Nice tut for week-end. Long time to re-train Linux :)). So i start to built one PDC. 2 hour for first-time, hix
It is easiest way to buil PDC. thanks
Start:
Disable FireWall, SeLinux
yum install -y vim-ehanced
edit hosts file
vim /etc/hosts
Do not remove the following line, or various programs
that require network functionality will fail.
192.168.19.101 pdc.hbn.local pdc
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
vim /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=pdc.hbn.local
GATEWAY=192.168.19.2
install bind ( note you must add pdc.hbn.local to 192.168.19.101)
previous entry
install ldap
yum -y install openldap-servers openldap-clients
generate ldap password admin
slappasswd -s nam123 -h {MD5}
{MD5}VOGTJ3IVySVwvJZZvUj/QA==
edit config
vim /etc/openldap/slapd.conf
line 86: specify suffix
suffix "dc=hbn,dc=local"
line 87: specify admin suffix
rootdn "cn=Manager,dc=hbn,dc=local"
line 93: specify password generated (1)
rootpw {MD5}************************
add at the bottom
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=hbn,dc=local" write
by anonymous auth
by * none
access to *
by dn="cn=Manager,dc=hbn,dc=local" write
by self write
by * readaccess to *
by dn="cn=Manager,dc=hbn,dc=local" write
by self write
by * read
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
/etc/init.d/ldap start
chkconfig ldap on
cd /usr/share/openldap/migration
vim migrate_common.ph
line 71: specify domain name
$DEFAULT_MAIL_DOMAIN = "hbn.local";
line 74: specify suffix
$DEFAULT_BASE = "dc=hbn,dc=local";
./migrate_base.pl > base.ldif
ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f base.ldif
useradd cent
passwd cent
useradd fedora
passwd fedora
grep "x:[5-9][0-9][0-9]" /etc/passwd > passwd
grep "x:[5-9][0-9][0-9]" /etc/group > group
./migrate_passwd.pl passwd > passwd.ldif
./migrate_group.pl group > group.ldif
ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f passwd.ldif
ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f group.ldif
install samba
yum -y install samba
cp /usr/share/doc/samba-*/LDAP/samba.schema /etc/openldap/schema/
vim /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
add
include /etc/openldap/schema/samba.schema
add
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by dn="cn=Manager,dc=hbn,dc=local" write
by anonymous auth
by * none
/etc/rc.d/init.d/ldap restart
setup this PDC is openldap-client
setup
select Authentication Configuration
check boxes:
Use LDAP
and
Use LDAP Authenication
Next
change server to: 192.168.19.101 ( this PDC)
and Base DN to: dc=hbn,dc=local
vim /etc/pam.d/system-auth
add at the bottom
session optional pam_mkhomedir.so skel=/etc/skel umask=077
install smb-tool
install EPL
wget download.fedora.redhat.com/pub/epel/RPM-GPG..
rpm --import RPM-GPG-KEY-EPEL
rm -f RPM-GPG-KEY-EPEL
vim /etc/yum.repos.d/epel.repo
create new file like below
[epel]
name=EPEL RPM Repository for Red Hat Enterprise Linux
baseurl=download.fedora.redhat.com/pub/epel/$releas..
gpgcheck=1
enabled=0When you use EPEL repository, Input yum command like below.
yum --enablerepo=epel -y install smbldap-tools
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf
vim /etc/samba/smb.conf
line 3: change workgroup name to any one
workgroup = HBNLOCAL
line 12: maike it comment
#min passwd length = 3
line 22: change
ldap passwd sync =yes
line 33,34: change
Dos charset =CP932
Unix charset =UTF-8line 48: change LDAP admin DN (LDAP server's one)
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=hbn,dc=localline 50: change LDAP suffix (LDAP server's one)
ldap suffix =dc=hbn,dc=local
ldap group suffix = ou=Group
ldap user suffix = ou=Peopleline 60: uncomment
delete group script = /usr/sbin/smbldap-groupdel "%g"
line 64: add (specify admin user)
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
admin users = admin
mkdir /home/netlogon
service smb restart
smbpasswd -W
type LDAP admin pass ( nam123)
/usr/share/doc/smbldap-tools-*/configure.pl
smbldap-populate
smbldap-groupadd -a admin
smbldap-useradd -am -g admin admin
smbldap-passwd admin
This is result:
This is txt tut: http://www.mediafire.com/?935084cnwa96df8
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.
Nam Habach