«
»

Using Samba to share files with Windows (part 1)

Published January 23, 2012 | By kkruger

Whether it’s for home, for an office, or in an enterprise, there will always be a need to share files and media. Samba enables this functionality between the Linux/UNIX and Windows operating systems.

When Samba is installed and configured on our CentoS 6 server, we’ll be able to access it from any Windows computer or laptop on the local network. Access to different files and directories can be controlled based on the user accounts and groups maintained in an LDAP database on the server. Using LDAP with Samba is optional, but offers greater flexibility.

The LDAP setup was covered in a previous post called Configuring OpenLDAP on CentoS 6. The purpose of this post is to add Samba functionality to LDAP and then configure the Samba server to allow access from a Windows computer.

Samba Installation

If Samba is not already installed, use yum to install it:

]# yum -y install samba samba-client samba-common

Adding Samba Schema to the LDAP Configuration

The LDAP schema for Samba is located in /etc/openldap/schema/samba.schema which works for an LDAP server that uses a slapd.conf configuration file, but since CentoS 6 uses the cn=config run time configuration, this schema file needs to be converted to an ldif file.

First, cd to /etc/openldap and then get a list of your current schema:

]# cd /etc/openldap
]# ls -l /etc/openldap/slapd.d/cn=config/

cn={0}corba.ldif
cn={10}ppolicy.ldif
cn={11}collective.ldif
cn={1}core.ldif
cn={2}cosine.ldif
cn={3}duaconf.ldif
cn={4}dyngroup.ldif
cn={5}inetorgperson.ldif
cn={6}java.ldif
cn={7}misc.ldif
cn={8}nis.ldif
cn={9}openldap.ldif

The list above is what I got and what I am interested in, is the number in the curly braces. I noticed in a previous install, that slaptest builds the ldif files in the order they are listed in the schema_convert.conf file. Now, create a configuration file named schema_convert.conf,

]# vi schema_convert.conf

containing the following lines. note that they are in the same numerical sequence as above with the samba.schema added to the end:

include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/samba.schema

Next, create a temporary directory to hold the output for the next step and use slaptest to convert the schema files:

]# mkdir ldif_output
]# slaptest -f schema_convert.conf -F /etc/openldap/ldif_output

Edit the generated /etc/openldap/ldif_output/cn=config/cn=schema/cn={12}samba.ldif file,

]# vi /etc/openldap/ldif_output/cn=config/cn=schema/cn={12}samba.ldif

changing the following attributes to the values here :

dn: cn=samba,cn=schema,cn=config
cn: samba

And remove the following lines from the bottom of the file:

structuralObjectClass: olcSchemaConfig
entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95
creatorsName: cn=config
createTimestamp: 20080827045234Z
entryCSN: 20080827045234.341425Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20080827045234Z

The attribute values will vary, just be sure the attributes are removed.

Finally, using the ldapadd utility, add the new schema to the directory:

]# ldapadd -x -D cn=admin,cn=config -W -f ldif_output/cn=config/cn=schema/cn={12}samba.ldif

If there is an error like ldap_bind: Invalid credentials (49), it almost certainly means that the cn=admin,cn=config user has not been set up, and it took me a while to figure this out the first time. Use splappasswd to get a password ready and edit the file vi /etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif

]# slappasswd
]# vi vi /etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif

Edit the olcRootDN line as follows and addthe olcRootPW line:

olcRootDN: cn=admin,cn=config
olcRootPW: <the password from slappasswd>

Re-run the last ldapadd command. There should now be a dn: cn={X}misc,cn=schema,cn=config, where “X” is the next sequential schema, entry in the cn=config tree.

Copy and paste the following into a file named samba_indexes.ldifdn: olcDatabase={2}bdb,cn=config

changetype: modify
add: olcDbIndex
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub

Using the ldapmodify utility load the new indexes to help search performance:

]# ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif

If all went well you should see the new indexes using ldapsearch:

]# ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={2}bdb

There is going to have to be an LDAP user that is used just to let Samba connect to the LDAP database. Create samba-admin.ldif:

]# vi samba-admin.ldif

Add:

dn: cn=samba,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: samba
description: Samba LDAP administrator
userPassword: ozzie113usa

and add it to LDAP.

]# ldapadd -x -D cn=manager,dc=example,dc=com -W -f samba-admin.ldif

Since a user may be able to change their password, this user will need permissions to make some changes to the database, so create another file called samba-admin-acl.ldif.

]# vi samba-admin-acl.ldif

Add:

dn: olcDatabase={2}bdb,cn=config
add: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange by dn=”cn=samba,dc=example,dc=com” write by anonymous auth by self write by * none
olcAccess: to dn.base=”" by * read
olcAccess: to * by dn=”cn=samba,dc=example,dc=com” write by * read

Use this to modify permissions for this user.

]# ldapmodify -x -D cn=admin,cn=config -W -f samba-admin-acl.ldif

Ok, I think that’s got it. The next step will be to configure Samba, which is covered in Using Samba to share files with Windows (part 2)

 

 

WordPress Optimization Secrets

Stop The Poor Performance Of Your WordPress Site. In Order T...

 

QR Codes For Business PLR Crash Course

The “QR Codes For Business” course was specifica...

 

Premium Banners Pack

Premium Banners Pack is 10 Complete Sets of Banner PSDs full...

Posted in Centos 6

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Advertisement

Gaming Blog Package

Internet Marketing Blog Package

Dog Training Blog Package

Green Living Blog Package

WP Local Deals Wordpress Theme

Internet Marketing Money Tree
Local Area Directory
(Binoculars)
Looking for Area Attractions and Businesses in South Central Kentucky?

Home | Privacy Policy | Contact

Copyright © 2012. All Rights Reserved.

Powered by WordPress and WordPress Theme created with Artisteer by Klaus Kruger.