banners
From Free IPA
SCOPE: PAGE IS OBSOLETE.
Contents |
[edit]
Overview
This page describes the steps to configure Samba server using DS backend.
[edit]
Prerequisites
- Install DS.
- Install Samba. Replace all occurrence of SAMBA_HOME in this document with the actual installation folder.
- Add virtual IP address (e.g. eth0:0).
[edit]
Configuration
Create SAMBA_HOME/etc/smb.conf:
[globals]
netbios name = samba
workgroup = EXAMPLE
realm = SAMBA.EXAMPLE.COM
server role = domain controller
system:anonymous = yes
sid generator = backend
krb5 port = 0
kpasswd port = 0
interfaces = eth0:0
bind interfaces only = yes
[netlogon]
path = SAMBA_HOME/var/locks/sysvol/samba.example.com/scripts
read only = no
[sysvol]
path = SAMBA_HOME/var/locks/sysvol
read only = no
[edit]
Copying Examples
Copy the examples folder from Samba source directory into Samba installation folder.
[edit]
Provisioning Samba Backend
Execute the following command to provision Samba backend:
% cd SAMBA_HOME % export PYTHONPATH=SAMBA_HOME/lib64/python2.6/site-packages % share/setup/provision --server-role="domain controller" \ --domain=EXAMPLE --realm=SAMBA.EXAMPLE.COM \ --adminpass=Secret123 \ --ldap-backend-type=fedora-ds \ --root=root --ldapadminpass=Secret123 \ --host-name=samba --host-ip=127.0.0.1 \ --slapd-path=/usr/sbin/ns-slapd --setup-ds-path=/usr/sbin/setup-ds.pl
Server Role: domain controller Hostname: samba NetBIOS Domain: EXAMPLE DNS Domain: samba.example.com DOMAIN SID: S-1-5-21-1463069339-4227668456-4007226777 Admin password: Secret123 LDAP Backend Admin DN: CN=Manager,DC=samba,DC=example,DC=com LDAP Admin Password: Secret123
[edit]
Starting DS Instance
% cd SAMBA_HOME % private/ldap/slapd-samba4/start-slapd
[edit]
Enabling DS Change Log
Copy common schema into SAMBA_HOME/private/ldap/slapd-samba4/schema:
% cp /etc/dirsrv/schema/02common.ldif SAMBA_HOME/private/ldap/slapd-samba4/schema
Enable change log plugin:
% ldapmodify -H ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi \ -x -D "cn=Manager,dc=samba,dc=example,dc=com" -w Secret123 dn: cn=Retro Changelog Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on -
Restart DS:
% cd SAMBA_HOME % private/ldap/slapd-samba4/stop-slapd % private/ldap/slapd-samba4/start-slapd
[edit]
Starting Samba
% cd SAMBA_HOME % sbin/samba -i -M single
[edit]
Create Sync User Account
Add Sync user:
% ldapadd -H ldap://samba.example.com -x \ -D "cn=Administrator,cn=Users,dc=samba,dc=example,dc=com" -w Secret123 dn: cn=Sync,cn=Users,dc=samba,dc=example,dc=com objectClass: user userPassword: Secret123 sAMAccountName: sync userAccountControl: 512
Add user into Administrators group:
% ldapmodify -H ldap://samba.example.com -x \ -D "cn=Administrator,cn=Users,dc=samba,dc=example,dc=com" -w Secret123 dn: cn=Administrators,cn=Builtin,dc=samba,dc=example,dc=com changetype: modify add: member member: cn=Sync,cn=Users,dc=samba,dc=example,dc=com
Verify:
% ldapsearch -H ldap://samba.example.com -x \ -D "cn=Sync,cn=Users,dc=samba,dc=example,dc=com" -w Secret123 \ -b "dc=samba,dc=example,dc=com" -s base
[edit]
Enable Clear Text Password
ldapmodify -H ldap://samba.example.com -x \ -D "cn=Administrator,cn=Users,dc=samba,dc=example,dc=com" -w Secret123 \ dn: dc=samba,dc=example,dc=com changetype: modify replace: pwdProperties pwdProperties: 17
[edit]
Administration
% fedora-idm-console
Enter the following information:
- User ID: cn=Directory Manager
- Password: Secret123
- Administration URL: http://hostname:port
[edit]
Users
% cd samba/source4 % setup/newuser -U Administrator --password=Secret123 edewata New Password: Secret123
[edit]
DNS
Configure DNS using the zone file generated by Samba (/usr/local/samba/private/domain1.com.zone).
[edit]
