配置samba+openldap作为PDC

贴一配置给你，具体怎么做自己试试了

Linux config files

Ldap.conf

Base.ldif

Slapd.conf

Named.conf

Smb.conf

LDAP.CONF

# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $

#

# LDAP Defaults

#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

#BASE dc=example, dc=com

#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12

#TIMELIMIT 15

#DEREF never

HOST 127.0.0.1

BASE dc=gzdomain,dc=com

Base.ldif

dn: dc=gzdomain,dc=com

objectClass: domain

dc: gzdomain

dn: ou=Groups,dc=gzdomain,dc=com

objectClass: top

objectClass: organizationalUnit

ou: Groups

description: System Groups

dn: ou=Users,dc=gzdomain,dc=com

objectClass: top

objectClass: organizationalUnit

ou: Users

description: Users of the Organization

dn: ou=Computers,dc=gzdomain,dc=com

objectClass: top

objectClass: organizationalUnit

ou: Computers

description: Windows Domain Computers

dn: cu=Domain Admins,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 200

cn: Domain Admins

memberUid: administrator

description: Windows Domain Users

dn: cn=Domain Users,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 201

cn: Domain Users

description: Windows Domain Users

dn: cn=Domain Guests,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 202

cn: Domain Guests

description: Windows Domain Guests Users

dn: cn=Administraotrs,ou=Groups,dc=gzdomain,dc=com

description: Members can fully administer the computer/domain

objectClass: posixGroup

gidNumber: 220

cn: Administrators

description: Windows Domain Members can fully administer the computer/domain

dn: cn=Users,ou=Groups,dc=gzdomain,dc=com

description:Ordinary users

objectClass: posixGroup

gidNumber: 221

cn: Users

description: Windows Domain Ordinary users

dn: cn=Guests,ou=Groups,dc=gzdomain,dc=com

description: Users granted guest access to the computer/domain

objectClass: posixGroup

gidNumber: 222

cn: Guests

memberUid:nobody

description: Windows Domain Users granted guest access to the computer/domain

dn: cn=Power Users,ou=Groups,dc=gzdomain,dc=com

description: Members can share directories and printers

objectClass: posixGroup

gidNumber: 223

cn: Power users

description: Windows Domain Members can share directories and printers

dn: cn=Account Operators,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 224

cn: Account Operators

description: Windows Domain Users to manipulate users accounts

dn: cn=Server Operators,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 225

cn: Server Operators

description: Windows Domain Server Operators

dn: cn=Print Operators,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 226

cn: Print Operators

description: Windows Domain Print Operators

dn: cn=Backup Operators,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 227

cn: Backup Operators

description: Windows Domain Members can bypass file security to back up files

dn: cn=Replicator,ou=Groups,dc=gzdomain,dc=com

description: Supports file replication in a domain

objectClass: posixGroup

gidNumber: 228

cn: Replicator

description: Windows Domain Supports file replication in a domain

Slapd.conf

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include /etc/openldap/schema/core.schema

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/inetorgperson.schema

include /etc/openldap/schema/nis.schema

include /etc/openldap/schema/samba.schema

include /etc/openldap/schema/redhat/rfc822-MailMember.schema

include /etc/openldap/schema/redhat/autofs.schema

include /etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral ldap://root.openldap.org

#pidfile //var/run/slapd.pid

#argsfile //var/run/slapd.args

# Create a replication log in /var/lib/ldap for use by slurpd.

#replogfile /var/lib/ldap/master-slapd.replog

# Load dynamic backend modules:

# modulepath /usr/sbin/openldap

# moduleload back_ldap.la

# moduleload back_ldbm.la

# moduleload back_passwd.la

# moduleload back_shell.la

#

# The next three lines allow use of TLS for connections using a dummy test

# certificate, but you should generate a proper certificate by changing to

# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on

# slapd.pem so that the ldap user or group can read it.

# TLSCertificateFile /usr/share/ssl/certs/slapd.pem

# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt

#

# Sample Access Control

# Allow read access of root DSE

# Allow self write access

# Allow authenticated users read access

# Allow anonymous users to authenticate

#

#access to dn="" by * read

#access to *

# by self write

# by users read

# by anonymous auth

#

# if no access controls are present, the default is:

# Allow read by all

#

# rootdn can always write!

###########################

# ldbm database definitions

###########################

database ldbm

suffix "dc=gzdomain,dc=com"

#suffix "o=My Organization Name,c=US"

rootdn "cn=Manager,dc=gzdomain,dc=com"

#rootdn "cn=Manager,o=My Organization Name,c=US"

# Cleartext passwords, especially for the rootdn, should

# be avoided. See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw secret

# rootpw {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd/tools. Mode 700 recommended.

directory /var/lib/ldap

# Indices to maintain

index objectClass,uid,uidNumber,gidNumber,memberUid eq

index cn,mail,surname,givenname eq,subinitial

# Replicas to which we should propagate changes

#replica host=ldap-1.example.com:389 tls=yes

# bindmethod=sasl saslmech=GSSAPI

# authcId=host/ldap-master.example.com@EXAMPLE.COM

Smb.conf

[global]

workgroup = gzdomain

netbios name = proxy

server string = samba server

hosts allow = 192.168.1. 192.168.2. 127.

log file = /var/log/samba/%m.log

max log size = 0

security = USER

encrypt passwords = yes

passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u

passwd chat = *new*password* %n

*new*password* %n

*successfully*

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

domain master = yes

local master = yes

os level = 255

preferred master = yes

domain logons = yes

wins server = 192.168.1.1

ldap suffix = "dc=gzdomain,dc=com"

ldap admin dn = "cn=Manager,dc=gzdomain,dc=com"

ldap port = 389

ldap server = 127.0.0.1

ldap ssl = no

;add user script = /usr/local/sbin/smbldap-useradd.pl -w %u

;domain admin group = " @"Domain Admins" "

dns proxy = no

#============================ Share Definitions ==============================

[homes]

comment = Home Directories

browseable = no

writeable = yes

valid users = %S

create mode = 0777

directory mode = 0777

• ·亚东图书馆与陈独秀|报价￥17.40|图书,传
• ·OpenLDAPFAQ
• ·OpenLDAP快速安装指南
• ·像男人那样去战斗（黄健翔著）|报价￥13.10
• ·OpenLDAP简介
• ·FC5新鲜体验
• ·杨锦麟这家伙|报价￥24.70|图书,传记,群
• ·LDAP简介：什么是目录
• ·LDAP模块
• ·用OpenLdap建立网络数据库