分享
 
 
 

配置samba+openldap作为PDC

王朝other·作者佚名  2008-05-18
窄屏简体版  字體: |||超大  

贴一配置给你,具体怎么做自己试试了

Linux config files

Ldap.conf

Base.ldif

Slapd.conf

Named.conf

Smb.conf

LDAP.CONF

# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $

#

# LDAP Defaults

#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

#BASE dc=example, dc=com

#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12

#TIMELIMIT 15

#DEREF never

HOST 127.0.0.1

BASE dc=gzdomain,dc=com

Base.ldif

dn: dc=gzdomain,dc=com

objectClass: domain

dc: gzdomain

dn: ou=Groups,dc=gzdomain,dc=com

objectClass: top

objectClass: organizationalUnit

ou: Groups

description: System Groups

dn: ou=Users,dc=gzdomain,dc=com

objectClass: top

objectClass: organizationalUnit

ou: Users

description: Users of the Organization

dn: ou=Computers,dc=gzdomain,dc=com

objectClass: top

objectClass: organizationalUnit

ou: Computers

description: Windows Domain Computers

dn: cu=Domain Admins,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 200

cn: Domain Admins

memberUid: administrator

description: Windows Domain Users

dn: cn=Domain Users,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 201

cn: Domain Users

description: Windows Domain Users

dn: cn=Domain Guests,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 202

cn: Domain Guests

description: Windows Domain Guests Users

dn: cn=Administraotrs,ou=Groups,dc=gzdomain,dc=com

description: Members can fully administer the computer/domain

objectClass: posixGroup

gidNumber: 220

cn: Administrators

description: Windows Domain Members can fully administer the computer/domain

dn: cn=Users,ou=Groups,dc=gzdomain,dc=com

description:Ordinary users

objectClass: posixGroup

gidNumber: 221

cn: Users

description: Windows Domain Ordinary users

dn: cn=Guests,ou=Groups,dc=gzdomain,dc=com

description: Users granted guest access to the computer/domain

objectClass: posixGroup

gidNumber: 222

cn: Guests

memberUid:nobody

description: Windows Domain Users granted guest access to the computer/domain

dn: cn=Power Users,ou=Groups,dc=gzdomain,dc=com

description: Members can share directories and printers

objectClass: posixGroup

gidNumber: 223

cn: Power users

description: Windows Domain Members can share directories and printers

dn: cn=Account Operators,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 224

cn: Account Operators

description: Windows Domain Users to manipulate users accounts

dn: cn=Server Operators,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 225

cn: Server Operators

description: Windows Domain Server Operators

dn: cn=Print Operators,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 226

cn: Print Operators

description: Windows Domain Print Operators

dn: cn=Backup Operators,ou=Groups,dc=gzdomain,dc=com

objectClass: posixGroup

gidNumber: 227

cn: Backup Operators

description: Windows Domain Members can bypass file security to back up files

dn: cn=Replicator,ou=Groups,dc=gzdomain,dc=com

description: Supports file replication in a domain

objectClass: posixGroup

gidNumber: 228

cn: Replicator

description: Windows Domain Supports file replication in a domain

Slapd.conf

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include /etc/openldap/schema/core.schema

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/inetorgperson.schema

include /etc/openldap/schema/nis.schema

include /etc/openldap/schema/samba.schema

include /etc/openldap/schema/redhat/rfc822-MailMember.schema

include /etc/openldap/schema/redhat/autofs.schema

include /etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral ldap://root.openldap.org

#pidfile //var/run/slapd.pid

#argsfile //var/run/slapd.args

# Create a replication log in /var/lib/ldap for use by slurpd.

#replogfile /var/lib/ldap/master-slapd.replog

# Load dynamic backend modules:

# modulepath /usr/sbin/openldap

# moduleload back_ldap.la

# moduleload back_ldbm.la

# moduleload back_passwd.la

# moduleload back_shell.la

#

# The next three lines allow use of TLS for connections using a dummy test

# certificate, but you should generate a proper certificate by changing to

# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on

# slapd.pem so that the ldap user or group can read it.

# TLSCertificateFile /usr/share/ssl/certs/slapd.pem

# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt

#

# Sample Access Control

# Allow read access of root DSE

# Allow self write access

# Allow authenticated users read access

# Allow anonymous users to authenticate

#

#access to dn="" by * read

#access to *

# by self write

# by users read

# by anonymous auth

#

# if no access controls are present, the default is:

# Allow read by all

#

# rootdn can always write!

###########################

# ldbm database definitions

###########################

database ldbm

suffix "dc=gzdomain,dc=com"

#suffix "o=My Organization Name,c=US"

rootdn "cn=Manager,dc=gzdomain,dc=com"

#rootdn "cn=Manager,o=My Organization Name,c=US"

# Cleartext passwords, especially for the rootdn, should

# be avoided. See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw secret

# rootpw {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd/tools. Mode 700 recommended.

directory /var/lib/ldap

# Indices to maintain

index objectClass,uid,uidNumber,gidNumber,memberUid eq

index cn,mail,surname,givenname eq,subinitial

# Replicas to which we should propagate changes

#replica host=ldap-1.example.com:389 tls=yes

# bindmethod=sasl saslmech=GSSAPI

# authcId=host/ldap-master.example.com@EXAMPLE.COM

Smb.conf

[global]

workgroup = gzdomain

netbios name = proxy

server string = samba server

hosts allow = 192.168.1. 192.168.2. 127.

log file = /var/log/samba/%m.log

max log size = 0

security = USER

encrypt passwords = yes

passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u

passwd chat = *new*password* %n

*new*password* %n

*successfully*

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

domain master = yes

local master = yes

os level = 255

preferred master = yes

domain logons = yes

wins server = 192.168.1.1

ldap suffix = "dc=gzdomain,dc=com"

ldap admin dn = "cn=Manager,dc=gzdomain,dc=com"

ldap port = 389

ldap server = 127.0.0.1

ldap ssl = no

;add user script = /usr/local/sbin/smbldap-useradd.pl -w %u

;domain admin group = " @"Domain Admins" "

dns proxy = no

#============================ Share Definitions ==============================

[homes]

comment = Home Directories

browseable = no

writeable = yes

valid users = %S

create mode = 0777

directory mode = 0777

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有