# yum install samba samba-client samba-common samba-swat
ブラウザから管理できるようにSWATを動作させます
# vi /etc/hosts.allow swat: 192.168.0.1 # vi /etc/xinetd.d/swat service swat { port = 901 socket_type = stream wait = no only_from = 127.0.0.1 192.168.0.1 user = root server = /usr/sbin/swat log_on_failure += USERID disable = yes } # /etc/rc.d/init.d/xinetd restart
http://www.example.com:901/ でアクセス可能
ただしSWAT経由で編集するとコメントが削除されたり、並び順が変わったりするので注意が必要
事前にこちらでユーザーを一元管理 LDAPOpenLDAPを利用できるようにしておく
# cp /usr/share/doc/samba-3.0.23c/LDAP/samba.schema /etc/openldap/schema/ # vi /etc/openldap/slapd.conf include /etc/openldap/schema/samba.schema lastmod on # UNIX password access access to attrs=userPassword by dn="cn=Manager,dc=example,dc=com" write by anonymous auth by self write by * none # Samba password access access to attrs=sambaLMPassword,sambaNTPassword by dn="cn=Manager,dc=example,dc=com" write by self write by * none # default access access to * by dn="cn=Manager,dc=example,dc=com" write by * read
まずは必要なPerlモジュールをインストール
# yum install perl-Digest-SHA1 perl-LDAP # rpm -ivh perl-Jcode-2.06-1.el5.rf.noarch.rpm # rpm -ivh perl-Unicode-Map-0.112-1.el5.rf.i386.rpm # rpm -ivh perl-Unicode-String-2.09-1.2.el5.rf.i386.rpm # rpm -ivh perl-Unicode-Map8-0.12-1.el5.rf.i386.rpm # rpm -ivh perl-Unicode-MapUTF8-1.11-1.2.el5.rf.noarch.rpm # rpm -ivh perl-Crypt-SmbHash-0.12-1.2.el5.rf.noarch.rpm
ここからダウンロード
http://sourceforge.net/projects/smbldap-tools/
# rpm -ivh smbldap-tools-0.9.2-1a.noarch.rpm # mkdir -p /usr/local/samba/bin # mv /opt/IDEALX/sbin/* /usr/local/samba/bin/ # rm -fr /opt/IDEALX # mkdir /usr/local/samba/lib # mv /etc/opt/IDEALX/smbldap-tools/smbldap* /usr/local/samba/lib/ # rm -fr /etc/opt/IDEALX/ # vi /usr/local/samba/bin/smbldap_tools.pm # $smbldap_conf="/etc/opt/IDEALX/smbldap-tools/smbldap.conf"; $smbldap_conf="/usr/local/samba/lib/smbldap.conf"; # $smbldap_bind_conf="/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf"; $smbldap_bind_conf="/usr/local/samba/lib/smbldap_bind.conf";
SIDを取得し、smbldap.confに使用
# net getlocalsid # vi /usr/local/samba/lib/smbldap.conf SID="S-1-5-21-639836666-1375979563-1343089817" #sambaDomain="IDEALX-NT" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="localhost" masterPort="389" ldapTLS="0" verify="require" #cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem" #clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem" #clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key" suffix="dc=example,dc=com" usersdn="ou=Users,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=Idmap,${suffix}" sambaUnixIdPooldn="cn=SambaUnixId,${suffix}" scope="sub" hash_encrypt="SSHA" crypt_salt_format="%s" userLoginShell="/bin/bash" userHome="/home/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" #defaultMaxPasswordAge="45" userSmbHome="\\PDC\%U" userProfile="\\PDC\profiles\%U" userHomeDrive="H:" userScript="%U.cmd" mailDomain="example.com" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" # vi /usr/local/samba/lib/smbldap_bind.conf slaveDN="cn=Manager,dc=example,dc=com" slavePw="secret" masterDN="cn=Manager,dc=example,dc=com" masterPw="secret"
rootで実行できるようにパスを通す
# vi /root/.bashrc PATH="$PATH":/usr/local/samba/bin # source ~/.bashrc
# authconfig
「Use LDAP」と「Use LDAP Authentication」にチェック
「Server」に「ldap://127.0.0.1/」、「Base DN」に「dc=example,dc=com」を入力
以下2ファイルについて設定が反映されているか確認
# cat /etc/ldap.conf base dc=example,dc=com uri ldap://127.0.0.1/ # cat /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap
# smbldap-populate
smbldap-toolsに対応した設定をsmb.confに対して行なう
変更する部分だけ抽出
# vi /etc/samba/smb.conf [global] passdb backend = ldapsam:ldap://localhost:389 os level = 32 domain logons = yes ldap admin dn = cn=Manager,dc=example,dc=com ldap suffix = dc=example,dc=com ldap user suffix = ou=users ldap passwd sync = Yes ldap delete dn = Yes
LDAPアクセス時のパスワード設定
# smbpasswd -w secret
# vi /etc/samba/smb.conf veto files = /.AppleDB/.AppleDouble/.AppleDesktop/.DS_Store/Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/