1. Backup Currently Running IP Configuration File
cp /etc/network/interfaces /home/sugizo/bkup/interfaces.ori
2. Edit IP Address Configuration File
sudo vim /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.44.3
netmask 255.255.255.0
gateway 192.168.44.2
network 192.168.44.0
broadcast 192.168.44.255
auto eth1
iface eth1 inet static
address 18.18.18.3
netmask 255.255.255.0
gateway 192.162.44.2
network 18.18.18.0
broadcast 18.18.18.255
auto eth2
iface eth2 inet static
address 88.88.88.3
netmask 255.255.255.0
gateway 192.168.44.2
network 88.88.88.0
broadcast 88.88.88.255
3. Backup Currently Hostname File Configuration
cp /etc/hostname /home/sugizo/bkup/hostname.ori
4. Edit Hostname File Configuration
sudo vim /etc/hostname
karmic.ubuntu64.vmw
5. Backup Currently Host Addresses Configuration
cp /etc/hosts /home/sugizo/bkup/hosts.ori
6. Change Host Addresses Configuration
sudo vim /etc/hosts
127.0.0.1 localhost
127.0.1.1 karmic.ubuntu64.vmw karmic
192.168.44.3 karmic.ubuntu64.vmw karmic
18.18.18.3 karmic.ubuntu64.vmw karmic
88.88.88.3 karmic.ubuntu64.vmw karmic
7. Reboot the Machine
sudo reboot
8. Update List Packages
sudo apt-get update
9. Install Extended Internet Service, Flip Converter, Samba Web Administration Tool (SWAT), Samba Client Server, OpenLDAP Client Server, Apache 2 Web Server, PHP, PHPLDAPADMIN, Network File System (NFS)
sudo apt-get install xinetd flip swat samba samba-doc smbclient smbldap-tools slapd ldap-utils migrationtools auth-client-config libpam-ldap libnss-ldap apache2 php5 phpldapadmin nfs-kernel-server nfs-common portmap
10. LDAP Initialize Configuration (Change * with your own Password):
Administrator password: *****
Confirm password: *****
LDAP server Uniform Resource Identifier: ldap://localhost
Distinguished name of the search base: dc=ubuntu64,dc=vmw
LDAP version to use: 3
Make local root Database admin: No (If you are using NFS mounted /etc or any other custom setup, you should disable this.)
Does the LDAP database require login? No (Under a normal setup, this is not needed.)
11. Backup Currently Samba File Configuration
cp /etc/samba/smb.conf /home/sugizo/bkup/smb.conf.ori
12. Edit Samba File Configuration
sudo vim /etc/samba/smb.conf
12.1. Add on The [global] Section
# LDAP Settings
ldap suffix = dc=ubuntu64,dc=vmw
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = dc=ubuntu64,dc=vmw
ldap admin dn = cn=admin,dc=ubuntu64,dc=vmw
ldap passwd sync = yes
passwd program = sudo /usr/sbin/smbldap-passwd %u
ldap delete dn = yes
add user script = sudo /usr/sbin/smbldap-useradd -a -P ‘%u”
delete user script = sudo /usr/sbin/smbldap-userdel -r ‘%u”
add group script = sudo /usr/sbin/smbldap-groupadd -a -p “%g”
delete group script = sudo /usr/sbin/smbldap-groupdel -a “%g”
add user to group script = sudo /usr/sbin/smbldap-groupmod -m “%u” %”g”
delete user from group script = /usr/sbin/smbldap-groupmod -x “%u” “%g”
set primary group script = /usr/sbin/smbldap-usermod -g “%g” “%u”
add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w “%u”
passdb backend = ldapsam:ldap://localhost
; ldap ssl = start tls
netbios name = karmic
username map = /etc/samba/smbusers
preferred master = yes
passwd chat debug = yes
log level = 3
local master = yes
os level = 35
[share]
comment = Share Folder
path = /home/sugizo/share
read only = no
guest ok = yes
browseable = yes
share modes = yes
available = yes
public = yes
[allusers]
comment = All Users
path = /home/shares/allusers
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
read only = no
browseable = yes
share modes = yes
[ldaphome]
comment = LDAP Home
path = /ldaphome
writeable = yes
browseable = yes
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
12.2. Change
workgroup = UBUNTU64
server string = %h server (Samba, Ubuntu)
log file = /var/log/samba/log.%m
max log size = 100
security = user
encrypt passwords = true
; passdb backend = tdbsam
obey pam restrictions = no
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
domain logons = yes
logon path = \\%N\%U\profile
logon drive = H:
logon home = \\%N\%U
logon script = allusers.bat
load printers = yes
printing = cups
printcap name = cups
socket options = TCP_NODELAY
domain master = yes
idmap uid = 15000-20000
idmap gid = 15000-20000
[homes]
comment = Home Directories
browseable = yes
read only = no
create mask = 0775
directory mask = 0775
valid users = %S
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
read only = no
share modes = no
admin users = Administrator
valid users = %U
[profiles]
comment = Users profiles
path = /home/samba/profiles
guest ok = no
browseable = yes
create mask = 0600
directory mask = 0700
valid users = %U
read only = no
[printers]
comment = All Printers
browseable = yes
path = /var/spool/samba
printable = yes
guest ok = yes
read only = no
create mask = 0700
public = yes
print command = sudo /usr/bin/lpr -P%p -r %s
13. Create Samba Directories
sudo mkdir –p /home/sugizo/share
sudo mkdir -p /home/samba/netlogon
sudo mkdir -p /home/samba/profiles
sudo mkdir -p /home/shares/allusers
14. Change Mode and Owner of Samba Directories
sudo chmod 777 /var/spool/samba
sudo chmod -R 777 /home/sugizo/share
sudo chmod -R 771 /home/samba
sudo chmod -R ug+rwx,o+rx-w /home/shares/allusers
sudo chown -R root:users /home/samba
sudo chown -R root:users /home/shares/allusers
15. Create Samba Root Password
sudo smbpasswd -a root
16. Create Samba User Name Map File
sudo vim /etc/samba/smbusers
root=Administrator
17. Set Domain Group for Windows Account
sudo net groupmap add ntgroup=”Domain Admins” unixgroup=root
sudo net groupmap add ntgroup=”Domain Users” unixgroup=users
sudo net groupmap add ntgroup=”Domain Guests” unixgroup=nogroup
18. Add Samba User (Change User with Your Own Name)
sudo useradd -m -G user
19. Create Samba Logon Script
sudo vim /home/samba/netlogon/allusers.bat
@echo off
REM # SYNC THE TIME WITH THE SERVER
net time \\karmic.ubuntu64.vmw /set /y
REM # DELETE ALL MAPPED DRIVES
net use h: /delete
REM # MAP ALL NECESSARY DRIVES
net use h: “\\karmic.ubuntu64.vmw\ldaphome\%username%”
20. Convert Logon Script
sudo flip -m /home/samba/netlogon/allusers.bat
21. Test Samba Server
sudo smbclient -L localhost -U%
22. Check Inetd Configruation File (Ensure SWAT Service is On)
sudo vim /etc/inetd.conf
swat stream tcp nowait.400 root /usr/sbin/tcpd /usr/sbin/swat
23. Create SWAT Extended Internet Service
sudo vim /etc/xinetd.d/swat
service swat
{
port = 901
socket_type = stream
wait = no
user = root
server = sudo /usr/sbin/swat
log_on_failure += USERID
disable = no
}
24. Configure OpenLDAP Server
sudo dpkg-reconfigure slapd
Omit OpenLDAP server configuration? No
DNS domain name: ubuntu64.vmw
Name of your organization: ubuntu64.vmw
BDB
Do you want the database to be removed when slapd is purged? Yes
Move old database? Yes
Administrator password: *****
Confirm password: *****
Allow LDAPv2 protocol? No
25. Make LDAP Home Data
sudo mkdir /ldaphome
26. Search LDAP on Server
sudo ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
26.1. If not found :
cd /etc/ldap
26.1.1. Add The Schema:
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif
26.1.2. Create Database LDAP (change ***** with your own password) :
sudo vim db.ldif
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: {0}back_hdb
# Create the database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=ubuntu64,dc=vmw
olcRootDN: cn=admin,dc=ubuntu64,dc=vmw
olcRootPW: *****
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn=”cn=admin,dc=ubuntu64,dc=vmw” write by anonymous auth by self write by * none
olcAccess: to dn.base=”” by * read
olcAccess: to * by dn=”cn=admin,dc=ubuntu64,dc=vmw” write by * read
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
26.1.3. Load the Module and Initialize Database
ldapadd -Y EXTERNAL -H ldapi:// -f db.ldif
26.1.4. Create Encrypt Password for Admin Account using MD5
slappasswd -h {MD5}
26.1.5. Create the Base DN and Admin Account for the OpenLDAP Server
sudo vim base.ldif
dn: dc=ubuntu64,dc=vmw
objectClass: dcObject
objectclass: organization
o: ubuntu64.vmw
dc: ubuntu64
description: My LDAP Root
dn: cn=admin,dc=ubuntu64,dc=vmw
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {MD5}hp/m8qpkW2dHYOKU47tZ6g==
description: LDAP administrator
26.1.6. Load the Base DN into the Database
ldapadd -Y EXTERNAL -H ldapi:// -f base.ldif
26.1.7. Set OpenLDAP to the default cn=admin,cn=config
sudo vim config.ldif
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcRootDN
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {MD5}hp/m8qpkW2dHYOKU47tZ6g==
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
26.1.8. Restart OpenLDAP Service
sudo service slapd restart
26.1.9. Search LDAP on The Server
sudo ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
26.2. If found :
sudo su
26.2.1. Edit LDAP Database to Support Samba Password
sudo vim olcDatabase\=\{1\}hdb.ldif
olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPass
word by dn=”cn=admin,dc=ubuntu64,dc=vmw” write by anonymous auth by self write by * none
26.2.2. Restart LDAP Service
sudo service slapd restart
26.2.3. Search LDAP on The Server
sudo ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
27. Create samba.schema on /etc/ldap/schema
sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/
sudo gzip -d /etc/ldap/schema/samba.schema.gz
28. Create Samba LDAP Configuration File
sudo vim schema_convert.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/samba.schema
29. Make Temporary Directory Output
sudo mkdir /tmp/ldif_output
30. Convert the Samba LDAP Schema Files
sudo slaptest -f schema_convert.conf -F /tmp/ldif_output
31. Edit Samba LDAP Configuration File
sudo vim /tmp/ldif_output/cn=config/cn=schema/cn={12}samba.ldif
31.1. Change
dn: cn=samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: samba
31.2 Remove
structuralObjectClass: olcSchemaConfig
entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95
creatorsName: cn=config
createTimestamp: 20080827045234Z
entryCSN: 20080827045234.341425Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20080827045234Z
32. Add Samba LDAP Configuration File to LDAP Database
sudo ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{12\}samba.ldif
33. Create Samba LDAP Indexes File
sudo vim samba_indexes.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub
34. Add Samba LDAP Indexes File to LDAP Database
sudo ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif
35. Search LDAP on Server
sudo ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
36. Configure smbldap-tools
sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz
sudo perl /usr/share/doc/smbldap-tools/configure.pl
Samba Configuration File Path [/etc/samba/smb.conf] > /etc/samba/smb.conf
Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] > /etc/smbldap-tools/
workgroup name [UBUNTU64] > UBUNTU64
netbios name [jaunty] > jaunty
logon drive [H:] > H:
logon home (press the “.” character if you don’t want homeDirectory) [\\%N\%U] > \\%N\%U
logon path (press the “.” character if you don’t want roaming profile) [\\%N\%U\profile] > \\%N\%U\profile
home directory prefix (use %U as username) [/home/%U] > /home/%U
default users’ homeDirectory mode [700] > 700
default user netlogon script (use %U as username) [allusers.bat] > allusers.bat
default password validation time (time in days) [45] > 45
ldap suffix [dc=ubuntu64,dc=vmw] > dc=ubuntu64,dc=vmw
ldap group suffix [ou=Groups] > ou=Groups
ldap user suffix [ou=People] > ou=People
ldap machine suffix [ou=Computers] > ou=Computers
Idmap suffix [dc=ubuntu64,dc=vmw] > ou=Idmap
sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=UBUNTU64] > sambaDomainName=UBUNTU64
ldap master server [localhost] > 127.0.0.1
ldap master port [389] > 389
ldap master bind dn [cn=admin,dc=ubuntu64,dc=vmw] > cn=admin,dc=ubuntu64,dc=vmw
ldap master bind password [] > *****
ldap slave server [localhost] > 127.0.0.1
ldap slave port [389] > 389
ldap slave bind dn [cn=admin,dc=ubuntu64,dc=vmw] > cn=admin,dc=ubuntu64,dc=vmw
ldap slave bind password [] >
ldap tls support (1/0) [0] > 0
SID for domain UBUNTU64 [S-1-5-21-4237789727-2601312008-1567073269] > S-1-5-21-4237789727-2601312008-1567073269
unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > SSHA
default user gidNumber [513] > 513
default computer gidNumber [515] > 515
default login shell [/bin/bash] > /bin/bash
default skeleton directory [/etc/skel] > /etc/skel
default domain name to append to mail adress [] > ubuntu64.vmw
Output Files Are In :
/etc/smbldap-tools/smbldap.conf
/etc/smbldap-tools/smbldap_bind.conf
37. Edit smbldap_bind.conf (Change ***** with Your Own Password)
sudo vim /etc/smbldap-tools/smbldap_bind.conf
slaveDN=”cn=admin,dc=ubuntu64,dc=vmw”
slavePw=”*****”
masterDN=”cn=admin,dc=ubuntu64,dc=vmw”
masterPw=”*****”
38. Make Backup of LDAP Data Interchange Format (LDIF) File
sudo slapcat -l backup.ldif
39. Add the Necessary Users, Groups, and LDAP Objects Required for Samba
sudo smbldap-populate
40. Configure LDAP Configuration File
cp /etc/nsswitch.conf /home/sugizo/bkup/nsswitch.conf.ori
cp /etc/ldap/ldap.conf /home/sugizo/bkup/ldapldap.conf.ori
cp /etc/ldap.conf /home/sugizo/bkup/ldap.conf.ori
sudo vim /etc/ldap.conf
host 127.0.0.1
base dc=ubuntu64,dc=vmw
uri ldap://127.0.0.1/
rootbinddn cn=admin,dc=ubuntu64,dc=vmw
bind_policy soft
41. Backup LDAP Configuration File
sudo cp /etc/ldap.conf /etc/ldap/ldap.conf
42. Make open_ldap File
sudo vim /etc/auth-client-config/profile.d/open_ldap
[open_ldap]
nss_passwd=passwd: compat ldap
nss_group=group: compat ldap
nss_shadow=shadow: compat ldap
nss_netgroup=netgroup: compat ldap
pam_auth=auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
pam_account=account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
pam_password=password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
pam_session=session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel/
session required pam_unix.so
session optional pam_ldap.so
43. Backup Files:
cd /etc/pam.d/
sudo mkdir bkup
sudo cp * bkup/
44. Enable the New OpenLDAP Profile
sudo auth-client-config -a -p open_ldap
45. Check nsswitch.conf (Ensure that Configuration is Like This)
sudo vim /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”’ for information about this file.
# pre_auth-client-config # passwd: compat
passwd: compat ldap
# pre_auth-client-config # group: compat
group: compat ldap
# pre_auth-client-config # shadow: compat
shadow: compat ldap
hosts: files dns ldap
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
# pre_auth-client-config # netgroup: nis
netgroup:compat ldap
46. Reconfigure Portmap
sudo dpkg-reconfigure portmap
Should portmap be bound to the loopback address? No
47. Make NFS Share Directores
sudo mkdir /home/sugizo/NFS
48. Edit NFS Kernel Server
cp /etc/exports /home/sugizo/bkup/exports.ori
sudo vim /etc/exports
/home/sugizo/NFS gss/krb5i(rw,sync,no_subtree_check)
/ldaphome *(rw,async)
49. Restart Portmap and NFS Service
sudo service nfs-kernel-server restart
sudo service portmap restart
50. Mount NFS Folder on Client
sudo mount 192.168.44.3:/home/sugizo/NFS /home/tetsu/NFS
or
sudo mount karmic.ubuntu64.vmw:/ldaphome /ldaphome
51. Create Automatic Mount Folder
51.1. Backup Currently File System File Configuration
cp /etc/fstab /home/sugizo/bkup/fstab.ori
51.2. Edit File System File COnfiguration
sudo vim /etc/fstab
# Custom NFS mount for home directories.
sudo mount karmic.ubuntu64.vmw:/ldaphome /ldaphome nfs rsize=8192,wsize=8192,timeo=14,intr
Recent Comments