1. | Install the files in Example 5.5.1, Example 5.5.3, and Example 5.5.4 into the /etc/samba/ directory. The three files should be added together to form the smb.conf file.
|
2. | Verify the smb.conf file as in step 2 of Section 5.4.3.
|
3. | Carefully follow the steps outlined in Section 5.4.2, taking particular note to install the correct ldap.conf.
|
4. | Verify that the NSS resolver is working. You may need to cycle the run level to 1 and back to 5 before the NSS LDAP resolver functions. Follow these commands:
root# init 1
After the run level has been achieved, you are prompted to provide the root password. Log on, and then execute:
root# init 5
When the normal logon prompt appears, log into the system as root and then execute these commands:
root# getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false ... root:x:0:512:Netbios Domain Administrator:/root:/bin/bash nobody:x:999:514:nobody:/dev/null:/bin/false bobj:x:1000:513:System User:/home/bobj:/bin/bash stans:x:1001:513:System User:/home/stans:/bin/bash chrisr:x:1002:513:System User:/home/chrisr:/bin/bash maryv:x:1003:513:System User:/home/maryv:/bin/bash vaioboss$:x:1005:553:vaioboss$:/dev/null:/bin/false bldg1$:x:1006:553:bldg1$:/dev/null:/bin/false
This is the correct output. If the accounts that have UIDs above 512 are not shown, there is a problem.
|
5. | The next step in the verification process involves testing the operation of UNIX group resolution via the NSS LDAP resolver. Execute these commands:
root# getent group root:x:0: bin:x:1:daemon daemon:x:2: sys:x:3: ... Domain Admins:x:512:root Domain Users:x:513:bobj,stans,chrisr,maryv,jht Domain Guests:x:514: Administrators:x:544: Users:x:545: Guests:x:546:nobody Power Users:x:547: Account Operators:x:548: Server Operators:x:549: Print Operators:x:550: Backup Operators:x:551: Replicator:x:552: Domain Computers:x:553: Accounts:x:1000: Finances:x:1001: PIOps:x:1002:
This is also the correct and desired output, because it demonstrates that the LDAP client is able to communicate correctly with the LDAP server (MASSIVE).
|
6. | You must now set the LDAP administrative password into the Samba-3 secrets.tdb file by executing this command:
root# smbpasswd -w not24get Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb
|
7. | Now you must obtain the domain SID from the PDC and store it into the secrets.tdb file also. This step is not necessary with an LDAP passdb backend because Samba-3 obtains the domain SID from the sambaDomain object it automatically stores in the LDAP backend. It does not hurt to add the SID to the secrets.tdb, and if you wish to do so, this command can achieve that:
root# net rpc getsid MEGANET2 Storing SID S-1-5-21-3504140859-1010554828-2431957765 \ for Domain MEGANET2 in secrets.tdb
When configuring a Samba-3 BDC that has an LDAP backend, there is no need to take any special action to join it to the domain. However, winbind communicates with the domain controller that is running on the localhost and must be able to authenticate, thus requiring that the BDC should be joined to the domain. The process of joining the domain creates the necessary authentication accounts.
|
8. | To join the Samba BDC to the domain, execute the following:
root# net rpc join -U root%not24get Joined domain MEGANET2.
This indicates that the domain security account for the BDC has been correctly created.
|
9. | Verify that user and group account resolution works via Samba-3 tools as follows:
root# pdbedit -L root:0:root nobody:65534:nobody bobj:1000:System User stans:1001:System User chrisr:1002:System User maryv:1003:System User bldg1$:1006:bldg1$ root# net groupmap list Domain Admins (S-1-5-21-3504140859-...-2431957765-512) -> Domain Admins Domain Users (S-1-5-21-3504140859-...-2431957765-513) -> Domain Users Domain Guests (S-1-5-21-3504140859-...-2431957765-514) -> Domain Guests Administrators (S-1-5-21-3504140859-...-2431957765-544) -> Administrators ... Accounts (S-1-5-21-3504140859-1010554828-2431957765-3001) -> Accounts Finances (S-1-5-21-3504140859-1010554828-2431957765-3003) -> Finances PIOps (S-1-5-21-3504140859-1010554828-2431957765-3005) -> PIOps
These results show that all things are in order.
|
10. | The server you have so carefully built is now ready for another important step. Now start the Samba-3 server and validate its operation. Execute the following to render all the processes needed fully operative so that, upon system reboot, they are automatically started:
root# chkconfig named on root# chkconfig dhcpd on root# chkconfig nmb on root# chkconfig smb on root# chkconfig winbind on root# rcnmb start root# rcsmb start root# rcwinbind start
Samba-3 should now be running and is ready for a quick test. But not quite yet!
|
11. | Your new BLDG1, BLDG2 servers do not have home directories for users. To rectify this using the SUSE yast2 utility or by manually editing the /etc/fstab file, add a mount entry to mount the home directory that has been exported from the MASSIVE server. Mount this resource before proceeding. An alternate approach could be to create local home directories for users who are to use these machines. This is a choice that you, as system administrator, must make. The following entry in the /etc/fstab file suffices for now:
massive.abmas.biz:/home /home nfs rw 0 0
To mount this resource, execute:
root# mount -a
Verify that the home directory has been mounted as follows:
root# df | grep home massive:/home 29532988 283388 29249600 1% /home
|
12. | Implement a quick check using one of the users that is in the LDAP database. Here you go:
root# smbclient //bldg1/bobj -Ubobj%n3v3r2l8 smb: \> dir . D 0 Wed Dec 17 01:16:19 2003 .. D 0 Wed Dec 17 19:04:42 2003 bin D 0 Tue Sep 2 04:00:57 2003 Documents D 0 Sun Nov 30 07:28:20 2003 public_html D 0 Sun Nov 30 07:28:20 2003 .urlview H 311 Fri Jul 7 06:55:35 2000 .dvipsrc H 208 Fri Nov 17 11:22:02 1995 57681 blocks of size 524288. 57128 blocks available smb: \> q
|
