Samba通过Openldap统一认证
发布时间:2020-07-07 05:13:49
来源:51CTO
阅读:25675
作者:linuxzkq
1.环境准备
1.1、实验环境
[root@moban ~]# cat /etc/redhat-release
CentOS release 6.8 (Final)
[root@moban ~]# uname -r
2.6.32-642.el6.x86_64
1.2、校准服务器时间
[root@moban ~]# ntpdate pool.ntp.org
12 Nov 01:11:59 ntpdate[2354]: adjust time server 202.118.1.81 offset 0.004307 sec
[root@moban ~]# crontab -l
#time sync
*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1
1.3、关闭selinux和iptables
[root@moban ~]# getenforce
Enforcing
[root@moban ~]# setenforce 0
[root@moban ~]# getenforce
Permissive
[root@moban ~]# service iptables stop
2.Openldap和Samba的安装配置
2.1、安装Openldap和Samba
[root@moban ~]# yum -y install openldap openldap-clients openldap-servers nss-pam-ldapd
[root@moban ~]# yum -y install samba-common samba samba-client
2.2、配置openldap
a.Openldap引用samba.schema
[root@moban ~]# cp /usr/share/doc/samba-3.6.23/LDAP/samba.schema /etc/openldap /schema/
b.拷贝openldap的示例配置文件
[root@moban ~]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
c.生成ldap管理员密码
[root@moban ~]# slappasswd -s 123456
{SSHA}Ae1JJTvbeP60y91e9MdAqOmpleSWG19o
d.修改配置文件
[root@moban ~]# vi /etc/openldap/slapd.conf
在18行插入如下内容:
18 include /etc/openldap/schema/samba.schema
注释掉99行到102行:
99 # database config
100 # access to *
101 # by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
102 # by * none
在111行插入如下访问权限内容:
111 access to attrs=userPassword
112 by self write
113 by anonymous auth
114 by * none
115 access to attrs=sambaNTPassword
116 by self write
117 by anonymous auth
118 by * none
119 access to *
120 by self write
121 by * read
修改126行到134行的内容为:
修改前:
126 database bdb
127 suffix "dc=my-domain,dc=com"
128 checkpoint 1024 15
129 rootdn "cn=Manager,dc=my-domain,dc=com"
130 # Cleartext passwords, especially for the rootdn, should
131 # be avoided. See slappasswd(8) and slapd.conf(5) for d
etails.
132 #