新乡信息网
时尚
当前位置:首页 > 时尚

配置samba+openldap作为PDC

发布时间:2019-09-15 23:27:33 编辑:笔名

配置相关的文件如下:Linux config filesLdap.confBase.ldifSlapd.confNamed.confSmb.conf

以下就各个配置文件分别解说:LDAP.CONF# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,# v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $## LDAP Defaults## See ldap.conf(5) for details# This file should be world readable but not world writable.#BASE dc=example, dc=com#URI ldap://ldap.example.com ldap://ldap-master.example.com:666#SIZELIMIT 12#TIMELIMIT 15#DEREF neverHOST 127.0.0.1BASE dc=gzdomain,dc=comBase.ldifdn: dc=gzdomain,dc=comobjectClass: domaindc: gzdomaindn: ou=Groups,dc=gzdomain,dc=comobjectClass: topobjectClass: organizationalUnitou: Groupsdescription: System Groupsdn: ou=Users,dc=gzdomain,dc=comobjectClass: topobjectClass: organizationalUnitou: Usersdescription: Users of the Organizationdn: ou=Computers,dc=gzdomain,dc=comobjectClass: topobjectClass: organizationalUnitou: Computersdescription: Windows Domain Computersdn: cu=Domain Admins,ou=Groups,dc=gzdomain,dc=comobjectClass: posixGroupgidNumber: 200cn: Domain AdminsmemberUid: administratordescription: Windows Domain Usersdn: cn=Domain Users,ou=Groups,dc=gzdomain,dc=comobjectClass: posixGroupgidNumber: 201cn: Domain Usersdescription: Windows Domain Usersdn: cn=Domain Guests,ou=Groups,dc=gzdomain,dc=comobjectClass: posixGroupgidNumber: 202cn: Domain Guestsdescription: Windows Domain Guests Usersdn: cn=Administraotrs,ou=Groups,dc=gzdomain,dc=comdescription: Members can fully administer the computer/domainobjectClass: posixGroupgidNumber: 220cn: Administratorsdescription: Windows Domain Members can fully administer the computer/domaindn: cn=Users,ou=Groups,dc=gzdomain,dc=comdescription:Ordinary usersobjectClass: posixGroupgidNumber: 221cn: Usersdescription: Windows Domain Ordinary usersdn: cn=Guests,ou=Groups,dc=gzdomain,dc=comdescription: Users granted guest access to the computer/domainobjectClass: posixGroupgidNumber: 222cn: GuestsmemberUid:nobodydescription: Windows Domain Users granted guest access to the computer/domaindn: cn=Power Users,ou=Groups,dc=gzdomain,dc=comdescription: Members can share directories and printersobjectClass: posixGroupgidNumber: 223cn: Power usersdescription: Windows Domain Members can share directories and printersdn: cn=Account Operators,ou=Groups,dc=gzdomain,dc=comobjectClass: posixGroupgidNumber: 224cn: Account Operatorsdescription: Windows Domain Users to manipulate users accountsdn: cn=Server Operators,ou=Groups,dc=gzdomain,dc=comobjectClass: posixGroupgidNumber: 225cn: Server Operatorsdescription: Windows Domain Server Operatorsdn: cn=Print Operators,ou=Groups,dc=gzdomain,dc=comobjectClass: posixGroupgidNumber: 226cn: Print Operatorsdescription: Windows Domain Print Operatorsdn: cn=Backup Operators,ou=Groups,dc=gzdomain,dc=comobjectClass: posixGroupgidNumber: 227cn: Backup Operatorsdescription: Windows Domain Members can bypass file security to back up filesdn: cn=Replicator,ou=Groups,dc=gzdomain,dc=comdescription: Supports file replication in a domainobjectClass: posixGroupgidNumber: 228cn: Replicatordescription: Windows Domain Supports file replication in a domainSlapd.conf# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $## See slapd.conf(5) for details on configuration options.# This file should NOT be world readable.#include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/samba.schemainclude /etc/openldap/schema/redhat/rfc822-MailMember.schemainclude /etc/openldap/schema/redhat/autofs.schemainclude /etc/openldap/schema/redhat/kerberosobject.schema# Define global ACLs to disable default read access.# Do not enable referrals until AFTER you have a working directory# service AND an understanding of referrals.#referral ldap://root.openldap.org#pidfile //var/run/slapd.pid#argsfile //var/run/slapd.args# Create a replication log in /var/lib/ldap for use by slurpd.#replogfile /var/lib/ldap/master-slapd.replog# Load dynamic backend modules:# modulepath /usr/sbin/openldap# moduleload back_ldap.la# moduleload back_ldbm.la# moduleload back_passwd.la# moduleload back_shell.la## The next three lines allow use of TLS for connections using a dummy test# certificate, but you should generate a proper certificate by changing to# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on# slapd.pem so that the ldap user or group can read it.# TLSCertificateFile /usr/share/ssl/certs/slapd.pem# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt## Sample Access Control# Allow read access of root DSE# Allow self write access# Allow authenticated users read access# Allow anonymous users to authenticate##access to dn="" by * read#access to *# by self write# by users read# by anonymous auth## if no access controls are present, the default is:# Allow read by all## rootdn can always write!############################################# ldbm database definitions############################################database ldbmsuffix "dc=gzdomain,dc=com"#suffix "o=My Organization Name,c=US"rootdn "cn=Manager,dc=gzdomain,dc=com"#rootdn "cn=Manager,o=My Organization Name,c=US"# Cleartext passwords, especially for the rootdn, should# be avoided. See slappasswd(8) and slapd.conf(5) for details.# Use of strong authentication encouraged.rootpw secret# rootpw {crypt}ijFYNcSNctBYg# The database directory MUST exist prior to running slapd AND# should only be accessible by the slapd/tools. Mode 700 recommended.directory /var/lib/ldap# Indices to maintainindex objectClass,uid,uidNumber,gidNumber,memberUid eqindex cn,mail,surname,givenname eq,subinitial# Replicas to which we should propagate changes#replica host=ldap-1.example.com:389 tls=yes# bindmethod=sasl saslmech=GSSAPI# authcId=host/ldap-master.example.com@EXAMPLE.COMSmb.conf[global]workgroup = gzdomainnetbios name = proxyserver string = samba serverhosts allow = 192.168.1. 192.168.2. 127.log file = /var/log/samba/%m.logmax log size = 0security = USERencrypt passwords = yespasswd program = /usr/local/sbin/smbldap-passwd.pl -o %upasswd chat = *new*password* %n*new*password* %n*successfully*socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192domain master = yeslocal master = yesos level = 255preferred master = yesdomain logons = yeswins server = 192.168.1.1ldap suffix = "dc=gzdomain,dc=com"ldap admin dn = "cn=Manager,dc=gzdomain,dc=com"ldap port = 389ldap server = 127.0.0.1ldap ssl = no;add user script = /usr/local/sbin/smbldap-useradd.pl -w %u;domain admin group = " @"Domain Admins" "dns proxy = no#===============Share Definitions =========[homes]comment = Home Directoriesbrowseable = nowriteable = yesvalid users = %Screate mode = 0777directory mode = 0777

查看本文来源

小儿咳嗽药
宝宝便秘
引起腹泻的原因
哪些原因会引起腹胀