CentOS 5
Sponsored Link

Samba BDC
 
Build Samba BDC (backup domain controller). Of course, Samba PDC needs to be running in your LAN and also this Samba BDC is LDAP client.
[1] smb.conf is almost the same with PDC. Different section is 'domain master' section and LDAP server's IP address.
[root@slave ~]#
yum --enablerepo=epel -y install smbldap-tools
 
# install from EPEL
[root@slave ~]#
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

[root@slave ~]#
cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf

[root@slave ~]#
vi /etc/samba/smb.conf
# line 3: change workgroup name to any one

workgroup =
ServerWorld
# line 12: maike it comment

#
min passwd length = 3
# line 22: change

ldap passwd sync =
yes
# line 33,34: change

Dos charset =
CP932

Unix charset =
UTF-8
# line 42: change (different section from PDC)

domain master =
No
# line 47: change (LDAP server's IP address - different section from PDC)

passdb backend = ldapsam:
ldap://10.0.0.39/
# line 48: change LDAP admin DN (LDAP server's one)

ldap admin dn = cn=Manager,
dc=server,dc=world
# line 50: change LDAP suffix (LDAP server's one)

ldap suffix =
dc=server,dc=world

ldap group suffix = ou=
Group

ldap user suffix = ou=
People
# line 60: uncomment

delete group script = /usr/sbin/smbldap-groupdel "%g"
# line 64: add (specify admin user)

set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
admin users = admin
[root@slave ~]#
mkdir /home/netlogon

[root@slave ~]#
/etc/rc.d/init.d/smb restart

Shutting down SMB services:
[ OK ]

Shutting down NMB services:
[ OK ]

Starting SMB services:
[ OK ]

Starting NMB services:
[ OK ]
[root@slave ~]#
smbpasswd -W
# add LDAP admin password

Setting stored password for "cn=Manager,dc=server,dc=world" in secrets.tdb
New SMB password:
Retype new SMB password:
[root@slave ~]#
net rpc getsid
# get SID in PDC

Password:
# LDAP admin password

Could not connect to server PDC-SRV  
# no ploblem

The username or password was not correct.
Storing SID S-1-5-21-3178205627-4140913089-3601047624 for Domain SERVERWORLD in secrets.tdb  
# remember this
[root@slave ~]#
perl /usr/share/doc/smbldap-tools-*/configure.pl 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
       smbldap-tools script configuration
       -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Before starting, check
 . if your samba controller is up and running.
 . if the domain SID is defined (you can get it with the 'net getlocalsid')

 . you can leave the configuration using the Ctrl-c key combination
 . empty value can be set with the "." character
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Looking for configuration files...
Samba Configuration File Path [/etc/samba/smb.conf] >
# Enter
The default directory in which the smbldap configuration files are stored is shown.
If you need to change this, enter the full directory path, then press enter to continue.
Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] >  
# Enter

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's start configuring the smbldap-tools scripts ...
. workgroup name: name of the domain Samba act as a PDC
workgroup name [ServerWorld] >
# Enter

. netbios name: netbios name of the samba controler
netbios name [PDC-SRV] >
# Enter

. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
logon drive [H:] >
# Enter

. logon home: home directory location (for Win95/98 or NT Workstation).
(use %U as username) Ex:'\\PDC-SRV\%U'
logon home (press the "." character if you don't want homeDirectory) [\\PDC-SRV\%U] >
.
 
# input a period

. logon path: directory where roaming profiles are stored. Ex:'\\PDC-SRV\profiles\%U'
logon path (press the "." character if you don't want roaming profile) [\\PDC-SRV\profiles\%U] >
.
 
# input a period

. home directory prefix (use %U as username) [/home/%U] >
# Enter

. default users' homeDirectory mode [700] >
# Enter

. default user netlogon script (use %U as username) [logon.bat] >  
# Enter

default password validation time (time in days) [45] >
# Enter

. ldap suffix [dc=server,dc=world] >
# Enter

. ldap group suffix [ou=Group] >
# Enter

. ldap user suffix [ou=People] >
# Enter

. ldap machine suffix [ou=Computers] >
# Enter

. Idmap suffix [ou=Idmap] >
# Enter

. sambaUnixIdPooldn: object where you want to store the next uidNumber
and gidNumber available for new users and groups
sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=ServerWorld] >  
# Enter

. ldap master server: IP adress or DNS name of the master (writable) ldap server
ldap master server [10.0.0.39] >
# Enter

. ldap master port [389] >
# Enter

. ldap master bind dn [cn=Manager,dc=server,dc=world] >  
# Enter

. ldap master bind password [] >
# LDAP admin password

. ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
ldap slave server [10.0.0.39] >
# specify LDAP slave's IP (Enter with empy if none)

. ldap slave port [389] >
# Enter

. ldap slave bind dn [cn=Manager,dc=server,dc=world] >
# Enter

. ldap slave bind password [] >
# Input if there is, if not input the same one with master

. ldap tls support (1/0) [0] >
# Enter

. SID for domain SERVERWORLD: SID of the domain (can be obtained with 'net getlocalsid PDC-SRV')
SID for domain SERVERWORLD [S-1-5-21-1408951518-2773026720-1935188473] >
S-1-5-21-3178205627-4140913089-3601047624
 
# input SID (same to PDC)

. unix password encryption: encryption used for unix passwords
unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] >
MD5
 
# specify MD5

. default user gidNumber [513] >
# Enter

. default computer gidNumber [515] >
# Enter

. default login shell [/bin/bash] >
# Enter

. default skeleton directory [/etc/skel] >
# Enter

. default domain name to append to mail adress [] >
# Enter

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
backup old configuration files:
  /etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
  /etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
writing new configuration file:
  /etc/smbldap-tools/smbldap.conf done.
  /etc/smbldap-tools/smbldap_bind.conf done.
[root@slave ~]#
/etc/rc.d/init.d/smb restart

Shutting down SMB services:
[ OK ]

Shutting down NMB services:
[ OK ]

Starting SMB services:
[ OK ]

Starting NMB services:
[ OK ]
[root@slave ~]#
pdbedit -L
# verify users' info

root:0:root
# make sure the result is the same with PDC

nobody:99:nobody
admin:1000:admin
e-fd3s$:1001:E-FD3S$
localhost$:1003:Computer
rx-7$:4294967295:
Matched Content