banners
From Free IPA
SCOPE: PAGE IS OBSOLETE.
Contents |
[edit]
Overview
This document describes the procedure to install and configure Samba for the integrated environment with IPA.
[edit]
Installing Samba
Install Samba 4. The installation directory will be referred to as SAMBA_HOME. Replace any occurence of SAMBA_HOME in this document with the actual path.
[edit]
Configuring Samba
Create SAMBA_HOME/etc/smb.conf:
[globals]
netbios name = samba1
workgroup = SAMBADOMAIN
realm = SAMBA.EXAMPLE.COM
server role = domain controller
system:anonymous = yes
sid generator = backend
[netlogon]
path = SAMBA_HOME/var/locks/sysvol/samba.example.com/scripts
read only = no
[sysvol]
path = SAMBA_HOME/var/locks/sysvol
read only = no
[edit]
Provisioning Samba Backend
Execute the following command to provision Samba backend:
% cd SAMBA_HOME % export PYTHONPATH=SAMBA_HOME/lib64/python2.6/site-packages % share/setup/provision --server-role="domain controller" \ --domain=SAMBADOMAIN --realm=SAMBA.EXAMPLE.COM \ --adminpass=Secret123 \ --ldap-backend-type=fedora-ds \ --root=root --ldapadminpass=Secret123 \ --host-name=buildsamba02 --host-ip=127.0.0.1 \ --slapd-path=/usr/sbin/ns-slapd --setup-ds-path=/usr/sbin/setup-ds.pl
[edit]
Starting DS Instance
% cd SAMBA_HOME % private/ldap/slapd-samba4/start-slapd
[edit]
Enabling DS Change Log
Enable DS Change Log:
% ldapmodify -H ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi -x -D "cn=Manager,dc=samba,dc=example,dc=com" -w Secret123 dn: cn=Retro Changelog Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on -
Restart DS:
% cd SAMBA_HOME % private/ldap/slapd-samba4/stop-slapd % private/ldap/slapd-samba4/start-slapd
[edit]
Installing Syncback Module
Copy syncback.so into SAMBA_HOME/modules/ldb directory.
Edit private/sam.ldb:
% cd SAMBA_HOME % bin/ldbedit -H private/sam.ldb -b ""
Search for @MODULES entry, add the syncback module at the beginning of the @LIST as follows:
dn: @MODULES @LIST: syncback,resolve_oids,rootdse,lazy_commit,paged_results,ranged_results,anr,serve r_sort,asq,extended_dn_store,extended_dn_in,rdn_name,objectclass,descriptor,a cl,samldb,password_hash,operational,kludge_acl,schema_load,instancetype,exten ded_dn_out_fds,show_deleted,new_partition,partition distinguishedName: @MODULES
[edit]
Starting Samba
% cd SAMBA_HOME % sbin/samba -i -M single
[edit]
Enabling Clear Text Password
Check the current password policy:
% ldapsearch -x -D "cn=Administrator,cn=Users,dc=samba,dc=example,dc=com" \ -w Secret123 -b "dc=samba,dc=example,dc=com" -s base pwdProperties dn: dc=samba,dc=example,dc=com pwdProperties: 1
Enable storing clear text password:
% ldapmodify -x -D "cn=Administrator,cn=Users,dc=samba,dc=example,dc=com" \ -w Secret123 dn: dc=samba,dc=example,dc=com changetype: modify replace: pwdProperties pwdProperties: 17
