Samba整合Openldap认证
2024-05-10 15:04:21
Step 1☆ 執行安裝命令
rpm -ivh http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm yum install httpd mysql mysql-server php php-bcmath php-gd php-mbstring php-xml php-ldap php-devel php-mysql openldap openldap-servers openldap-clients openldap-devel samba samba-client samba-common samba-swat db4 db4-devel perl migrationtools pam_ldap nss-pam-ldapd perl-Crypt-SmbHash smbldap-tools
Step 2☆ 配置认证
authconfig-tuiUser Information ---- Use LDAPAuthentication ---- User MD5 Passwords Use Shadow Paawords Use LDAP authentication Use Local Authorization is sufficient
Step 3☆ 开启防火墙端口,复制配置文件
开启防火墙iptables -A INPUT -p tcp --dport 80 -j ACCEPTiptables -A INPUT -p tcp --dport 3306 -j ACCEPTiptables -I INPUT -p tcp --dport 139 -j ACCEPTiptables -I INPUT -p tcp --dport 445 -j ACCEPTiptables -I INPUT -p tcp --dport 389 -j ACCEPTservice iptables save 复制配置文件cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.confcp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Step 4☆ 配置LDAP
1、生成管理者密码slappasswd admin----{SSHA}KJku+amXs1PhvMn8xK+sa1J2/QXg2XMa
2、编辑配置文件cp -a /etc/openldap/slapd.d /etc/openldap/slapd.d.bakcp -a /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak
vim /etc/openldap/slapd.conf # -增加samba使用LDAP认证include /etc/openldap/schema/samba.schema
# -修改DN信息database monitoraccess to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.exact="cn=root,dc=example,dc=com" read by * none
######################################################################## database definitions#######################################################################
database bdbsuffix "dc=example,dc=com"checkpoint 1024 15rootdn "cn=root,dc=example,dc=com"rootpw {SSHA}vh49ERIro5ND8TMrlexHAmUvvuuev2md
vim /etc/openldap/ldap.conf
BASE dc=example,dc=com
3、新增ldif文件mkdir /etc/openldap/data
vim /etc/openldap/data/root.ldif# EXAMPLE LDAP Base DNdn: dc=example,dc=comdc: exampleo: example.comdescription: Root LDAP entry for example.comobjectClass: topobjectClass: dcObjectobjectClass: organization
# Magager example.com Root DNdn: ou=Users,dc=example,dc=comou: UsersobjectClass: organizationalUnit
dn: ou=Groups,dc=example,dc=comou: GroupsobjectClass: organizationalUnit
4、将资料加入OpenLDAP
rm -rf /etc/openldap/slapd.d/*
slapadd -v -l /etc/openldap/data/root.ldif
The first database does not allow slapadd; using the first available one (2)added: "dc=example,dc=com" (00000001)added: "ou=Users,dc=example,dc=com" (00000002)added: "ou=Groups,dc=example,dc=com" (00000003)_#################### 100.00% eta none elapsed none fast! Closing DB...
查询结果ldapsearch -x -b 'dc=example,dc=com'
新增使用者adminadduser adminpasswd admincp /etc/passwd /etc/openldap/admin
vim /etc/openldap/adminadmin:x:500:500::/home/admin:/bin/bash
5、转换使用信息cd /usr/share/migrationtools__________________________ vim migrate_common.ph
# Default DNS domain $DEFAULT_MAIL_DOMAIN = "example.com";
# Default base $DEFAULT_BASE = "dc=example,dc=com";____________________
./migrate_passwd.pl /etc/openldap/admin > /etc/openldap/data/user-admin.ldif
vim /etc/openldap/data/user-admin.ldif 我只是做簡單設定所以直接將使用者放置在根目錄下,而不是用 ou=People 來存放(所以要移除 ou=People)dn: uid=admin,dc=example,dc=comuid: admincn: adminobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword: {crypt}$6$n1QQj5WS$H339VGvmLnHtOqieyDOaOTMcOXZEkMEvKpQWc3.4EnAWTQzrjm6EWk3xmA3lT1Z1M5Ps94FMvtfoX.tedZflE/shadowLastChange: 16141shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /bin/bashuidNumber: 500gidNumber: 500homeDirectory: /home/admin
6、添加admin至OpenLDAPslapadd -v -l /etc/openldap/data/user-admin.ldif
The first database does not allow slapadd; using the first available one (2)added: "uid=admin,dc=example,dc=com" (00000004)_#################### 100.00% eta none elapsed none fast! Closing DB...
查询结果ldapsearch -x -b 'dc=example,dc=com'
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
修改目录权限chown -R ldap:ldap /var/lib/ldapchown -R ldap:ldap /etc/openldap/slapd.d
启动LDAP服务service slapd start
Step 5☆ 配置Samba
1、编辑配置文件
vim /etc/samba/smb.conf
workgroup = examplenetbios name = Samba___________________ security = user passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = "dc=example,dc=com" ldap admin dn = "cn=root,dc=example,dc=com" ldap group suffix = "ou=Groups" ldap group suffix = "ou=Users" ldap delete dn = no ldap passwd sync = yes encrypt passwords = yes ldap ssl = no_________________________________________
2、samba 要與 openldap 溝通前,samba 要先將 openldap 的密碼存在 /etc/samba/secrets.tdb,密碼就是剛剛設定 openldap 時要一樣smbpasswd -w ooxxooSetting stored password for "cn=root,dc=example,dc=com" in secrets.tdb
service smb restart
Step 6☆ LDAP 加入 SambaAccount
1、新增用户smbpasswd -a adminNew SMB password:Retype new SMB password:Added user admin. 2、查询结果;service slapd startldapsearch -x -b "uid=admin,dc=example,dc=com" # extended LDIF## LDAPv3# base <uid=admin,dc=example,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL# # admin, example.comdn: uid=admin,dc=example,dc=comuid: admincn: adminobjectClass: accountobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountobjectClass: sambaSamAccountuserPassword:: e2NyeXB0fSQ2JG4xUVFqNVdTJEgzMzlWR3ZtTG5IdE9xaWV5RE9hT1RNY09YWkV rTUV2S3BRV2MzLjRFbkFXVFF6cmptNkVXazN4bUEzbFQxWjFNNVBzOTRGTXZ0Zm9YLnRlZFpmbEUvshadowLastChange: 16141shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /bin/bashuidNumber: 500gidNumber: 500homeDirectory: /home/adminsambaSID: S-1-5-21-1424841453-2780155375-4094610587-1001sambaNTPassword: 209C6174DA490CAEB422F3FA5A7AE634sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000sambaPwdLastSet: 1394606885sambaAcctFlags: [U ] # search resultsearch: 2result: 0 Success # numResponses: 2# numEntries: 1
Step 7☆ 测试
smbclient -L 127.0.0.1 -U admin Enter admin's password: Domain=[EXAMPLE] OS=[Unix] Server=[Samba 3.6.9-167.el6_5]Sharename Type Comment--------- ---- -------IPC$ IPC IPC Service (Samba Server Version 3.6.9-167.el6_5)admin Disk Home Directories Domain=[EXAMPLE] OS=[Unix] Server=[Samba 3.6.9-167.el6_5]Server Comment--------- -------Workgroup Master--------- -------
Step 8☆ 创建用户及共享文件进行测试
1、创建LDAP用户及设定密码新建user.ldif dn: uid=terry,ou=Users,dc=example,dc=com uid: terry cn: terry objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: shadowLastChange: 16142 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/sh uidNumber: 500 gidNumber: 500 homeDirectory: /home/terry导入用户文件 service slapd stop slapadd -v -l /etc/openldap/data/user.ldif service slapd start 查询用户信息: ldapsearch -x -b "uid=terry,ou=Users,dc=example,dc=com"# extended LDIF # # LDAPv3 # base <uid=terry,ou=Users,dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL ## terry, Users, example.com dn: uid=terry,ou=Users,dc=example,dc=com uid: terry cn: terry objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: shadowLastChange: 16142 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/sh uidNumber: 500 gidNumber: 500 homeDirectory: /home/terry# search result search: 2 result: 0 Success# numResponses: 2 # numEntries: 1 我们有看到userPassword:密码是空,现在设置密码 ldappasswd -x -D "cn=Manager,dc=example,dc=com" -W "uid=terry,ou=Users,dc=example,dc=com" -S确认密码信息设置成功,查看userPassword项ldapsearch -x -b "uid=terry,ou=Users,dc=example,dc=com"# extended LDIF # # LDAPv3 # base <uid=terry,ou=Users,dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL ## terry, Users, example.com dn: uid=terry,ou=Users,dc=example,dc=com uid: terry cn: terry objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 16142 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/sh uidNumber: 500 gidNumber: 500 homeDirectory: /home/terry userPassword:: e1NTSEF9ZllqUzFtcmE5YUpBblZGa0xzV1NmK2hneGpoTUEybUc=# search result search: 2 result: 0 Success# numResponses: 2 # numEntries: 1加入Samba用户中 smbpasswd -a terryNew SMB password: Retype new SMB password: Added user terry.再次确认用户信息,多出了samba相关属性 ldapsearch -x -b "uid=terry,ou=Users,dc=example,dc=com" # extended LDIF # # LDAPv3 # base <uid=terry,ou=Users,dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL ## terry, Users, example.com dn: uid=terry,ou=Users,dc=example,dc=com uid: terry cn: terry objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: sambaSamAccount shadowLastChange: 16142 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/sh gidNumber: 500 homeDirectory: /home/terry uidNumber: 501 sambaSID: S-1-5-21-462812514-1559415819-1441562936-1002 displayName: terry userPassword:: e1NTSEF9NzBURENybGQzSzZkSjlBL2xjTkRVaUdSZnhxMDVqUU8= sambaNTPassword: 748B42BFDA9DBBF776AC41DFF0E69A16 sambaPasswordHistory: 0000000000000000000000000000000000000000000000000000000000000000 sambaPwdLastSet: 1394762212 sambaAcctFlags: [U ]# search result search: 2 result: 0 Success# numResponses: 2 # numEntries: 12、新建Samba共享文件夹 vim /etc/samba/smb.conf[Public]comment = Publicpath = /tmppublic = yeswritable = yesprintable = noservice smb restart3、测试 smbclient -L 127.0.0.1 -U terry Enter terry's password: Domain=[EXAMPLE] OS=[Unix] Server=[Samba 3.6.9-167.el6_5]Sharename Type Comment--------- ---- -------Public Disk PublicIPC$ IPC IPC Service (Version 3.6.9-167.el6_5)terry Disk Home Directories Domain=[EXAMPLE] OS=[Unix] Server=[Samba 3.6.9-167.el6_5]Server Comment--------- -------Workgroup Master--------- -------
转载于:https://blog.51cto.com/fshuanglan/1376348
Samba整合Openldap认证相关推荐
- linux samba 配置ldap认证,Samba通过Openldap统一认证
Samba通过Openldap统一认证 发布时间:2020-07-07 05:13:49 来源:51CTO 阅读:25675 作者:linuxzkq 1.环境准备 1.1.实验环境 [root@mob ...
- Zabbix 整合ldap认证
前提: zabbix部署完成:CentOS7.3 64位,搭建Zabbix3.4 ldap部署完成:OpenLDAP安装部署 一.LDAP服务端 1.ldap登录信息 2.查看ldap组织架构 3.添 ...
- LDAP落地实战(三):GitLab集成OpenLDAP认证
上一篇文章介绍了svn集成OpenLDAP认证,版本控制除了svn外,git目前也被越来越多的开发者所喜爱,本文将介绍GitLab如何集成openldap实现账号认证 GitLab集成OpenLDAP ...
- 五、Springboot 整合Shiro---03认证---第三方QQ登陆
本章节基于:四.Springboot 整合Shiro---02认证---记住我 在开始之前,先要理解一下oauth2: 推荐去看一下(六.授权码模式):阮一峰讲解的oauth2 下面附上一张阮一峰博客 ...
- linux samba 配置ldap认证,Samba集成Ldap认证
Samba集成Ldap认证 1.基础安装 yum -y install samba-common samba samba-client smbldap-tools openldap-clients ...
- openldap 认证
openldap openldap openldap简介 openldap基础配置与操作 安装openldap 配置openldap 全局配置文件 数据库配置文件 建立安全连接 证书配置相关参数 启动 ...
- Centos配置OpenVPN+OpenLDAP认证
Centos配置OpenVPN+OpenLDAP认证 一.安装openvpn-auth-ldap插件 二.配置ldap.conf文件 三.配置openvpn中的server.conf文件 四.配置客户 ...
- CentOS 6 使用 OpenLDAP 认证
为什么80%的码农都做不了架构师?>>> OpenLDAP 简介 OpenLDAP 简介网上一大堆这里就不做介绍,可参考:http://baike.baidu.com/view ...
- SpringBoot整合Shiro(认证+授权)
文章目录 Shiro框架简介 Spring Boot整合shiro环境搭建 Shiro实现登录拦截 Shiro框架简介 Apache Shiro是一个强大且易用的Java安全框架,执行身份认证丶授权丶 ...
最新文章
- Web服务器性能/压力测试工具http_load、webbench、ab、Siege使用教程
- sping配置文件中引入properties文件方式
- 基于稀疏表示的人脸识别 (SRC,LASRC,RASL,MRR)
- JK_Rush关于索引的一些总结
- Java 设计模式之观察者模式
- linux共享内存与信号量的使用
- 不同级别UI设计师的区别有哪些?
- 编程语言API性能大比拼
- 14 FI配置-财务会计-定义未结清过帐期间变式
- 单链表(c语言实现)贼详细
- RHEL 7.5 部署 OpenStack Queens 踩坑记
- uv4:you are not logged in as an administrator
- mysql odbc连接池_Java Mysql连接池配置和案例分析--超时异常和处理
- 进销存excel_(升级版)进销存管理系统,含Excel函数公式全自动,高效率
- 蓝牙定位原理-灵思科
- 几何公差学习笔记(一)-- 公差要素的概念
- eaxsinbx_二次微分方程的通解
- mysql查询前100个_mysql查询前100条数据
- matlab contourf去掉等高线,MATLAB 等高线边界问题:怎么让等高线在边界外不显示...
- python打造最全画地图,可视化数据
热门文章
- nodejs shell交互_nodejs调用shell
- esp8266接收到的数据如何存放到数组中_java零基础——数组
- python求n的阶乘_python求n的阶乘
- 语言里怎么防误输_育儿知识|我们的孩子为什么会怕输?
- python反转义字符_Python对HTML转义字符进行反转义的实现方法
- spss回归分析_回归分析中的简单斜率检验:用SPSS或jamovi实现
- 魔术师发牌问题 java_魔术师发牌问题--java实现
- python实现数字循环相加_python使用递归、尾递归、循环三种方式实现斐波那契数列...
- python中字典的键必须是可以哈希的对象
- liferay 如何在页面实现添加多个portlet