Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1

January 4, 2010

I would notice that based on my experience, configuring Samba PDC + OpenLDAP on openSUSE 11.1 are a long journey that would bring you into headache, so you must be careful on copying the configuration and make a proper changes to meet with your environment. Please give me a comment if you found a typo or an error message while trying the tutorial.

I’m using vavai.net as domain name, server as hostname and 192.168.1.254 as server IP address.

INSTALLING BASE SYSTEM

  1. Install openSUSE with the default option. You may choose to use standard disk partition, LVM or a RAID array. Also, select your preferred interface between graphical or text mode environment
  2. Install the following pattern with YAST | Software | Software Management or Zypper : lamp_server dhcp_dns_server file_server directory_server
  3. Install following package using openSUSE Build Service : perl-Unicode-MapUTF8 perl-ldap smbldap-tools phpldapadmin

CONFIGURING SAMBA

  1. Backup old Samba configuration
    [code language=’cpp’]
    su
    cd /etc/samba/
    mv smb.conf smb.conf.old
    [/code]
  2. Create a new /etc/samba/smb.conf with your preferred editor and with root permission. Copy-paste the following configuration and make a proper changes according to your environment :
    [code language=’cpp’]
    # Primary Domain Controller smb.conf
    # Global parameters
    [global]
    unix charset = utf8
    workgroup = VAVAI
    netbios name = server
    # passdb backend =ldapsam:”ldap://server.vavai.net” ## Leave it as is
    username map = /etc/samba/smbusers
    log level = 1
    syslog = 0
    log file = /var/log/samba/%m
    max log size = 0
    name resolve order = wins bcast hosts
    time server = Yes
    printcap name = CUPS
    add user script = /usr/sbin/smbldap-useradd -m ‘%u’
    delete user script = /usr/sbin/smbldap-userdel ‘%u’
    add group script = /usr/sbin/smbldap-groupadd -p ‘%g’
    delete group script = /usr/sbin/smbldap-groupdel ‘%g’
    add user to group script = /usr/sbin/smbldap-groupmod -m ‘%g’ ‘%u’
    delete user from group script = /usr/sbin/smbldap-groupmod -x ‘%g’ ‘%u’
    set primary group script = /usr/sbin/smbldap-usermod -g ‘%g’ ‘%u’
    add machine script = /usr/sbin/smbldap-useradd -w ‘%u’
    logon script = logon.bat
    logon path = \serverprofiles%u
    logon drive = H:
    domain logons = Yes
    domain master = Yes
    wins support = Yes
    # peformance optimization all users stored in ldap
    ldapsam:trusted = yes
    ldap suffix = dc=vavai,dc=net
    ldap machine suffix = ou=Computers,ou=Users
    ldap user suffix = ou=People,ou=Users
    ldap group suffix = ou=Groups
    ldap idmap suffix = ou=Idmap
    ldap admin dn = cn=Manager,dc=vavai,dc=net
    idmap backend = ldap://127.0.0.1
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    printer admin = root
    printing = cups

    #========================Share Definitions=========================

    [homes]
    comment = Home Directories
    valid users = %S
    browseable = yes
    writable = yes
    create mask = 0600
    directory mask = 0700

    [sysvol]
    path = /data/samba/sysvol
    read only = no

    [netlogon]
    comment = Network Logon Service
    path = /data/samba/sysvol/vavai.net/scripts
    writeable = yes
    browseable = yes
    read only = no

    [profiles]
    path = /data/samba/profiles
    writeable = yes
    browseable = no
    read only = no
    create mode = 0777
    directory mode = 0777

    [Documents]
    comment = share to test samba
    path = /data/documents
    writeable = yes
    browseable = yes
    read only = no
    valid users = “@Domain Users”
    [/code]

  3. Create Samba folder
    [code language=’cpp’]
    mkdir /data
    mkdir /data/samba
    mkdir /data/samba/sysvol
    mkdir /data/samba/sysvol/vavai.net
    mkdir /data/samba/sysvol/vavai.net/scripts
    mkdir /data/documents
    mkdir /data/samba/profiles
    [/code]
  4. Edit /etc/hosts so the content would like this :
    [code language=’cpp’]
    # IP-Address FullyQualifiedHostName ShortHostname
    #
    127.0.0.1  localhost localhost.localdomain
    192.168.1.254 server server.vavai.net
    [/code]
  5. Get the Samba server Local SID with the following command :
    [code language=’cpp’]
    net getlocalsid
    [/code]
    Samba will response with the SID for domain, ex : SID for domain SERVER is: S-1-2-33-4444444444-5555555555-6666666666. Write it because we will need the SID for smbldap-tools
  6. Edit /etc/samba/smb.conf and remove the mark from the following line :
    [code language=’cpp’]
    # passdb backend =ldapsam:”ldap://server.vavai.net” ## Leave it as is
    [/code]
    so, it will looks like this :
    [code language=’cpp’]
    passdb backend =ldapsam:”ldap://server.vavai.net”
    [/code]

We will continue to the second tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Configuring LDAP Server


Share

Linux

Masim "Vavai" Sugianto
Traveller, Open Source Enthusiast & Book Lover. Works as Independent Worker & Self-Employer.