Autentizace samby přes LDAP
Jaroslav Ille
jarda na vetrni.net
Pondělí Listopad 15 20:15:29 CET 2004
Pavel Lisy napsal(a):
> Jaroslav Ille píše v Ne 14. 11. 2004 v 18:59 +0100:
> Mohl byste zacit poslanim sve konfigurace, takto se na to neda nijak
> reagovat.
OK, nechtěl jsem zbytečně posílat nějaké soubory a zbytečně zahlcovat
konferu.
Takže pro začátek zde je smb.conf sekce global:
# Global parameters
[global]
dos charset = CP852
unix charset = ISO8859-2
workgroup = MDK
realm = SERVER.VETRNI.NET
netbios aliases = SERVER
server string = Samba Server PDC %v
interfaces = eth0
bind interfaces only = Yes
auth methods = sam
update encrypted = Yes
map to guest = Bad User
passdb backend = ldapsam:ldap://ldap.vetrni.net
passwd program = /usr/bin/passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n *successfuly*
username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
time server = Yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
hostname lookups = Yes
logon script = logon.bat
logon path =
logon drive = h:
domain logons = Yes
os level = 90
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
admin users = root, @root, jarda, @admin
printer admin = @root
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
hosts allow = 192.168.1.0/255.255.255.0
hide special files = Yes
hide unreadable = Yes
ldap suffix = dc=vetrni,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin
ldap ssl = no
ldap passwd sync = yes
-----------------------------------------------------------
a tady je slapd.conf
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /usr/share/openldap/schema/evolutionperson.schema
include /usr/share/openldap/schema/calendar.schema
include /usr/share/openldap/schema/sudo.schema
include /usr/share/openldap/schema/dnszone.schema
include /usr/share/openldap/schema/dhcp.schema
#include /usr/share/openldap/schema/rfc822-MailMember.schema
#include /usr/share/openldap/schema/pilot.schema
#include /usr/share/openldap/schema/qmail.schema
#include /usr/share/openldap/schema/mull.schema
#include /usr/share/openldap/schema/netscape-profile.schema
#include /usr/share/openldap/schema/trust.schema
include /etc/openldap/schema/local.schema
#include /etc/openldap/slapd.access.conf
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
modulepath /usr/lib/openldap
#moduleload back_dnssrv.la
#moduleload back_ldap.la
#moduleload back_meta.la
#moduleload back_monitor.la
#moduleload back_passwd.la
#moduleload back_sql.la
TLSCertificateFile /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
TLSCACertificateFile /etc/ssl/openldap/ldap.pem
# logging
loglevel -1
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=vetrni,dc=net"
rootdn "cn=admin,dc=vetrni,dc=net"
rootpw xxxxxxxx
directory /var/lib/ldap
checkpoint 256 5
index objectClass,uid,uidNumber,gidNumber,memberuid eq
index cn,mail,surname,givenname eq,subinitial
index sambaSID,sambaDomainName eq
access to *
by dn="uid=root,ou=Users,dc=vetrni,dc=net" write
by * read
-----------------------------------------------------------------------------
Napadá vás něco ?
Dík Jarda
Další informace o konferenci Linux