Ubuntu Server Guide Changes, errors and bugs
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
Samba Configuration
To configure Samba to use LDAP, edit its configuration file /etc/samba/smb.conf commenting out the default passdb backend parameter and adding some ldap-related ones. Make sure to use the same values you used when running smbldap-populate: # passdb backend = tdbsam workgroup = EXAMPLE # LDAP S e t t i n g s 148 passdb backend = ldapsam : l d a p : / / l d a p 0 1 . example . com l d a p s u f f i x = dc=example , dc=com l d a p u s e r s u f f i x = ou=Peo pl e l d a p group s u f f i x = ou=Groups l d a p machine s u f f i x = ou=Computers l d a p idmap s u f f i x = ou=Idmap l d a p admin dn = cn=admin , dc=example , dc=com l d a p s s l = s t a r t t l s l d a p passwd sync = y e s Change the values to match your environment. Note The smb.conf as shipped by the package is quite long and has many configuration examples. An easy way to visualize it without any comments is to run testparm -s. Now inform Samba about the rootDN user’s password (the one set during the installation of the slapd package): sudo smbpasswd −W As a final step to have your LDAP users be able to connect to samba and authenticate, we need these users to also show up in the system as “unix” users. Use SSSD for that as detailed in Service - SSSD. Install sssd-ldap sudo apt i n s t a l l s s s d −l d a p Configure /etc/sssd/sssd.conf : [ s s s d ] c o n f i g _ f i l e _ v e r s i o n = 2 domains = example . com [ domain / example . com ] i d _ p r o v i d e r = l d a p a u t h _ p r o vi d e r = l d a p l d a p _ u r i = l d a p : / / l d a p 0 1 . example . com c a c h e _ c r e d e n t i a l s = True ldap_search_base = dc=example , dc=com Adjust permissions and start the service: sudo chmod 0600 / e t c / s s s d / s s s d . c o n f sudo chown r o o t : r o o t / e t c / s s s d / s s s d . c o n f sudo s y s t e m c t l s t a r t s s s d Restart the Samba services: sudo s y s t e m c t l r e s t a r t smbd . s e r v i c e nmbd . s e r v i c e To quickly test the setup, see if getent can list the Samba groups: $ g e t e n t group R e p l i c a t o r s R e p l i c a t o r s : * : 5 5 2 : Note The names are case sensitive! 149 If you have existing LDAP users that you want to include in your new LDAP-backed Samba they will, of course, also need to be given some of the extra Samba specific attributes. The smbpasswd utility can do this for you: sudo smbpasswd −a username You will prompted to enter a password. It will be considered as the new password for that user. Making it the same as before is reasonable. Note that this command cannot be used to create a new user from scratch in LDAP (unless you are using ldapsam:trusted and ldapsam:editposix, not covered in this guide). To manage user, group, and machine accounts use the utilities provided by the smbldap-tools package. Here are some examples: • To add a new user with a home directory: sudo smbldap−u s e r a d d −a −P −m username The -a option adds the Samba attributes, and the -P option calls the smbldap-passwd utility after the user is created allowing you to enter a password for the user. Finally, -m creates a local home directory. Test with the getent command: g e t e n t passwd username • To remove a user: sudo smbldap−u s e r d e l username In the above command, use the -r option to remove the user’s home directory. • To add a group: sudo smbldap−groupadd −a groupname As for smbldap-useradd, the -a adds the Samba attributes. • To make an existing user a member of a group: sudo smbldap−groupmod −m username groupname The -m option can add more than one user at a time by listing them in comma-separated format. • To remove a user from a group: sudo smbldap−groupmod −x username groupname • To add a Samba machine account: sudo smbldap−u s e r a d d −t 0 −w username Replace username with the name of the workstation. The -t 0 option creates the machine account without a delay, while the -w option specifies the user as a machine account. Download 1.27 Mb. Do'stlaringiz bilan baham: |
Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling
ma'muriyatiga murojaat qiling