Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 5

Previous Tutorial :

  1. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1, Installing Base System & Configuring Samba
  2. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2, Configuring OpenLDAP
  3. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 3, Configuring smbldap-tools & LDAP Account Manager
  4. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 4, Configuring Dynamic DHCP & DNS Server


TESTING  SAMBA CONFIGURATION

  1. Check Samba configuration with the following command:
    [code language=’cpp’]
    testparm
    [/code]
    It should be display the following response :

    Load smb config files from /etc/samba/smb.conf
    Processing section “[homes]”
    Processing section “[printers]”
    Processing section “[netlogon]”
    Processing section “[profiles]”
    Processing section “[share]”
    Loaded services file OK.
    Server role: ROLE_DOMAIN_PDC
    Press enter to see a dump of your service definitions

    If you find any error message, try to look at the Samba configuration as we have setup on first tutorial.

  2. Give the proper permission for user profile folder. Adjust the folder to be match with your Samba profiles (see /etc/samba/smb.conf on profiles folder share) :
    [code language=’cpp’]
    chmod 1777 /data/samba/profiles
    [/code]
  3. Test whether Samba has been setup successfully or no.
    [code language=’cpp’]
    smbclient -L localhost -N
    [/code]
    Just press  ENTER if Samba asking for user name and password. You should have the following response (the result may vary , depends on your Samba and your network configuration) :

    added interface ip=192.168.1.254 bcast=192.168.1.255 nmask=255.255.255.0
    Anonymous login successful
    Domain=[VAVAI.NET] OS=[Unix] Server=[Samba 3.0.12-5-SUSE]
    Sharename Type Comment
    ——— —- ——-
    profiles Disk Roaming Profiles
    share Disk share
    IPC$ IPC IPC Service (Samba 3.0.12-5-SUSE)
    ADMIN$ IPC IPC Service (Samba 3.0.12-5-SUSE)
    Anonymous login successful
    Domain=[VAVAI.NET] OS=[Unix] Server=[Samba 3.0.12-5-SUSE]
    Server Comment
    ——— ——-
    SERVER Samba 3.0.12-5-SUSE
    Workgroup Master
    ——— ——-
    VAVAI.NET SERVER

    If you find the following error :

    Error connecting to 127.0.0.1 (Connection refused)
    Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

    Change the ”/etc/hosts” as follows:
    [code language=’cpp’]
    # IP-Address Full-Qualified-Hostname Short-Hostname
    #
    127.0.0.1 localhost server.vavai.net
    127.0.0.2 server.vavai.net server
    192.168.1.254 server.vavai.net server vavai.net
    [/code]
    Reboot your computer and then try  “smbclient -L localhost -N” again.

SETUP OPENLDAP

  1. Edit  ”/etc/nsswitch.conf” and change or add the following code :
    [code language=’cpp’]
    passwd: files ldap
    group: files ldap
    [/code]
  2. Check account and LDAP data. You must see minimum 2 account : Admin and nobody:
    [code language=’cpp’]
    getent passwd
    [/code]
    Response:
    +::0:0:::
    Admin:x:998:512:Netbios Domain Administrator:/home/Admin:/bin/false
    nobody:x:999:514:nobody:/dev/null:/bin/false
  3. If you find the above respon, continue with setting up  PAM
    [code language=’cpp’]
    pam-config -a –mkhomedir –mkhomedir-skel=/etc/skel –mkhomedir-umask=0022
    [/code]
  4. Edit ”/etc/pam.d/common-session” and change the following line:
    [code language=’cpp’]
    session optional pam_mkhomedir.so umask=0022 skel=/etc/skel
    [/code]
    to:
    [code language=’cpp’]
    session required pam_mkhomedir.so umask=0022 skel=/etc/skel
    [/code]
  5. Run all service and configure them to be activated on boot
    [code language=’cpp’]
    service named restart
    service dhcpd restart
    service ldap restart
    service smb restart
    service nmb restart
    service mysql restart
    service apache2 restart
    chkconfig named on
    chkconfig dhcpd on
    chkconfig smb on
    chkconfig nmb on
    chkconfig ldap on
    chkconfig mysql on
    chkconfig apache2 on
    [/code]

CLIENT SETUP

  • Add user & computer account
    [code language=’cpp’]
    smbldap-useradd -a -m username
    smbldap-passwd username
    [/code]Note: Computer name should be added automatically on join domain but if account have not added automatically, do the following command to add computer account :
    [code language=’cpp’]
    smbldap-useradd -w computername$
    [/code]
  • For openSUSE workstation, use YAST menu to add your client as domain member : YAST | Network Services | Windows Domain Membership
  • For Windows XP client, do the folowing configuration before join :
    • Open regedit, START | RUN | REGEDIT
    • FInd regedit entry HKLM (HKEY_LOCAL MACHINE) – SYSTEM – CurrentControlSet – Service – Netlogon – Parameters
    • Click on right windows and choose New – DWORD value, with variable name : requiresignorseal, value : 0
    • If you found an existing entry and it’s value is 1, change the value with  0
    • Close regedit
    • Right click on ”’My Computer”’, choose ”’Properties”’
    • Choose ”’Computer Name”’ tab
    • Click ”’Change”’
    • Set Domain & computer name
    • Use root with root password if Windows ask for Administrator privilege
  • Next Tutorial  : Tutorial Samba PDC + OpenLDAP on openSUSE Part  6, Problem Solving

    5 thoughts on “Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 5

    1. I have the nobody account but I do not see the “admin” account when running the following:
      Response:
      +::0:0:::
      Admin:x:998:512:Netbios Domain Administrator:/home/Admin:/bin/false
      nobody:x:999:514:nobody:/dev/null:/bin/false

    2. I have the nobody account but I do not see the “admin” account when running the following:
      Response:
      +::0:0:::
      Admin:x:998:512:Netbios Domain Administrator:/home/Admin:/bin/false
      nobody:x:999:514:nobody:/dev/null:/bin/false

    3. When running testparm, I received the following message about printer admin being deprecated:
      Load smb config files from /etc/samba/smb.conf
      WARNING: The “printer admin” option is deprecated
      Processing section “[homes]”
      Processing section “[sysvol]”
      Processing section “[netlogon]”
      Processing section “[profiles]”
      Processing section “[Documents]”
      Loaded services file OK.
      Server role: ROLE_DOMAIN_PDC
      Press enter to see a dump of your service definitions

    Leave a Reply

    Your email address will not be published. Required fields are marked *