5.9. Questions and AnswersWell, here we are at the end of this chapter and we have only ten questions to help you to remember so much. There are bound to be some sticky issues here. F.A.Q.
Example 5.4.2. LDAP Master Configuration File /etc/openldap/slapd.conf Part Ainclude /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba3.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args access to dn.base="" by self write by * auth access to attr=userPassword by self write by * auth access to attr=shadowLastChange by self write by * read access to * by * read by anonymous auth #loglevel 256 schemacheck on idletimeout 30 backend bdb database bdb checkpoint 1024 5 cachesize 10000 suffix "dc=abmas,dc=biz" rootdn "cn=Manager,dc=abmas,dc=biz" # rootpw = not24get rootpw {SSHA}86kTavd9Dw3FAz6qzWTrCOKX/c0Qe+UV directory /data/ldap Example 5.4.3. LDAP Master Configuration File /etc/openldap/slapd.conf Part B# Indices to maintain index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub Example 5.4.4. Configuration File for NSS LDAP Support /etc/ldap.confhost 127.0.0.1 base dc=abmas,dc=biz binddn cn=Manager,dc=abmas,dc=biz bindpw not24get timelimit 50 bind_timelimit 50 bind_policy hard idle_timelimit 3600 pam_password exop nss_base_passwd ou=People,dc=abmas,dc=biz?one nss_base_shadow ou=People,dc=abmas,dc=biz?one nss_base_group ou=Groups,dc=abmas,dc=biz?one ssl off Example 5.4.5. Configuration File for NSS LDAP Clients Support /etc/ldap.confhost 172.16.0.1 base dc=abmas,dc=biz binddn cn=Manager,dc=abmas,dc=biz bindpw not24get timelimit 50 bind_timelimit 50 bind_policy hard idle_timelimit 3600 pam_password exop nss_base_passwd ou=People,dc=abmas,dc=biz?one nss_base_shadow ou=People,dc=abmas,dc=biz?one nss_base_group ou=Groups,dc=abmas,dc=biz?one ssl off Example 5.4.6. LDAP Based smb.conf File, Server: MASSIVE global Section: Part A# Global parameters [global] unix charset = LOCALE workgroup = MEGANET2 netbios name = MASSIVE interfaces = eth1, lo bind interfaces only = Yes passdb backend = ldapsam : ldap : //massive.abmas.biz enable privileges = Yes username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS show add printer wizard = No add user script = /opt/IDEALX/sbin/smbldapuseradd m "%u" delete user script = /opt/IDEALX/sbin/smbldapuserdel "%u" add group script = /opt/IDEALX/sbin/smbldapgroupadd p "%g" delete group script = /opt/IDEALX/sbin/smbldapgroupdel "%g" add user to group script = /opt/IDEALX/sbin/smbldapgroupmod m "%u" "%g" delete user from group script = /opt/IDEALX/sbin/smbldapgroupmod x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldapusermod g "%g" "%u" add machine script = /opt/IDEALX/sbin/smbldapuseradd w "%u" Example 5.4.7. LDAP Based smb.conf File, Server: MASSIVE global Section: Part Blogon script = scripts \ logon.bat logon path = \\%L\ profiles \%U logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap suffix = dc=abmas, dc=biz ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager, dc=abmas, dc=biz idmap backend = ldap : ldap : //massive.abmas.biz idmap uid = 1000020000 idmap gid = 1000020000 map acl inherit = Yes printing = cups printer admin = root, chrisr Example 5.5.1. LDAP Based smb.conf File, Server: BLDG1# Global parameters [global] unix charset = LOCALE workgroup = MEGANET2 netbios name = BLDG1 passdb backend = ldapsam : ldap : //massive.abmas.biz enable privileges = Yes username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No logon script = scripts \ logon.bat logon path = \\%L\ profiles \%U logon drive = X: domain logons = Yes domain master = No wins server = 172.16.0.1 ldap suffix = dc=abmas, dc=biz ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager, dc=abmas, dc=biz idmap backend = ldap : ldap : //massive.abmas.biz idmap uid = 1000020000 idmap gid = 1000020000 printing = cups printer admin = root, chrisr Example 5.5.2. LDAP Based smb.conf File, Server: BLDG2# Global parameters [global] unix charset = LOCALE workgroup = MEGANET2 netbios name = BLDG2 passdb backend = ldapsam : ldap : //massive.abmas.biz enable privileges = Yes username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No logon script = scripts \ logon.bat logon path = \\%L\ profiles \%U logon drive = X: domain logons = Yes domain master = No wins server = 172.16.0.1 ldap suffix = dc=abmas, dc=biz ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager, dc=abmas, dc=biz idmap backend = ldap : ldap : //massive.abmas.biz idmap uid = 10000 20000 idmap gid = 10000 20000 printing = cups printer admin = root, chrisr Example 5.5.3. LDAP Based smb.conf File, Shares Section Part A[accounts] comment = Accounting files path = /data/accounts read only = No [service] comment = Financial Services files path = /data /service read only = No [pidata] comment = Property Insurance files path = /data /pidata read only = No [homes] comment = Home Directories valid users = %S read only = No browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes browseable = No Example 5.5.4. LDAP Based smb.conf File, Shares Section Part B[apps] comment = Application files path = /apps admin users = bjordan read only = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes locking = No [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes [profdata] comment = Profile Data Share path = /var/lib/samba/profdata read only = No profile acls = Yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers browseable = yes guest ok = no read only = yes write list = root, chrisr Example 5.5.5. LDIF IDMAP Add-On Load File File: /etc/openldap/idmap.LDIFdn: ou=Idmap,dc=abmas,dc=biz objectClass: organizationalUnit ou: idmap structuralObjectClass: organizationalUnit |