Search:  
Gentoo Wiki

HOWTO_LDAP_SAMBA_PDC_Basic_Evaluation


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Previous page Top Next Page

Contents


In this section we will evaluate the Basic setup, testing various portions in order to evaluate functionality. First we will start with ldap

Populate

Before we can execute the majority of these tests we first need get some critical inital entires into the LDAP database, the best way to do that is with smbldap-tools.

# smbldap-populate

LDAP

The following command will produce a list of all the entries in LDAP, also it verifys that slapd is working properly and that /etc/openldap/ldap.conf is working. We should get several entries back.

# ldapsearch -D "cn=manager,dc=example,dc=net" -W

If you show error message and not using cn=config use parameter -x ( ldapsearch -D "cn=manager,dc=example,dc=net" -W -x)

PAM / NSS LDAP

To do a basic verification of the user system we'll use the getent command to look up some passwd information

# getent passwd |grep 0:0
which should return something similar to this
Note: less than two lines returned from this command shows that there is an error with NSS LDAP and that you should examine files related to it to find the error

Code: good getent output
root:x:0:0:root:/root:/bin/bash
root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false


To test our PAM system, we'll create a system account in LDAP and will try to login with this new user. To create this system acccont we'll use smbldap-useradd

# smbldap-useradd -a -m -P testuser

which should return the following

Code: smbldap-useradd output
Changing password for testuser
New password :
Retype new password :

Next we can try a UNIX login to our system as testuser. we can do this using another console or ssh. Everything should work fine.

# ssh testuser@localhost
Code: ssh
Password:
Last login: Wed Nov 23 20:55:13 2005 from localhost
testuser@system ~ $

Samba

We can verify that Samba-3 can obtain the user accounts from the LDAP passwd backend by executing the following command.

# pdbedit -Lv testuser

output from this command should resemble the following

Code: good pdbedit output
Unix username:        testuser
NT username:          testuser
Account Flags:        [UX         ]
User SID:             S-1-5-21-1832081158-3534132708-4235750906-3010
Primary Group SID:    S-1-5-21-1832081158-3534132708-4235750906-513
Full Name:            System User
Home Directory:       \\COMPUTER_NAME\testuser
HomeDir Drive:        H:
Logon Script:         logon.bat
Profile Path:         \\COMPUTER_NAME\profiles\testuser
Domain:               YOUR_DOMAIN
Account desc:         System User
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Tue, 19 Jan 2038 03:14:07 GMT
Kickoff time:         Tue, 19 Jan 2038 03:14:07 GMT
Password last set:    Wed, 23 Nov 2005 20:54:51 GMT
Password can change:  0
Password must change: Tue, 19 Jan 2038 03:14:07 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


Joining Computers

RequireSignOrSeal

The following registry key is needed for Windows 2000 and XP clients to join and logon to a Samba Domain. One of the easiest ways to drop this into the registry is to paste it into a text file and rename it to the .reg extension and then double click on the file.

Note: Windows 2000 Sp4 appears to allready have this key set to 0

Code: RequireSignOrSeal
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000

Join It!

Note: This section will require a second computer running windows 9x/2000/XP (example is exact to Win 2k, your process to join a computer may varry)

On your windows computer open Start -> control pannel. Select "Computer Management" and then the "Network Identification" tab. Click on the "Properties" button. This will bring up the "Identification changes" dialog, here you can change your computer's name as well as workgroup/domain. Select the domain radial and enter the name of your domain YOUR_DOMAIN is used in this HowTo. click 'Ok' windows will then open another dialog box asking for "The name and password of an account with permission to join to the domain" you can then enter the username of any member of the domain admins group. this is usualy cn=root,ou=people,dc=example,dc=net, or more simply root, and the password you specified when smbldap-populate asked. enter root and your secret password. and click 'Ok'

You should get a nice message saying, "welcome to YOUR_DOMAIN" followed by "you need to reboot in order for changes to take affect." You should reboot your windows computer now.

Logging In

Now that your computer has restarted and is at the login prompt you should be able to login with any domain account. root should be available as well as the testuser we created previously. If everything was configured correctly and all directories were created with proper permissions you should be dumped right into the desktop.

Note: you may get a warning about your profile not existing, if you log out and back in, it should disapeer, if it returns then you should troubleshoot your access to \\YOUR_COMPUTER\profiles

Previous page Top Next Page

Retrieved from "http://www.gentoo-wiki.info/HOWTO_LDAP_SAMBA_PDC_Basic_Evaluation"

Last modified: Fri, 05 Sep 2008 08:04:00 +0000 Hits: 15,485