* Ubuntu Server 10.04 LTS (Lucid)
* A standard vanilla Ubuntu 10.04 server install.
* Set your admin user as a system user.
* Mount our user home directories to an NFS server
* domain name: tuxnetworks.com (change this to suit your own)
* ldap-server 10.1.1.5 (change this to suit your own)
We will start by configuring samba.
Download this samba config file;
~$ wget http://www.tuxnetworks.com/configs/smb.conf
Edit this file to suit your own network. You need to change the "ldap suffix" & "ldap admin" values, but you will probably also want to change "workgroup" and "netbios name" as well.
Create a samba directory;
sudo mkdir /etc/samba/
Copy the new smb.conf file into place;
~$ sudo cp smb.conf /etc/samba/
~$ sudo apt-get install samba samba-doc smbclient
Install the LDAP server
Next we want to install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAP management utilities;
~$ sudo apt-get install slapd ldap-utils libpam-smbpass smbldap-tools
By default slapd is configured with minimal options needed to run the slapd daemon.
The configuration example in the following sections will match the domain name of the server. For example, if the machine's Fully Qualified Domain Name (FQDN) is ldap.tuxnetworks.com, the default suffix will be dc=tuxnetworks,dc=com.
OpenLDAP uses a separate directory which contains the cn=config Directory Information Tree (DIT). The cn=config DIT is used to dynamically configure the slapd daemon, allowing the modification of schema definitions, indexes, ACLs, etc without stopping the service.
The backend cn=config directory has only a minimal configuration and will need additional configuration options in order to populate the frontend directory. The frontend will be populated with a "classical" scheme that will be compatible with address book applications and with Unix Posix accounts. Posix accounts will allow authentication to various applications, such as web applications, email Mail Transfer Agent (MTA) applications, etc.
* For external applications to authenticate using LDAP they will each need to be specifically configured to do so. Refer to the individual application documentation for details.
Remember to change "dc=tuxnetworks,dc=com" in the following examples to match your LDAP configuration.
First, some additional schema files need to be loaded. In a terminal enter:
~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif ~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif ~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
Download this LDIF file
~$ wget http://www.tuxnetworks.com/configs/backend.ldif
Edit the file to change "dc=tuxnetworks,dc=com" and "mypassword" to suit your own domain details.
A quick way to do this is to use sed;
sed -i s/dc=tuxnetworks,dc=com/dc=example,dc=net/g backend.ldif
Now add the LDIF to the LDAP directory:
~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ~/backend.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
adding new entry "olcDatabase=hdb,cn=config"
Samba needs us to tell it the LDAP admin password which we can do with this command;
~$ sudo smbpasswd -W
Setting stored password for "cn=admin,dc=tuxnetworks,dc=net" in secrets.tdb
New SMB password:
Retype new SMB password:
Use the password you entered in the backends.ldif file earlier.
And finally, we restart samba again;
~$ sudo service smbd restart
You can test that samba works by using the samba-client (when it asks for roots password just press Enter);
~$ sudo smbclient -L localhost
You should see something like this;
~$ sudo smbclient -L localhost Enter root's password: Anonymous login successful Domain=[SAMBA] OS=[Unix] Server=[Samba 3.4.7] Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers Share shared Disk archive Disk IPC$ IPC IPC Service (Samba 3.4.7) Anonymous login successful Domain=[SAMBA] OS=[Unix] Server=[Samba 3.4.7] Server Comment --------- ------- MYSAMBASERVER Samba 3.4.7 Workgroup Master --------- ------- MYSAMBAWORKGROUP MYSAMBASERVER
If you don't see the expected output, then you should stop right now and repeat the process. Having Samba incorrectly configured at this point will cause the rest of the procedure to fail.
OK, now that that we have the basic part done you should proceed to part 2.