Saturday, December 18, 2010

LDAP SAMBA to Primary Domain Controller - Part 2

------------------------------------------------------------------------------------

Samba config:
#vim /etc/samba/smb.conf

[global]
workgroup = hbn.local
netbios name = HBN
enable privileges = yes
#interfaces = 192.168.1.131
username map = /etc/samba/smbusers

server string = samba-ldap-pdc
security = user
encrypt passwords = Yes
admin users = root
#min passwd length = 3
obey pam restrictions = No

ldap passwd sync = Yes

log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
#time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

#guest account = root

logon script = logon.bat
logon drive =
logon home =
logon path =

domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes

passdb backend = ldapsam:ldap://127.0.0.1

ldap admin dn = cn=Manager,dc=hbn,dc=local

ldap suffix = dc=hbn,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
idmap backend = ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
#ldap ssl = start_tls
add user script = /usr/sbin/smbldap-useradd -a '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u''%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'

#logon script = STARTUP.BAT

[homes]

comment = Home Directories
valid users = %U
read only = No
create mask = 0664
directory mask = 0775
browseable = No

[profiles]

path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = Yes
csc policy = disable
force user = %U
valid users = %U @"Domain Admins"


[netlogon]
path = /home/samba/netlogon/
browseable = No
read only = yes

save and quit
------------------------------------------------------------------------------
# mkdir /home/samba
# mkdir /home/samba/netlogon
# mkdir /home/samba/profiles
# chmod 1777 /home/samba/profiles 

#smbpasswd -w 123456
Setting stored password for "cn=Manager,dc=hbn,dc=local" in secrets.tdb

# smbldap-populate
Populating LDAP directory for domain hbn.local (S-1-5-21-3926925045-1584093657-3115473201)
(using builtin directory structure)

adding new entry: dc=hbn,dc=local
adding new entry: ou=Users,dc=hbn,dc=local
adding new entry: ou=Groups,dc=hbn,dc=local
adding new entry: ou=Computers,dc=hbn,dc=local
adding new entry: ou=Idmap,dc=hbn,dc=local
adding new entry: uid=root,ou=Users,dc=hbn,dc=local
adding new entry: uid=nobody,ou=Users,dc=hbn,dc=local
adding new entry: cn=Domain Admins,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Domain Users,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Domain Guests,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Domain Computers,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Administrators,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Account Operators,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Print Operators,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Backup Operators,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Replicators,ou=Groups,dc=hbn,dc=local
adding new entry: sambaDomainName=hbn.local,dc=hbn,dc=local

Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:

# vim dsa.ldif
dn: ou=DSA,dc=hbn,dc=local
objectClass: top
objectClass: organizationalUnit
ou: DSA
description: security accounts for LDAP clients


dn: cn=samba,ou=DSA,dc=hbn,dc=local
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: sambasecretpwd
cn: samba


dn: cn=nssldap,ou=DSA,dc=hbn,dc=local
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: nssldapsecretpwd
cn: nssldap



dn: cn=smbtools,ou=DSA,dc=hbn,dc=local
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: smbtoolssecretpwd
cn: smbtools

# ldapadd -x -h localhost -D "cn=Manager,dc=hbn,dc=local" -f dsa.ldif -W
Enter LDAP Password:
adding new entry "ou=DSA,dc=hbn,dc=local"

adding new entry "cn=samba,ou=DSA,dc=hbn,dc=local"

adding new entry "cn=nssldap,ou=DSA,dc=hbn,dc=local"

adding new entry "cn=smbtools,ou=DSA,dc=hbn,dc=local"

#ldappasswd -x -h localhost -D "cn=Manager,dc=hbn,dc=local" -s password -W cn=samba,ou=DSA,dc=hbn,dc=local

# /etc/init.d/smb start
Starting SMB services: [  OK  ]
Starting NMB services: [  OK  ]

Now create a samba user account for UNIX and SAMBA

# smbldap-useradd -a -m namhb
# smbldap-passwd namhb
Changing UNIX and samba passwords for namhb
New password:
Retype new password:

Now create a machine trust account
# smbldap-useradd -w winxp

Finish, join domain and test:
Demo:



Or:
http://www.mediafire.com/?qx982a5igkv51m5
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more. 

No comments:

Install Xposed Inspector and Frida on Genymotion

Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup ther...