Configuración de smbldap_bind.conf

slaveDN=”cn=samba,dc=devel,dc=rimed,dc=cu”
slavePw=”passwdkey”
masterDN=”cn=samba,dc=devel,dc=rimed,dc=cu”
masterPw=”passwdkey”

Configuración del smbldap.conf

SID=”S-1-5-21-1438103984-1038672715-3043798412″
sambaDomain=”devel”
slaveLDAP=”127.0.0.1″
slavePort=”389″
masterLDAP=”127.0.0.1″
masterPort=”389″
ldapTLS=”0″
verify=”none”
suffix=”dc=devel,dc=rimed,dc=cu”
usersdn=”ou=usuarios,${suffix}”
computersdn=”ou=equipos,${suffix}”
groupsdn=”ou=grupos,${suffix}”
sambaUnixIdPooldn=”sambaDomainName=devel,${suffix}”
scope=”sub”
hash_encrypt=”MD5″
crypt_salt_format=”%s”
userLoginShell=”/bin/bash”
userHome=”/home/%U”
userHomeDirectoryMode=”700″
userGecos=”System User”
defaultUserGid=”513″
defaultComputerGid=”20003″
skeletonDir=”/etc/skel”
userSmbHome=”\\server\%U”
userProfile=”\\server\%U\profile”
userHomeDrive=”X:”
userScript=”logon.bat”
mailDomain=”devel.rimed.cu”
with_smbpasswd=”0″
smbpasswd=”/usr/bin/smbpasswd”
with_slappasswd=”0″
slappasswd=”/usr/sbin/slappasswd”

Configurado el Samba

###########################################################################################

## La siguiente Configuracion es la del Paquete Samba Como Controlador de Dominio ## ##########################################################################################

[global]
workgroup = devel
netbios name = server
netbios aliases = pdc
realm = pdc.devel.rimed.cu
server string = Controlador de Dominio
os level = 85
preferred master = yes
local master = yes
domain master = yes
domain logons = yes
time server = yes
security = user
guest ok = no
encrypt passwords = yes
null passwords = no
wins support = yes
name resolve order = wins bcast hosts host
dns proxy = no
socket options = TCP_noDELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
hosts allow = 127.0.0.1 10.0.0.0/255.255.0.0
keep alive = 30
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
log level = 1
syslog = 0
max log size = 512
hide unreadable = yes
unix charset = ISO8859−1
dos charset = 850
case sensitive = no
preserve case = yes
short preserve case = yes
logon drive = X:
logon home = \\server\%U
logon path = \\server\%U\profile
logon script = %U.bat
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = “Changing password for*\nNew password*” %n\n “*Retype new password*” %n\n”
passdb backend = ldapsam:ldap://127.0.0.1/
ldap suffix = dc=devel,dc=rimed,dc=cu
ldap machine suffix = ou=equipos
ldap user suffix = ou=usuarios
ldap group suffix = ou=grupos
ldap admin dn = cn=samba,dc=devel,dc=rimed,dc=cu
ldap delete dn = no
enable privileges = yes
ldap password sync = yes
add user script = /usr/sbin/smbldap-useradd -m “%u”
delete user script = /usr/sbin/smbldap-userdel “%u”
add machine script = /usr/sbin/smbldap-useradd -t 0 -w “%u”
add group script = /usr/sbin/smbldap-groupadd -p “%g”
delete group script = /usr/sbin/smbldap-groupdel “%g”
add user to group script = /usr/sbin/smbldap-groupmod -m “%u” “%g”
delete user from group script = /usr/sbin/smbldap-groupmod -x “%u” “%g”
set primary group script = /usr/sbin/smbldap-usermod -g ‘%g’ ‘%u’
[netlogon]
comment = Network Logon Service
path = /etc/samba/netlogon
write list = root
read only = yes
guest ok = yes
browseable = no
fake oplocks = yes
[homes]
comment = Carpeta Personal
path = /home/%U
force user = %U
read only = no
inherit permissions = yes
hide files = /profile/desktop.ini/ntuser.ini/NTUSER.*/Maildir/.procmail/
browseable = no
csc policy = disable
root preexec = /etc/samba/build_conect “/home/%U” “%u” “%g” “%T” “%m” “%I”
root postexec = /etc/samba/build_closed “/home/%U” “%T” “%m” “%I”

Modificando los Pam…

Este pequeño script tiene como objetivo permitir que las pc de linux puedan iniciar sesion con el usuario del dominio. El mismo esta montado en Linux..

LA GRAN MAYORIA DE LA DOCUMENTACION QUE SE PUBLIQUE EN ESTE BLOG SERA SOBRE LA DISTRO DEBIAN ETCH..

Dar permiso de ejecución al script chmod +x ./domain
############################################
Este script puede modificarlo,copiarlo, eliminarlo, hacer lo que usted estime combeniente
Licencia GPL
############################################

#!/bin/bash
#Actualizar y instalar los paquetes necesarios
apt-get update
apt-get install libnss-ldap libpam-ldap nscd
#Reconfigurar la libreria.
dpkg-reconfigure libnss-ldap

clear
#Enviar las modificaciones a los diferentes ficheros en pam.d
echo “account required pam_unix.so” > /etc/pam.d/common-account
echo “account sufficient pam_ldap.so” >> /etc/pam.d/common-account

echo “auth sufficient pam_unix.so” > /etc/pam.d/common-auth
echo “auth sufficient pam_ldap.so try_first_pass” >> /etc/pam.d/common-auth
echo “auth required pam_unix_auth.so” >> /etc/pam.d/common-auth

echo “password required pam_unix.so nullok obscure min=4 max=8 md5″ > /etc/pam.d/common-password
echo “password sufficient pam_unix.so use_authtok md5 shadow” >> /etc/pam.d/common-password
echo “password sufficient pam_ldap.so use_authtok” >> /etc/pam.d/common-password

echo ” session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 ” > /etc/pam.d/common-session
echo ” session required pam_unix.so ” >> /etc/pam.d/common-session
echo ” session optional pam_ldap.so ” >> /etc/pam.d/common-session

# Modificar el Nsswitch.
echo “passwd: compat ldap” > /etc/nsswitch.conf
echo “group: compat ldap” >> /etc/nsswitch.conf
echo “shadow: compat ldap” >> /etc/nsswitch.conf

echo “hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4″ >> /etc/nsswitch.conf
echo “networks: files” >> /etc/nsswitch.conf

echo “protocols: db files” >> /etc/nsswitch.conf
echo “services: db files” >> /etc/nsswitch.conf
echo “ethers: db files” >> /etc/nsswitch.conf
echo “rpc: db files” >> /etc/nsswitch.conf
echo “netgroup: nis” >> /etc/nsswitch.conf

echo “Ahora puede iniciar con su sesion de Dominio”
echo “Disfrutelo: Grupo Administracion”
echo “Nodo IPIHLG”
exec /etc/init.d/nscd restart