Ubuntu Server Guide
Adding Samba LDAP objects
Download 1.23 Mb. Pdf ko'rish
|
ubuntu-server-guide (1)
|
Adding Samba LDAP objects
Next, configure the smbldap-tools package to match your environment. The package comes with a configu- ration helper script called smbldap-config. Before running it, though, you should decide on two important configuration settings in /etc/samba/smb.conf: • netbios name: how this server will be known. The default value is derived from the server’s hostname, but truncated at 15 characters. • workgroup: the workgroup name for this server, or, if you later decide to make it a domain controller, this will be the domain. It’s important to make these choices now because smbldap-config will use them to generate the config that will be later stored in the LDAP directory. If you run smbldap-config now and later change these values in /etc/samba/smb.conf there will be an inconsistency. Once you are happy with netbios name and workgroup, proceed to generate the smbldap-tools configuration by running the configuration script which will ask you some questions: sudo smbldap−c o n f i g Some of the more important ones: • workgroup name: has to match what you will configure in /etc/samba/smb.conf later on. • ldap suffix: has to match the ldap suffix you chose when you configured the LDAP server. • other ldap suffixes: they are all relative to ldap suffix above. For example, for ldap user suffix you should use ou=People, and for computer/machines, use ou=Computers. • ldap master bind dn and bind password: use the rootDN credentials. The smbldap-populate script will then add the LDAP objects required for Samba. It will ask you for a password for the “domain root” user, which is also the “root” user stored in LDAP: sudo smbldap−p o p u l a t e −g 10000 −u 10000 −r 10000 The -g, -u and -r parameters tell smbldap-tools where to start the numeric uid and gid allocation for the LDAP users. You should pick a range start that does not overlap with your local /etc/passwd users. You can create a LDIF file containing the new Samba objects by executing sudo smbldap−populate −e samba.ldif. This allows you to look over the changes making sure everything is correct. If it is, rerun the script without the ‘-e’ switch. Alternatively, you can take the LDIF file and import its data per usual. Your LDAP directory now has the necessary information to authenticate Samba users. Download 1.23 Mb. Do'stlaringiz bilan baham: 
|