Samba整合Openldap认证
生活随笔
收集整理的這篇文章主要介紹了
Samba整合Openldap认证
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
Step 1☆ 執行安裝命令
rpm?-ivh?http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm yum?install?httpd?mysql?mysql-server?php?php-bcmath?php-gd?php-mbstring?php-xml?php-ldap?php-devel?php-mysql?openldap?openldap-servers?openldap-clients?openldap-devel?samba?samba-client?samba-common?samba-swat?db4?db4-devel?perl?migrationtools?pam_ldap?nss-pam-ldapd?perl-Crypt-SmbHash?smbldap-toolsStep 2☆ 配置認證
User Information ---- ? ?Use LDAP
Authentication ? ---- ? ?User MD5 Passwords
? ? ? ? ? ? ? ? ? ? ? ? Use Shadow Paawords
? ? ? ? ? ? ? ? ? ? ? ? Use LDAP authentication
? ? ? ? ? ? ? ? ? ? ? ? Use Local Authorization is sufficient
Step 3☆ 開啟防火墻端口,復制配置文件
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -I INPUT -p tcp --dport 139 -j ACCEPT
iptables -I INPUT -p tcp --dport 445 -j ACCEPT
iptables -I INPUT -p tcp --dport 389 -j ACCEPT
service iptables save
復制配置文件
cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Step 4☆ 配置LDAP
1、生成管理者密碼slappasswd
? ? ?admin----{SSHA}KJku+amXs1PhvMn8xK+sa1J2/QXg2XMa
2、編輯配置文件
cp -a /etc/openldap/slapd.d /etc/openldap/slapd.d.bak
cp -a /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak
vim /etc/openldap/slapd.conf
# -增加samba使用LDAP認證
include ? ? ? ? /etc/openldap/schema/samba.schema ?
# -修改DN信息
database monitor
access to *
? ? ? ?by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
? ? ? ?by dn.exact="cn=root,dc=example,dc=com" read
? ? ? ?by * none
#######################################################################
# database definitions
#######################################################################
database ? ? ? ?bdb
suffix ? ? ? ? ?"dc=example,dc=com"
checkpoint ? ? ?1024 15
rootdn ? ? ? ? ?"cn=root,dc=example,dc=com"
rootpw ?{SSHA}vh49ERIro5ND8TMrlexHAmUvvuuev2md
vim /etc/openldap/ldap.conf
? ?BASE ? ?dc=example,dc=com
3、新增ldif文件
mkdir /etc/openldap/data
vim /etc/openldap/data/root.ldif
# EXAMPLE LDAP Base DN
dn: dc=example,dc=com
dc: example
o: example.com
description: Root LDAP entry for example.com
objectClass: top
objectClass: dcObject
objectClass: organization
# Magager example.com Root DN
dn: ou=Users,dc=example,dc=com
ou: Users
objectClass: organizationalUnit
dn: ou=Groups,dc=example,dc=com
ou: Groups
objectClass: organizationalUnit
4、將資料加入OpenLDAP
rm -rf /etc/openldap/slapd.d/*
slapadd -v -l /etc/openldap/data/root.ldif
?The first database does not allow slapadd; using the first available one (2)
added: "dc=example,dc=com" (00000001)
added: "ou=Users,dc=example,dc=com" (00000002)
added: "ou=Groups,dc=example,dc=com" (00000003)
_#################### 100.00% eta ? none elapsed ? ? ? ? ? ?none fast! ? ? ? ?
Closing DB...
查詢結果
ldapsearch -x -b 'dc=example,dc=com'
新增使用者admin
adduser admin
passwd admin
cp /etc/passwd /etc/openldap/admin
vim /etc/openldap/admin
admin:x:500:500::/home/admin:/bin/bash
5、轉換使用信息
cd /usr/share/migrationtools
__________________________
?vim migrate_common.ph
? ?# Default DNS domain
? ?$DEFAULT_MAIL_DOMAIN = "example.com";
? ?# Default base
? ?$DEFAULT_BASE = "dc=example,dc=com";
____________________
./migrate_passwd.pl /etc/openldap/admin > /etc/openldap/data/user-admin.ldif
vim /etc/openldap/data/user-admin.ldif
我只是做簡單設定所以直接將使用者放置在根目錄下,而不是用 ou=People 來存放(所以要移除 ou=People)
dn: uid=admin,dc=example,dc=com
uid: admin
cn: admin
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$n1QQj5WS$H339VGvmLnHtOqieyDOaOTMcOXZEkMEvKpQWc3.4EnAWTQzrjm6EWk3xmA3lT1Z1M5Ps94FMvtfoX.tedZflE/
shadowLastChange: 16141
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/admin
6、添加admin至OpenLDAP
slapadd -v -l /etc/openldap/data/user-admin.ldif
The first database does not allow slapadd; using the first available one (2)
added: "uid=admin,dc=example,dc=com" (00000004)
_#################### 100.00% eta ? none elapsed ? ? ? ? ? ?none fast! ? ? ? ?
Closing DB...
查詢結果
ldapsearch -x -b 'dc=example,dc=com'
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
修改目錄權限
chown -R ldap:ldap /var/lib/ldap
chown -R ldap:ldap /etc/openldap/slapd.d
啟動LDAP服務
service slapd start
Step 5☆ 配置Samba
1、編輯配置文件
vim /etc/samba/smb.conf
? ?workgroup = example
netbios name = Samba
___________________
? ?security = user
? ? ? ?passdb backend = ldapsam:ldap://127.0.0.1
? ? ? ?ldap suffix = "dc=example,dc=com"
? ? ? ?ldap admin dn = "cn=root,dc=example,dc=com"
? ? ? ?ldap group suffix = "ou=Groups"
? ? ? ?ldap group suffix = "ou=Users"
? ? ? ?ldap delete dn = no
? ? ? ?ldap passwd sync = yes
? ? ? ?encrypt passwords = yes
? ? ? ?ldap ssl = no
_________________________________________
2、samba 要與 openldap 溝通前,samba 要先將 openldap 的密碼存在 /etc/samba/secrets.tdb,密碼就是剛剛設定 openldap 時要一樣
smbpasswd -w ooxxoo
Setting stored password for "cn=root,dc=example,dc=com" in secrets.tdb
service smb restart
Step 6☆ LDAP 加入 SambaAccount
1、新增用戶
smbpasswd -a admin
New SMB password:
Retype new SMB password:
Added user admin.
2、查詢結果;
service slapd start
ldapsearch -x -b "uid=admin,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <uid=admin,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# admin, example.com
dn: uid=admin,dc=example,dc=com
uid: admin
cn: admin
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: sambaSamAccount
userPassword:: e2NyeXB0fSQ2JG4xUVFqNVdTJEgzMzlWR3ZtTG5IdE9xaWV5RE9hT1RNY09YWkV
rTUV2S3BRV2MzLjRFbkFXVFF6cmptNkVXazN4bUEzbFQxWjFNNVBzOTRGTXZ0Zm9YLnRlZFpmbEUv
shadowLastChange: 16141
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/admin
sambaSID: S-1-5-21-1424841453-2780155375-4094610587-1001
sambaNTPassword: 209C6174DA490CAEB422F3FA5A7AE634
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1394606885
sambaAcctFlags: [U ? ? ? ? ?]
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Step 7☆ 測試
Step 8☆ 創建用戶及共享文件進行測試
1、創建LDAP用戶及設定密碼新建user.ldif dn:?uid=terry,ou=Users,dc=example,dc=com uid:?terry cn:?terry objectClass:?account objectClass:?posixAccount objectClass:?top objectClass:?shadowAccount userPassword: shadowLastChange:?16142 shadowMin:?0 shadowMax:?99999 shadowWarning:?7 loginShell:?/bin/sh uidNumber:?500 gidNumber:?500 homeDirectory:?/home/terry導入用戶文件 service?slapd?stop slapadd?-v?-l?/etc/openldap/data/user.ldif service?slapd?start 查詢用戶信息: ldapsearch?-x?-b?"uid=terry,ou=Users,dc=example,dc=com"#?extended?LDIF # #?LDAPv3 #?base?<uid=terry,ou=Users,dc=example,dc=com>?with?scope?subtree #?filter:?(objectclass=*) #?requesting:?ALL ##?terry,?Users,?example.com dn:?uid=terry,ou=Users,dc=example,dc=com uid:?terry cn:?terry objectClass:?account objectClass:?posixAccount objectClass:?top objectClass:?shadowAccount userPassword: shadowLastChange:?16142 shadowMin:?0 shadowMax:?99999 shadowWarning:?7 loginShell:?/bin/sh uidNumber:?500 gidNumber:?500 homeDirectory:?/home/terry#?search?result search:?2 result:?0?Success#?numResponses:?2 #?numEntries:?1 我們有看到userPassword:密碼是空,現在設置密碼 ldappasswd?-x?-D?"cn=Manager,dc=example,dc=com"?-W?"uid=terry,ou=Users,dc=example,dc=com"?-S確認密碼信息設置成功,查看userPassword項ldapsearch?-x?-b?"uid=terry,ou=Users,dc=example,dc=com"#?extended?LDIF # #?LDAPv3 #?base?<uid=terry,ou=Users,dc=example,dc=com>?with?scope?subtree #?filter:?(objectclass=*) #?requesting:?ALL ##?terry,?Users,?example.com dn:?uid=terry,ou=Users,dc=example,dc=com uid:?terry cn:?terry objectClass:?account objectClass:?posixAccount objectClass:?top objectClass:?shadowAccount shadowLastChange:?16142 shadowMin:?0 shadowMax:?99999 shadowWarning:?7 loginShell:?/bin/sh uidNumber:?500 gidNumber:?500 homeDirectory:?/home/terry userPassword::?e1NTSEF9ZllqUzFtcmE5YUpBblZGa0xzV1NmK2hneGpoTUEybUc=#?search?result search:?2 result:?0?Success#?numResponses:?2 #?numEntries:?1加入Samba用戶中 smbpasswd?-a?terryNew?SMB?password: Retype?new?SMB?password: Added?user?terry.再次確認用戶信息,多出了samba相關屬性 ldapsearch?-x?-b?"uid=terry,ou=Users,dc=example,dc=com" #?extended?LDIF # #?LDAPv3 #?base?<uid=terry,ou=Users,dc=example,dc=com>?with?scope?subtree #?filter:?(objectclass=*) #?requesting:?ALL ##?terry,?Users,?example.com dn:?uid=terry,ou=Users,dc=example,dc=com uid:?terry cn:?terry objectClass:?account objectClass:?posixAccount objectClass:?top objectClass:?shadowAccount objectClass:?sambaSamAccount shadowLastChange:?16142 shadowMin:?0 shadowMax:?99999 shadowWarning:?7 loginShell:?/bin/sh gidNumber:?500 homeDirectory:?/home/terry uidNumber:?501 sambaSID:?S-1-5-21-462812514-1559415819-1441562936-1002 displayName:?terry userPassword::?e1NTSEF9NzBURENybGQzSzZkSjlBL2xjTkRVaUdSZnhxMDVqUU8= sambaNTPassword:?748B42BFDA9DBBF776AC41DFF0E69A16 sambaPasswordHistory:?0000000000000000000000000000000000000000000000000000000000000000 sambaPwdLastSet:?1394762212 sambaAcctFlags:?[U??????????]#?search?result search:?2 result:?0?Success#?numResponses:?2 #?numEntries:?12、新建Samba共享文件夾 vim?/etc/samba/smb.conf[Public]comment?=?Publicpath?=?/tmppublic?=?yeswritable?=?yesprintable?=?noservice?smb?restart3、測試 smbclient?-L?127.0.0.1?-U?terry Enter?terry's?password:? Domain=[EXAMPLE]?OS=[Unix]?Server=[Samba?3.6.9-167.el6_5]Sharename???????Type??????Comment---------???????----??????-------Public??????????Disk??????PublicIPC$????????????IPC???????IPC?Service?(Version?3.6.9-167.el6_5)terry???????????Disk??????Home?Directories Domain=[EXAMPLE]?OS=[Unix]?Server=[Samba?3.6.9-167.el6_5]Server???????????????Comment---------????????????-------Workgroup????????????Master---------????????????-------轉載于:https://blog.51cto.com/fshuanglan/1376348
總結
以上是生活随笔為你收集整理的Samba整合Openldap认证的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Windows Phone 8本地化多语
- 下一篇: 关于WCF中间层服务器端DTO属性更新如