2012. május 24., csütörtök

Samba PDC on Ubuntu 12.04 Using LDAP Backend - Part One

Today we start installing a Samba Primary Domain Controller (PDC), using OpenLDAP as a backend. A piece of advice: Do not start setting up the Samba PDC without having a pretty good name resolution working.
(Ez a cikk magyarul is olvasható.)
The first job is to prepare our OpenLDAP-server to store the data of the Samba-server. To do that we need the samba schema and the schema can be found for example in the samba-doc package.
sudo apt-get install samba-doc
After finishing the installation we put the schema file to the right place: 
sudo sh -c "zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz >/etc/ldap/schema/samba.schema"
Create a file called schema_convert.conf  (the name is of no importance - I call it like that because everyone else does so):
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
(We need all four lines as the samba schema depends on the other three.)
We create a temporary folder:
mkdir /tmp/ldif_output
Issuing the following command we create the LDIF file we need - and some others too:
slaptest -f schema_convert.conf -F /tmp/ldif_output/
Edit the file /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{3\}samba.ldif:
  • In the first (if you count the comments then the fourth) line change dn: cn={3}samba to dn: cn=samba,cn=schema,cn=config .
  • In the third (with comments: fith) line from the line cn: {3}samba leave only the cn: samba .
  • Remove the last seven line (starting with: structuralObjectClass: olcSchemaConfig)
Add the polished LDIF to the LDAP:
sudo ldapadd -Y EXTERNAL -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{3\}samba.ldif
If you get the message:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
    additional info: SASL(-4): no mechanism available:
then you have two choices. The first one is to complete your ldapadd command with the -H ldapi:/// switch and the second one is to add to the file /etc/ldap/ldap.conf a new line:
URI     ldapi:///
Clealry the latter is the better option.
You can find the added schema in the LDAP configuration. Have a look at it:
sudo ldapsearch -Q -LLL -Y EXTERNAL -b cn=schema,cn=config dn
Soon we'll continue with the PDC setup.
Bejegyezte: raerek

Nincsenek megjegyzések:

Megjegyzés küldése

Feliratkozás: Megjegyzések küldése (Atom)