読者です 読者をやめる 読者になる 読者になる

computerの日記

Cisco,shell,qt,c++,Linux,ネットワーク,windows scriptなどの発言です

smbでfedora-dsをつかって、ドメインコントローラを立ててみる

javaが必要だった。
http://directory.fedoraproject.org/wiki/Install_Guide#Installation_Guide
を見てやってみる。

#yum install java-1.6.0-openjdk
今は名前が変わって、389とかいうらしい。
#yum install 389*

# setup-ds-admin.pl

#そのままEnter
#yes
#そのままEnter
#そのままEnter
#そのままEnter
#そのままEnter
#そのままEnter
#そのままEnter
...
いろいろいじっていたらエラーになったので、
#yum upgrade
...

#chkconfig dirsrv on
#chkconfig dirsrv-admin on


[root@server openldap]# ps -ef|grep dirsrv |grep -v grep
nobody 3317 1 0 10:30 ? 00:00:00 ./ns-slapd -D /etc/dirsrv/slapd-server -i /var/run/dirsrv/slapd-server.pid -w /var/run/dirsrv/slapd-server.startpid
root 3411 1 0 10:30 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
root 3412 3411 0 10:30 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
nobody 3413 3411 0 10:30 ? 00:00:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf


#cp /usr/share/doc/smbldap-tools-0.9.6/slapd.conf /etc/openldap/
#vim /etc/openldap/slapd.conf
#vim /etc/openldap/ldap.conf

#BASE dc=example,dc=com
BASE dc=company,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
URI ldap://127.0.0.1

#vim /etc/nsswitch.conf

#passwd: files
#shadow: files
#group: files
passwd: files ldap
shadow: files ldap
group: files ldap

とする。
#mv /etc/samba/smb.conf /etc/samba/smb.conf_original
#/usr/share/doc/smbldap-tools-0.9.6/smb.conf /etc/samba/smb.conf

各confファイルを点検して、デフォルトの記述は、自サイトの名前に直しておくこと。

#chkconfig smb start
#chkconfig nmb start

#shutdown -r now
#smbpasswd -W

#net domainsid
#vim /etc/sambldap-tools/smbldap.conf
各種設定
#vim /etc/samldap-tools/smbldap_bind.conf
各種設定[root@server ~]# smbldap-populate
Populating LDAP directory for domain DOMSMB (S-1-5-21-1155496108-3857585743-940247887)
(using builtin directory structure)

entry dc=intrajp-yokosuka,dc=org already exist.
entry ou=People,dc=intrajp-yokosuka,dc=org already exist.
adding new entry: ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: Insufficient 'add' privilege to add the entry 'ou=Group,dc=intrajp-yokosuka,dc=org'.
adding new entry: ou=Computers,dc=intrajp-yokosuka,dc=org
failed to add entry: Insufficient 'add' privilege to add the entry 'ou=Computers,dc=intrajp-yokosuka,dc=org'.
adding new entry: ou=Idmap,dc=intrajp-yokosuka,dc=org
failed to add entry: Insufficient 'add' privilege to add the entry 'ou=Idmap,dc=intrajp-yokosuka,dc=org'.
adding new entry: uid=root,ou=People,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaSAMAccount"
adding new entry: uid=nobody,ou=People,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaSAMAccount"
adding new entry: cn=Domain Admins,ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaGroupMapping"
adding new entry: cn=Domain Users,ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaGroupMapping"
adding new entry: cn=Domain Guests,ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaGroupMapping"
adding new entry: cn=Domain Computers,ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaGroupMapping"
adding new entry: cn=Administrators,ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaGroupMapping"
adding new entry: cn=Account Operators,ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaGroupMapping"
adding new entry: cn=Print Operators,ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaGroupMapping"
adding new entry: cn=Backup Operators,ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaGroupMapping"
adding new entry: cn=Replicators,ou=Group,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaGroupMapping"
adding new entry: sambaDomainName=DOMSMB,dc=intrajp-yokosuka,dc=org
failed to add entry: unknown object class "sambaUnixIdPool"

Please provide a password for the domain root:
/usr/sbin/smbldap-passwd: user root doesn't exist