Autentizace samby přes LDAP

Jaroslav Ille jarda na vetrni.net
Pondělí Listopad 15 20:15:29 CET 2004


Pavel Lisy napsal(a):
> Jaroslav Ille píše v Ne 14. 11. 2004 v 18:59 +0100:

> Mohl byste zacit poslanim sve konfigurace, takto se na to neda nijak
> reagovat.

OK, nechtěl jsem zbytečně posílat nějaké soubory a zbytečně zahlcovat 
konferu.

Takže pro začátek zde je smb.conf sekce global:

# Global parameters
[global]
	dos charset = CP852
	unix charset = ISO8859-2
	workgroup = MDK
	realm = SERVER.VETRNI.NET
	netbios aliases = SERVER
	server string = Samba Server PDC %v
	interfaces = eth0
	bind interfaces only = Yes
	auth methods = sam
	update encrypted = Yes
	map to guest = Bad User
	passdb backend = ldapsam:ldap://ldap.vetrni.net
	passwd program = /usr/bin/passwd %u
	passwd chat = *new*password* %n\n *new*password* %n\n *successfuly*
	username map = /etc/samba/smbusers
	unix password sync = Yes
	log file = /var/log/samba/log.%m
	max log size = 50
	time server = Yes
	socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
	hostname lookups = Yes
	logon script = logon.bat
	logon path =
	logon drive = h:
	domain logons = Yes
	os level = 90
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	wins support = Yes
	admin users = root, @root, jarda, @admin
	printer admin = @root
	create mask = 0666
	force create mode = 0666
	directory mask = 0777
	force directory mode = 0777
	hosts allow = 192.168.1.0/255.255.255.0
	hide special files = Yes
	hide unreadable = Yes
	ldap suffix = dc=vetrni,dc=net
	ldap machine suffix = ou=Computers
	ldap user suffix = ou=Users
	ldap group suffix = ou=Groups
	ldap admin dn = cn=admin
	ldap ssl = no
	ldap passwd sync = yes
-----------------------------------------------------------

a tady je slapd.conf

include	/usr/share/openldap/schema/core.schema
include	/usr/share/openldap/schema/cosine.schema
include	/usr/share/openldap/schema/corba.schema
include	/usr/share/openldap/schema/inetorgperson.schema
include	/usr/share/openldap/schema/java.schema
include	/usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include	/usr/share/openldap/schema/misc.schema
include	/usr/share/openldap/schema/nis.schema
include	/usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /usr/share/openldap/schema/evolutionperson.schema
include /usr/share/openldap/schema/calendar.schema
include /usr/share/openldap/schema/sudo.schema
include /usr/share/openldap/schema/dnszone.schema
include /usr/share/openldap/schema/dhcp.schema

#include /usr/share/openldap/schema/rfc822-MailMember.schema
#include /usr/share/openldap/schema/pilot.schema
#include /usr/share/openldap/schema/qmail.schema
#include /usr/share/openldap/schema/mull.schema
#include /usr/share/openldap/schema/netscape-profile.schema
#include /usr/share/openldap/schema/trust.schema

include	/etc/openldap/schema/local.schema

#include 	/etc/openldap/slapd.access.conf
pidfile		/var/run/ldap/slapd.pid
argsfile	/var/run/ldap/slapd.args

modulepath	/usr/lib/openldap
#moduleload      back_dnssrv.la
#moduleload      back_ldap.la
#moduleload      back_meta.la
#moduleload      back_monitor.la
#moduleload      back_passwd.la
#moduleload      back_sql.la

TLSCertificateFile      /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
TLSCACertificateFile    /etc/ssl/openldap/ldap.pem

# logging
loglevel -1

#######################################################################
# database definitions
#######################################################################

database	bdb
suffix		"dc=vetrni,dc=net"
rootdn		"cn=admin,dc=vetrni,dc=net"
rootpw		xxxxxxxx
directory	/var/lib/ldap

checkpoint 256 5
index   objectClass,uid,uidNumber,gidNumber,memberuid	eq
index	cn,mail,surname,givenname			eq,subinitial
index	sambaSID,sambaDomainName			eq

access to *
         by dn="uid=root,ou=Users,dc=vetrni,dc=net" write
         by * read

-----------------------------------------------------------------------------

Napadá vás něco ?

Dík Jarda


Další informace o konferenci Linux