Algumas informações importantes:
Domínio Samba: UNIX
Base de dados do LDAP: unix.com.br
Agora vamos ao que interessa... :D
apt-get install libdb4.2 libdb4.2-dev db4.2-util
apt-get install slapd
vim /etc/ldap/slap.conf
allow bind_v2
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
moduleload back_hdb
sizelimit 500
tool-threads 1
backend hdb
database hdb
suffix "dc=unix,dc=com,dc=br"
rootdn "cn=admin,dc=unix,dc=com,dc=br"
rootpw #aqui fica a senha criptografada de root do ldap
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
index uid,uidNumber,gidNumber,memberUid eq
index ou,cn,mail,surname,givenname,displayName eq,subinitial
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
lastmod on
checkpoint 512 30
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=unix,dc=com,dc=br" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=unix,dc=com,dc=br" write
by * read
slappasswd –s #informe a senha de root do LDAP para que possa ser criptografada
vim /etc/ldap/ldap.conf
BASE dc=unix,dc=com,dc=br
URI ldap://127.0.0.1
apt-get install php5-ldap
apt-get install phpldapadmin
apt-get install gcc make libc-dev
tar -zxf mkntpwd.tar.gz
cd mkntpwd
make
cp mkntpwd /usr/local/bin
cd mkntpwd
make
cp mkntpwd /usr/local/bin
apt-get install samba samba-doc
cd /usr/share/doc/samba-doc/examples/LDAP
gunzip samba.schema.gz
cp samba.schema /etc/ldap/schema/
gunzip samba.schema.gz
cp samba.schema /etc/ldap/schema/
vim /ets/samba/smb.conf
[global]
workgroup = UNIX
server string = Servidor LDAP
netbios name = ldap #não deixe o netbios name igual ao workgroup (erro de nome duplicado na rede)
dns proxy = no
log level = 0
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=unix,dc=com,dc=br
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=unix,dc=com,dc=br
ldap delete dn = no
enable privileges = yes
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
domain master = yes
preferred master = yes
local master = yes
domain logons = yes
security = user
os level = 255
logon path =
logon drive =
logon script = logon.bat
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
idmap uid = 10000-30000
idmap gid = 10000-20000
template shell = /bin/bash
admin users = diegop
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[dados]
comment = Diretorio de Arquivos
path = /dados
read only = no
create mask = 0777
directory mask = 0777
[netlogon]
comment = Network Logon Service
path = /var/netlogon
guest ok = yes
read only = yes
browseable = no
share modes = no
smbpasswd -w
/etc/init.d/samba restart
/etc/init.d/slapd restart
#Criei as pastas dos compartilhamentos e o arquivo logon.bat
vim /usr/share/phpldapadmin/config/config.php
$samba3_domains[] = #adicionar ao arquivo as seguinte linhas
array( 'name' = 'unix',
'sid' = #aqui ficará o sid, obtido através do comando: net getlocalsid' );
apt-get install smbldap-tools
cd /usr/share/doc/smbldap-tools/examples/
cp smbldap_bind.conf /etc/smbldap-tools/
cp smbldap.conf.gz /etc/smbldap-tools/
gzip -d /etc/smbldap-tools/smbldap.conf.gz
cd /etc/smbldap-tools/
vim /etc/smbldap-tools/smbldap_bind.conf
slaveDN="cn=admin,dc=unix,dc=com,dc=br"
slavePw="#senha de root do ldap não criptografada"
masterDN="cn=admin,dc=unix,dc=com,dc=br"
masterPw="#senha de root do ldap não criptografada"
vim /etc/smbldap-tools/smbldap.conf
SID="#aqui ficará o sid informado acima"
sambaDomain="unix"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify="require"
cafile="/etc/smbldap-tools/ca.pem"
clientcert="/etc/smbldap-tools/smbldap-tools.pem"
clientkey="/etc/smbldap-tools/smbldap-tools.key"
suffix="dc=unix,dc=com,dc=br"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=unix,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome=
userProfile=
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="intranet.unix.com.br"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
apt-get install libnss-ldap
vim /etc/nsswitch.conf
passwd: compat ldap # modificar apenas as três linhas informadasgroup: compat ldap
shadow: compat ldap
shadow: compat ldap
apt-get install libpam-ldap
vim /etc/pam.d/common-account
account sufficient pam_ldap.so
account required pam_unix.so try_first_pass
vim /etc/pam.d/common-password
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
vim /etc/pam.d/common-auth
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
vim /etc/pam_ldap.conf
pam_password md5 #modificar apenas a linha informada
apt-get install nscd
/etc/init.d/samba restart
/etc/init.d/slapd restart
smbldap-populate -u 30000 -g 30000
Pronto, é só acessar http://servidor.unix.com.br/phpldapadmin e criar os usuários. Outro aplicativo muito bom e que recomendo é o LdapAdmin, um aplicativo Windows que ajuda na administração do LDAP.
Último teste: crie um usuário no ldap de acesse o servidor vim terminal é dê o seguinte comando:
id
Deve retornar algo parecido com isso: "uid=10096(diegop) gid=512(Domain Admins) grupos=512(Domain Admins)", isso mostra que os usuários criados no ldap já estão sendo validados do Servidor.
Blz então galera, espero ter ajudado, testem e comentem.... FLW!!!
