Presentation is loading. Please wait.

Presentation is loading. Please wait.

u Babel Com Australia FDS + Samba ● What is LDAP? ● Fedora Directory Server ● Samba ● LDAP Tools.

Published byPatricia Porter Modified over 7 years ago

Similar presentations

Presentation on theme: "u Babel Com Australia FDS + Samba ● What is LDAP? ● Fedora Directory Server ● Samba ● LDAP Tools."— Presentation transcript:

1 www.babel.com.a u Babel Com Australia FDS + Samba ● What is LDAP? ● Fedora Directory Server ● Samba ● LDAP Tools

2 www.babel.com.a u Babel Com Australia What is LDAP? ● Lightweight Directory Access Protocol ● Common on-wire protocol – ASN.1 ● Common export format – LDIF ● Common replication format – LDUP ● Tree structure form of objects via “DNs”

3 www.babel.com.a u Babel Com Australia Replication ● One or more LDAP servers can participate. ● Single-master or multi-master implementations (OpenLDAP vs FDS). ● Common on-wire replication protocol – LDUP. ● Replication between different directory types can be problematic.

4 www.babel.com.a u Babel Com Australia FDS ● http://directory.fedoraproject.org/ http://directory.fedoraproject.org/ ● 4 Way multi-master replication ● Scalable ● Extensive Documentation ● In-directory management (schema etc) – no restart needed to change schema or ACIs

5 www.babel.com.a u Babel Com Australia LDAP Applications ● Authentication – PAM, Samba. ● Name Space Services – NSS, Samba.

6 www.babel.com.a u Babel Com Australia SAMBA ● Samba is a Free Software suite that provides seamless file and print services to Windows and other CIFS/SMB clients ● SMB = Server Message Block ● CIFS = Common Internet File System ● For lots more info see www.samba.org

7 www.babel.com.a u Babel Com Australia LDAP and Samba ● Common Schema Extension – 61samba.ldif ● Integration Issues ● Linux and Windows Accounts ● Password Storage ● MD2 vs crypt/MD5/SSHA ● Windows passwords and Linux passwords stored separately ● Password sync enabled via Samba

8 www.babel.com.a u Babel Com Australia Human and Machine ● Human accounts under ou=People,... ● Machine accounts under ou=Computers,... ● Machine accounts have “trust” in the Samba domain – enables challenge/handshake authentication. ● Everything has a SID relative to the domain SID.

9 www.babel.com.a u Babel Com Australia Components ● LDAP – Fedora Directory Server ● Sun Java (Try IcedTea on Fedora 8) ● Samba 3.0.21 or later ● smbldap-tools ● Scripts, etc

10 www.babel.com.a u Babel Com Australia Installing FDS ● Installation Instructions:http://www.redhat.com/docs/manuals/dir- server/install/7.1/http://www.redhat.com/docs/manuals/dir- server/install/7.1/ ● Performance Tuning Notes:http://directory.fedoraproject.org/wiki/Performance_Tuninghttp://directory.fedoraproject.org/wiki/Performance_Tuning ● Installation Scripts:http://wiki.babel.com.au/edit.php?area=Linux_Projects&page=FedoraDirectoryS erverhttp://wiki.babel.com.au/edit.php?area=Linux_Projects&page=FedoraDirectoryS erver ● Post-installation setup: /opt/fedora-ds/setup/setup ● Verification: ldapsearch -x -s base -b “” “objectclass=*”

11 www.babel.com.a u Babel Com Australia Connect to LDAP ● FC4 and earlier: authconfig ● FC5+: authconfig-tui

12 www.babel.com.a u Babel Com Australia Install Samba ● Use the RPM ● Add the password for the Directory Manager user to the samba tdb database. – smbpasswd -w (your_directory_manager_password)

13 www.babel.com.a u Babel Com Australia smbldap-tools ● smbdlap-tools appeared in fedora-extras around Fedora Core 6 and then moved to Fedora around Fedora 7. ● Earlier versions of Fedora – find the one from dries.

14 www.babel.com.a u Babel Com Australia FDS Schema ● http://directory.fedoraproject.org/wiki/Howto:Samba http://directory.fedoraproject.org/wiki/Howto:Samba ● 61samba.ldif ● Find on net or roll your own – don't use the OpenLDAP one. ● Restart FDS

15 www.babel.com.a u Babel Com Australia Samba Configuration ● /etc/samba/smb.conf: ● [global] – workgroup = TESTDOMAIN – security = user – passdb backend = ldapsam:ldap://localhostldap://localhost – domain logons = yes – domain master = yes – wins support = yes

16 www.babel.com.a u Babel Com Australia smb.conf (2) ● add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" ● delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" ● add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" ● delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" ● add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" ● delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" ● set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" ● add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"

17 www.babel.com.a u Babel Com Australia smb.conf (3) ● ldap admin dn = cn=Directory Manager ● ldap suffix = dc=babel,home ● ldap user suffix = ou=People ● ldap machine suffix = ou=Computers ● ldap group suffix = ou=Groups ● ldap idmap suffix = ou=Idmap ● ldap passwd sync = Yes ● ldap ssl = no ● ldap timeout = 20

18 www.babel.com.a u Babel Com Australia Configure smbldap-tools ● Service smb start ●.../configure.pl ● For some reason this creates a bogus LDAP entry. Remove it. – ldapsearch -x 'sambaDomainName=*' – ldapdelete...

19 www.babel.com.a u Babel Com Australia Populate LDAP ● Only do this on one server, even if you have a replicated environment: – /usr/sbin/smbldap-populate -e /root/LDAP/smb-populate.ldif – vi /root/LDAP/smb-populate.ldif ● Change the last entry to include: – objectClass: top – sambaAlgorithmicRidBase: 1000 – sambaNextUserRid: 1000 ● Then insert the entries using: – ldapadd -x -c -D 'cn=Directory Manager' -W -f /root/LDAP/smb-populate.ldif

20 www.babel.com.a u Babel Com Australia Test Samba ● testparm ● /sbin/service smb stop ● /bin/rm -f /var/log/samba/* ● /sbin/service smb start ● Samba should start without any errors in the log file, especially smbd.log

21 www.babel.com.a u Babel Com Australia LAM ● LDAP Account Manager ● Web Based ● Useful for managing Samba and LDAP account information ● High-Level ● Schema views

Download ppt "u Babel Com Australia FDS + Samba ● What is LDAP? ● Fedora Directory Server ● Samba ● LDAP Tools."

Similar presentations

Homework 5b: Samba. Computer Center, CS, NCTU 2 Network-based File Sharing (1)  NFS (UNIX-based) mountd is responsible for mount request nfsd and nfsiod.

Homework 5b: Samba. Computer Center, CS, NCTU 2 Network-based File Sharing (1)  NFS (UNIX-based) mountd is responsible for mount request nfsd and nfsiod.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Samba Integrating SMB file systems with UNIX. Samba Provides a file server compatible with Windows 9x and NT.. SMB Can function in NETBIOS name browsing.

Samba Integrating SMB file systems with UNIX. Samba Provides a file server compatible with Windows 9x and NT.. SMB Can function in NETBIOS name browsing.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.

Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Network+ Guide to Networks, Fourth Edition Chapter 8 Network Operating Systems and Windows Server 2003-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 8 Network Operating Systems and Windows Server 2003-Based Networking.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Presentation #36576 Presentation #36576 Oracle9i LDAP: Advanced Configuration of Directory Naming Daniel T. Liu Senior Technical consultant First American.

Presentation #36576 Presentation #36576 Oracle9i LDAP: Advanced Configuration of Directory Naming Daniel T. Liu Senior Technical consultant First American.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.

© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
CMSC 691X – Summer 2002 Project By Pravin D’Souza.

CMSC 691X – Summer 2002 Project By Pravin D’Souza.
Installing Samba Vicki Insixiengmay Jonathan Krieger.

Installing Samba Vicki Insixiengmay Jonathan Krieger.
1 COP 4343 Unix System Administration Unit 16: file server – samba.

1 COP 4343 Unix System Administration Unit 16: file server – samba.
UNIT - III. Installing Samba Windows uses Sever Message Block(SMB) to communicate with each other using sharing services like file and printer. Samba.

UNIT - III. Installing Samba Windows uses Sever Message Block(SMB) to communicate with each other using sharing services like file and printer. Samba.
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.

© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
Samba

Samba
1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.

1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Similar presentations

Ads by Google