Sunday, October 3, 2010

Samba - LDAP Building PDC - Primary Domain Controller

Nice tut for week-end. Long time to re-train Linux :)). So i start to built one PDC. 2 hour for first-time, hix
It is easiest way to buil PDC. thanks
Start:
Disable FireWall, SeLinux
yum install -y vim-ehanced
edit hosts file
    vim /etc/hosts
        # Do not remove the following line, or various programs
        # that require network functionality will fail.
        192.168.19.101  pdc.hbn.local pdc
        127.0.0.1       localhost.localdomain localhost
        ::1             localhost6.localdomain6 localhost6
   
    vim /etc/sysconfig/network
        NETWORKING=yes
        NETWORKING_IPV6=no
        HOSTNAME=pdc.hbn.local
        GATEWAY=192.168.19.2
install bind ( note you must add pdc.hbn.local to 192.168.19.101)
        previous entry
install ldap
    yum -y install openldap-servers openldap-clients
   
generate ldap password admin
    slappasswd -s nam123 -h {MD5}
        {MD5}VOGTJ3IVySVwvJZZvUj/QA==
edit config
    vim /etc/openldap/slapd.conf
       
   
    # line 86: specify suffix
    suffix   "dc=hbn,dc=local"
    # line 87: specify admin suffix
    rootdn   "cn=Manager,dc=hbn,dc=local"
    # line 93: specify password generated (1)
    rootpw   {MD5}************************
    # add at the bottom
    access to attrs=userPassword
    by self write
    by dn="cn=Manager,dc=hbn,dc=local" write
    by anonymous auth
    by * none
    access to *
    by dn="cn=Manager,dc=hbn,dc=local" write
    by self write
    by * read

access to *
    by dn="cn=Manager,dc=hbn,dc=local" write
    by self write
    by * read
   
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
/etc/init.d/ldap start
chkconfig ldap on
cd /usr/share/openldap/migration
vim migrate_common.ph
    # line 71: specify domain name
    $DEFAULT_MAIL_DOMAIN = "hbn.local";
    # line 74: specify suffix
    $DEFAULT_BASE = "dc=hbn,dc=local";
./migrate_base.pl > base.ldif
ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f base.ldif
useradd cent
passwd cent
useradd fedora
passwd fedora
grep "x:[5-9][0-9][0-9]" /etc/passwd > passwd
grep "x:[5-9][0-9][0-9]" /etc/group > group
./migrate_passwd.pl passwd > passwd.ldif
./migrate_group.pl group > group.ldif
ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f passwd.ldif
ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f group.ldif
install samba
    yum -y install samba
    cp /usr/share/doc/samba-*/LDAP/samba.schema /etc/openldap/schema/
    vim /etc/openldap/slapd.conf
        include /etc/openldap/schema/core.schema
        include /etc/openldap/schema/cosine.schema
        include /etc/openldap/schema/inetorgperson.schema
        include /etc/openldap/schema/nis.schema
        # add
        include /etc/openldap/schema/samba.schema
        # add
        access to attrs=userPassword,sambaLMPassword,sambaNTPassword
            by self write
            by dn="cn=Manager,dc=hbn,dc=local" write
            by anonymous auth
            by * none
/etc/rc.d/init.d/ldap restart

setup this PDC is openldap-client
    setup
        select Authentication Configuration
        check boxes:
            Use LDAP
            and
            Use LDAP Authenication
            Next
        change server to: 192.168.19.101 ( this PDC)
        and Base DN to: dc=hbn,dc=local
       
    vim /etc/pam.d/system-auth
add at the bottom
    session optional pam_mkhomedir.so skel=/etc/skel umask=077
   
install smb-tool
    install EPL
    wget http://download.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL
    rpm --import RPM-GPG-KEY-EPEL
    rm -f RPM-GPG-KEY-EPEL
    vim /etc/yum.repos.d/epel.repo
        # create new file like below
        [epel]
        name=EPEL RPM Repository for Red Hat Enterprise Linux
        baseurl=http://download.fedora.redhat.com/pub/epel/$releasever/$basearch/
        gpgcheck=1
        enabled=0
        # When you use EPEL repository, Input yum command like below.
    yum --enablerepo=epel -y install smbldap-tools
    mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
    cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf
    vim /etc/samba/smb.conf
        # line 3: change workgroup name to any one
        workgroup = HBNLOCAL
        # line 12: maike it comment
        #min passwd length = 3
        # line 22: change
        ldap passwd sync =yes
        # line 33,34: change
        Dos charset =CP932
        Unix charset =UTF-8
        # line 48: change LDAP admin DN (LDAP server's one)
        passdb backend = ldapsam:ldap://127.0.0.1/
        ldap admin dn = cn=Manager,dc=hbn,dc=local
        # line 50: change LDAP suffix (LDAP server's one)
        ldap suffix =dc=hbn,dc=local
        ldap group suffix = ou=Group
        ldap user suffix = ou=People
        # line 60: uncomment
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        # line 64: add (specify admin user)
        set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
        admin users = admin
    mkdir /home/netlogon
    service smb restart
    smbpasswd -W
        type LDAP admin pass ( nam123)
    /usr/share/doc/smbldap-tools-*/configure.pl
    smbldap-populate
    smbldap-groupadd -a admin
    smbldap-useradd -am -g admin admin
    smbldap-passwd admin
   
This is result:

This is txt tut: http://www.mediafire.com/?935084cnwa96df8
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.

No comments:

Install Xposed Inspector and Frida on Genymotion

Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup ther...