"
userSmbHome="\\SambaServer\%U"
userProfile="\\SambaServer\profiles\%U"
mailDomain="example.com"
ファイル属性: root:root 600LDAP に SAMBA 用初期エントリ (ou=Users / ou=Groups / ou=Computers / sambaDomainName) を作成
slaveDN="cn=manager,dc=solar"
slavePw="secret"
masterDN="cn=manager,dc=solar"
masterPw="secret"
ユーザの追加
Populating LDAP directory for domain SambaDomain (S-1-5-21-4205727931-4131263253-1851132061) (using builtin directory structure) entry dc=solar already exist. adding new entry: ou=Users,dc=solar adding new entry: ou=Groups,dc=solar adding new entry: ou=Computers,dc=solar adding new entry: ou=Idmap,dc=solar adding new entry: uid=Administrator,ou=Users,dc=solar adding new entry: uid=guest,ou=Users,dc=solar adding new entry: cn=Domain Admins,ou=Groups,dc=solar adding new entry: cn=Domain Users,ou=Groups,dc=solar adding new entry: cn=Domain Guests,ou=Groups,dc=solar adding new entry: cn=Domain Computers,ou=Groups,dc=solar adding new entry: cn=Administrators,ou=Groups,dc=solar adding new entry: cn=Account Operators,ou=Groups,dc=solar adding new entry: cn=Print Operators,ou=Groups,dc=solar adding new entry: cn=Backup Operators,ou=Groups,dc=solar adding new entry: cn=Replicators,ou=Groups,dc=solar adding new entry: sambaDomainName=SambaDomain,dc=solar Please provide a password for the domain Administrator: Changing password for Administrator New password : ******** --- (B) Retype new password : ********
グループの追加と追加したグループへのユーザ追加
UserID:x:1001:513:Samba User:/home/sambauser/UserID:/sbin/nologin
グループからユーザを削除
GroupID:x:1000:UserID
グループを削除
GroupID:x:1000:
PDC で動作するときの移動プロファイル格納ディレクトリを作成
[global] dos charset = CP932 unix charset = EUCJP-MS display charset = EUCJP-MS workgroup = SambaDomain netbios name = SambaServer server string = Samba Server interfaces = eth0 passdb backend = ldapsam:ldap://localhost guest account = guest max log size = 500 domain logons = Yes os level = 33 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=manager,dc=solar ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=solar ldap ssl = no ldap user suffix = ou=Users admin users = Administrator [homes] comment = Home Directories read only = No browseable = No [Profiles] path = /home/profiles writeable = Yes browseable = No create mode = 0600 directory mode = 0700 guest ok = yes
# chkconfig --add smb
# chkconfig: 345 91 35
# /etc/rc.d/init.d/xinetd restart
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
port = 901
socket_type = stream
wait = no
only_from = 127.0.0.1
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = no
}