DOC

LinuxDCHowto

By Josephine Armstrong,2014-04-17 02:48
12 views 0
LinuxDCHowto

SVR1 ;

    1. Install CentOS Source

    rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm

    2. install vnc vnc-server

    yum install vnc vnc-server

    3. install software package

    yum install openldap-servers nss_ldap samba httpd openssl mod_ssl mysql mysql-server php php-xml php-

    ldap php-mysql php-pdo php-cli php-common smbldap-tools

    4. Update smbldap-tools

    Installing smbldap-tools this way should install all the dependent perl modules,

    however the version available on yum has some bugs, so we'll upgrade to the latest

    version afterwards, keeping the dependencies, but overwriting the smbldap-tools

    package:

    rpm -Uvh http://download.gna.org/smbldap-tools/packages/smbldap-tools-0.9.5-1.noarch.rpm

    5. modify hosts

    127.0.0.1 SVR1 SVR1.test.com localhost.localdomain localhost

    ::1 localhost6.localdomain6 localhost6192.168.11.11 SVR1 SVR1.test.com

    6. modify slapd.conf slappasswd

    include /etc/openldap/schema/samba.schemadatabase bdb

    suffix "dc=test,dc=com"

    rootdn "cn=Administrator,dc=test,dc=com"rootpw {SSHA}VtczW/XnNVwE07YzrcReTmBxM7QJDKgQ

    7.

    cp /usr/share/doc/samba-3.0.33/LDAP/samba.schema /etc/openldap/schema/

    8.

    cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

    chown ldap:ldap /var/lib/ldap/DB_CONFIG

    chmod 600 /var/lib/ldap/DB_CONFIG

    9.init.ldif

    dn:dc=test,dc=com

    objectclass:dcObject

    objectclass:organization

    o:Test Ldap Server

    dc:test

    dn:cn=Administrator,dc=test,dc=com

    objectclass:organizationalRole

cn:Administrator

    load init.ldif to ldap

    slapadd -l init.ldif

    [root@SVR1 ~]# chown -R ldap:ldap /var/lib/ldap[root@SVR1 ~]# chmod 600 /var/lib/ldap/*[root@SVR1 ~]#slapcat

    chkconfig ldap on

    /etc/init.d/ldap start

    ldapsearch -x -b "dc=test,dc=com"

    Edit /etc/php.ini and make sure memory_limit is set to at least 32 MB:

    memory_limit = 32M

    cd /var/www/html/

    wget http://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.0.5/phpldapadmin-

    1.2.0.5.tgz/download

    [root@SVR1 ldap]# tar zxvf phpldapadmin-1.2.0.5.tgz [root@SVR1 html]# ln -s phpldapadmin-1.2.0.5/ ldapadmin [root@SVR1 html]# cp ldapadmin/config/config.php.example ldapadmin/config/config.php

    Now edit ./pla/config/config.php and uncommment the following line:

    $config->custom->jpeg['tmpdir'] = "/tmp";

    service httpd start

    chkconfig httpd on

    now open your webbrowser and visit https://192.168.11.11/ldapadmin/ and login with Username cn=Administrator,dc=test,dc=com & your password. You should be able to look around and see some junk.

    Integrate ldap and Samba

    [root@SVR1 ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.dist

    [root@SVR1 ~]# cp /usr/share/doc/smbldap-tools-0.9.5/smb.conf

    /etc/samba/smb.conf

    [root@SVR1 ~]# vi /etc/samba/smb.conf

    [root@SVR1 ~]# cat /etc/samba/smb.conf

    # Global parameters

    [global]

     workgroup = TEST

     netbios name = SVR1

     security = user

     enable privileges = yes

     #interfaces = 192.168.5.11

     username map = /etc/samba/smbusers

     server string = SVR1 PDC %v

     #security = ads

     encrypt passwords = Yes

     #min passwd length = 3

     #pam password change = no

     #obey pam restrictions = No

     ldap ssl = off

     nt acl support = yes

     socket options = TCP_NODELAY SO_RCVBUF=8129 SO_SNDBUF=8129 SO_KEEPALIVE

     # method 1:

     #unix password sync = no

     #ldap passwd sync = yes

     # method 2:

     unix password sync = yes

     ldap passwd sync = no

     passwd program = /usr/sbin/smbldap-passwd -u "%u"

     passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*"

    %n\n"

     log level = 1

     syslog = 0

     log file = /var/log/samba/%m

     max log size = 100000

     time server = Yes

     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

     mangling method = hash2

     Dos charset = UTF-8

     Unix charset = UTF-8

     name resolve order = wins bcast hosts

     logon script = logon.bat

     logon drive = H:

     logon home =

     logon path =

     domain logons = Yes

     domain master = Yes

     os level = 65

     preferred master = Yes

     wins support = yes

     # passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com"

     passdb backend = ldapsam:ldap://127.0.0.1/

     ldap admin dn = cn=Administrator,dc=test,dc=com

     #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com

     ldap suffix = dc=test,dc=com

     ldap group suffix = ou=Groups

     ldap user suffix = ou=Users

     ldap machine suffix = ou=Computers

     ldap idmap suffix = ou=Idmap

     add user script = /usr/sbin/smbldap-useradd -m "%u"

     ldap delete dn = Yes

     delete user script = /usr/sbin/smbldap-userdel "%u"

     add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d

/nohome -s /bin/false "%u"

     add group script = /usr/sbin/smbldap-groupadd -p "%g"

     delete group script = /usr/sbin/smbldap-groupdel "%g"

     add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"

     delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"

     set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

     Idmap uid = 10000-20000

     Idmap gid = 10000-20000

     # printers configuration

     #printer admin = @"Print Operators"

     load printers = Yes

     create mask = 0640

     directory mask = 0750

     #force create mode = 0640

     #force directory mode = 0750

     nt acl support = No

     printing = cups

     printcap name = cups

     deadtime = 10

     guest account = nobody

     map to guest = Bad User

     dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

     show add printer wizard = yes

     ; to maintain capital letters in shortcuts in any of the profile folders:

     preserve case = yes

     short preserve case = yes

     case sensitive = no

    [netlogon]

     path = /home/netlogon/

     browseable = No

     read only = yes

    [profiles]

     path = /home/profiles

     read only = no

     create mask = 0600

     directory mask = 0700

     browseable = No

     guest ok = Yes

     profile acls = yes

     csc policy = disable

     # next line is a great way to secure the profiles

     #force user = %U

     # next line allows administrator to access all profiles

     #valid users = %U "Domain Admins"

    [printers]

     comment = Network Printers

     #printer admin = @"Print Operators"

     guest ok = yes

     printable = yes

     path = /home/spool/

     browseable = No

     read only = Yes

     printable = Yes

     print command = /usr/bin/lpr -P%p -r %s

     lpq command = /usr/bin/lpq -P%p

     lprm command = /usr/bin/lprm -P%p %j

     # print command = /usr/bin/lpr -U%U@%M -P%p -r %s

     # lpq command = /usr/bin/lpq -U%U@%M -P%p

     # lprm command = /usr/bin/lprm -U%U@%M -P%p %j

     # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j

     # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j

     # queuepause command = /usr/sbin/lpc -U%U@%M stop %p

     # queueresume command = /usr/sbin/lpc -U%U@%M start %p[print$]

     path = /home/printers

     guest ok = No

     browseable = Yes

     read only = Yes

     valid users = @"Print Operators"

     write list = @"Print Operators"

     create mask = 0664

     directory mask = 0775

    [public]

     path = /tmp

     guest ok = yes

     browseable = Yes

     writable = yes

    [root@SVR1 ~]# /etc/init.d/smb start

    [root@SVR1 ~]# /usr/share/doc/smbldap-tools-0.9.5/configure.plUse of $# is deprecated at /usr/share/doc/smbldap-tools-0.9.5/configure.pl line 314.

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

     smbldap-tools script configuration

     -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

    Before starting, check

     . if your samba controller is up and running.

     . if the domain SID is defined (you can get it with the 'net getlocalsid')

     . you can leave the configuration using the Crtl-c key combination

     . empty value can be set with the "." character

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

    Looking for configuration files...

    Samba Configuration File Path [/etc/samba/smb.conf] >The default directory in which the smbldap configuration files are stored is shown.

    If you need to change this, enter the full directory path, then press enter to

continue.

    Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] >-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

    Let's start configuring the smbldap-tools scripts ...

    . workgroup name: name of the domain Samba act as a PDC

     workgroup name [TEST] >

    . netbios name: netbios name of the samba controler

     netbios name [SVR1] >

    . logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'

     logon drive [H:] >

    . logon home: home directory location (for Win95/98 or NT Workstation).

     (use %U as username) Ex:'\\SVR1\%U'

     logon home (press the "." character if you don't want homeDirectory) [\\SVR1\%U] >

    . logon path: directory where roaming profiles are stored. Ex:'\\SVR1\profiles\%U'

     logon path (press the "." character if you don't want roaming profile) [\\SVR1\profiles\%U] >

    . home directory prefix (use %U as username) [/home/%U] >. default users' homeDirectory mode [700] >

    . default user netlogon script (use %U as username) [logon.bat] >

     default password validation time (time in days) [45] > 120. ldap suffix [dc=test,dc=com] >

    . ldap group suffix [ou=Groups] >

    . ldap user suffix [ou=Users] >

    . ldap machine suffix [ou=Computers] >

    . Idmap suffix [ou=Idmap] >

    . sambaUnixIdPooldn: object where you want to store the next uidNumber

     and gidNumber available for new users and groups

     sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=TEST] >. ldap master server: IP adress or DNS name of the master (writable) ldap server

     ldap master server [127.0.0.1] >

    . ldap master port [389] >

    . ldap master bind dn [cn=Administrator,dc=test,dc=com] >. ldap master bind password [] >

    . ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one

     ldap slave server [127.0.0.1] >

    . ldap slave port [389] >

    . ldap slave bind dn [cn=Administrator,dc=test,dc=com] >

    . ldap slave bind password [] >

    . ldap tls support (1/0) [0] >

    . SID for domain TEST: SID of the domain (can be obtained with 'net getlocalsid SVR1')

     SID for domain TEST [S-1-5-21-1224474526-3077905131-2955500814] >. unix password encryption: encryption used for unix passwords

     unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] >. default user gidNumber [513] >

    . default computer gidNumber [515] >

    . default login shell [/bin/bash] >

    . default skeleton directory [/etc/skel] >

    . default domain name to append to mail adress [] > test.com-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

    Use of uninitialized value in concatenation (.) or string at /usr/share/doc/smbldap-

    tools-0.9.5/configure.pl line 314, <STDIN> line 33.backup old configuration files:

     /etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old

     /etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old

    writing new configuration file:

     /etc/smbldap-tools/smbldap.conf done.

     /etc/smbldap-tools/smbldap_bind.conf done.

    [root@SVR1 ~]# smbldap-populate

    [root@SVR1 ~]# cp /etc/openldap/ldap.conf /etc/openldap/ldap.conf.dist#vi /etc/openldap/ldap.conf

    URI ldap://127.0.0.1/

    BASE dc=test,dc=com

    TLS_CACERTDIR /etc/openldap/cacerts

    [root@SVR1 ~]# cp /etc/ldap.conf /etc/ldap.conf.dist[root@SVR1 ~]# vi /etc/ldap.conf

    HOST 127.0.0.1

    BASE dc=test,dc=com

    URL ldap://127.0.0.1

    URI ldap://127.0.0.1/

    #TLS_CACERTDIR /etc/openldap/cacerts

    rootbinddn cn=Manager,dc=test,dc=com

    nss_base_passwd ou=Users,dc=test,dc=com?one

    nss_base_computer ou=Computers,dc=test,dc=com?onenss_base_shadow ou=Users,dc=test,dc=com?one

    nss_base_group ou=Groups,dc=test,dc=com?one

    (id命令能否成功返回果的结结结结结)

    [root@SVR1 ~]# authconfig-tui

    存信息

    使用LDAP

    使用MD5口令

    使用屏蔽口令

    使用LDAP结结

    下一后

    不使用TSL

    服器结结:127.0.0.1(不要填ldap://127.0.0.1)

    基本dn:base dn:dc=test,dc=com

    [root@SVR1 ~]# net getlocalsid

    SID for domain SVR1 is: S-1-5-21-1224474526-3077905131-2955500814[root@SVR1 ~]# /usr/share/doc/smbldap-tools-0.9.5/configure.pl

NFS结

[root@SVR1 ~]# vi /etc/exports

    /home 192.168.0.0/24(rw,no_root_squash,sync) *(ro,sync)

[root@SVR1 ~]# /etc/init.d/nfs start

    NFS 结结服; [确定]

    NFS 结结配; [确定]

    NFS 结结结结守程; [确定]

    NFS mountd; [确定]

    [root@SVR1 ~]# /etc/init.d/portmap start

    portmap; [确定]

    [root@SVR1 /]# mount SVR1.test.com:/home /mnt/ [root@SVR1 /]#ll /mnt/

    [root@SVR1 /]#umount /mnt/

    在客机安装结结结结autofs

    [root@ls3 ~]# yum install autofs

    [root@ls3 ~]# cp /etc/auto.master /etc/auto.master.dist [root@ls3 ~]# vi /etc/auto.master

    # Sample auto.master file

    # This is an automounter map and it has the following format# key [ -mount-options-separated-by-comma ] location# For details of the format look at autofs(5).#

    #/misc /etc/auto.misc

    #

    # NOTE: mounts done from a hosts map will be mounted with the# "nosuid" and "nodev" options unless the "suid" and "dev"# options are explicitly given.

    #

    #/net -hosts

    /home /etc/auto.home

    #

    # Include central master map if it can be found using# nsswitch sources.

    #

    # Note that if there are entries for /net or /misc (as# above) in the included master map any keys that are the# same will not be seen as the first read key seen takes# precedence.

    #

    +auto.master

    [root@ls3 ~]#cp /etc/auto.misc /etc/auto.home [root@ls3 ~]# vi /etc/auto.home

    * -fstype=nfs,rw SVR1.test.com:/home/&

    * -fstype=nfs,rw SVR1.test.com:/home/& 前面的*就是你/home 结结结结结结结结结结结下面的了。同要到你所共享出来的/home/& 任意点

然后重启一下service autofs restart

    再一下就可以了结结结结结结结结

    INSTALL GOSA;

    rpm -Uvh http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm

    [root@SVR1 ~]# yum install php-common php-imap php-snmp php-mysql php-mbstring php-pdo

    [root@SVR1 ~]# yum install perl-Crypt-SmbHash

    [root@SVR1 ~]# yum install gosa-help-en.noarch gosa-plugin-addressbook.noarch gosa-plugin-ldapmanager.noarch gosa-plugin-mail.noarch gosa-plugin-rolemanagement.noarch gosa-plugin-systems.noarch gosa-schema.noarch gosa-plugin-goto

    http://www.fogonacaixadagua.com.br/2010/03/how-to-install-gosa2-on-redhat-centos-rpm-based/

    1.0 About this

    The goal of this article is to be a base for a complete installarion of GOsa2, it will be used by future articles on what maters with integrating with others services. 2.0 What GOsa2 means?

    GOsa2 is the constrict form for GOnicus System Administration.

    From author’s site gosa-project.org

    A mighty System-/Config-management frontend using LDAP as a backend. It is able to manage POSIX, Samba, Mail, Kolab, FAX, Asterisk and many more services. 3.0 Prerequisites

     A minimal install of CentOS e RedHat 5.3 (This guide is in Portuguese only :( )

    Apache 2.2.x

    PHP 5.2

    OpenLDAP

    Repository yum EPEL

    4.0 Instaling pre-requisites

    As said before, I’m assuming that you already have an installation of CentOS or Red Hat, therefore, I’ll be covering the system requisites to get a functional GOsa2.

4.1 Installing the yum EPEL repository

    view source

     print ?

    1 rpm -ivh http://virtualxp.org/downloads/epel-release-5-3.noarch.rpm

    4.2 Setting the repository for GOsa2

    Go to /etc/yum.repos.d and create the file GOsa2.repo with your favorite text editor.File: /etc/yum.repos.d/GOsa2.repo

    view source

     print ?

    1 [GOsa]

    2 name=GOsa Repository

    3 baseurl=ftp://oss.gonicus.de/pub/gosa/redhat

    4 enabled=1

    5 gpgcheck=0

    4.3 Setting the repository for PHP 5.2

    GOsa2 needs the PHP 5.2 to run, however, there’s no PHP 5.2 on official repository. With that said, we need to set up a third party repository. For this article I’ll be using the repository from Utter Ramblings. It’s a nice and reliable repo, you can use it with no fear.

    Go to /etc/yum.repos.d and with your favorite text editor create a file called utterramblings.repo.

    File: /etc/yum.repos.d/utterramblings.repo

    view source

     print ?

    1 [utterramblings]

    2 name=Jason's Utter Ramblings Repo

    3 baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/

    4 enabled=1

    5 gpgcheck=1

    6 gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

    This repo already have a version of Apache 2.2.x (2.2.14 at this momment) that we’ll be using.

    4.4 Installing OpenLDAP Server

    We’ll use the offical version (which means the one into the repository or Media).To accomplish this, execute the following command:

    view source

     print ?

    1 yum install openldap openldap-clients openldap-servers

    5.0 Installing GOsa2 via yum

    With the prerequisites satisfied, continue the installation of GOsa2 There are a couple of plugins availiable from GOsa2 respository, doing a search over it, it is possible to get an idea of which of them you really need to install. Install those that suit to your environment.

    view source

     print ?

    1 yum search gosa

Report this document

For any questions or suggestions please email
cust-service@docsford.com