Hi:
This is a guide combining knowledge from lots of tutorials and come up with the easiest way to setup a domain controller for windows. There is a complete tutorial from rickyjones here: http://ubuntuforums.org/showthread.php?t=640760 . Many thanks to rickyjones, without his help I wouldn't able to come up this tutorial. If what you need is a quick start tutorial with the simplest setting as possible. This one is what you need. If you are trying to have a complete settings, you should probably go to the rickyjones one. This tutorial assume you understood the basic knowledge of linux. For example, you should know how to go to edit mode, save and quit in vim.(It's fairly simple) Some settings you will need to change to the way you like. Let's get started.
Ubuntu installed
Get root permission
Edit /etc/hosts file
update to:
Code:
127.0.0.1 localhost
127.0.1.1 pdc pdc.example.local
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Update /etc/hostname file
update to:
Install needed package
Code:
apt-get install slapd ldap-utils samba smbldap-tools samba-doc
During the installation, you might get prompt to setup openLDAP admin password, just enter you one you like
Update openLDAP
Code:
dpkg-reconfigure slapd
Settings:
Code:
No
DNS domain name: example.local
Name of your organization: example.local
Admin password: (Enter again from last step)
Confirm password: (Enter again from last step)
OK
BDB
No
Yes
No
Copy samba.schema to openLDAP folder
Code:
cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/
gzip -d /etc/ldap/schema/samba.schema.gz
Edit /etc/ldap/slapd.conf
Code:
vim /etc/ldap/slapd.conf
Add
Code:
include /etc/ldap/schema/samba.schema
Update
Code:
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
This step you might see "access to attribute", change to attrs.
Restart openLDAP
Code:
/etc/init.d/slapd restart
Copy required files
Code:
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/
cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/
gzip -d /etc/smbldap-tools/smbldap.conf.gz
Get domain SID
Edit smbldap.conf
Code:
vim /etc/smbldap-tools/smbldap.conf
Update
Code:
SID="(Copy from last step)"
sambaDomain="EXAMPLE"
ldapTLS="0"
suffix="dc=example,dc=local"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
userSmbHome=
userProfile=
userHomeDrive=
userScript=
;mailDomain="IDEALX.ORG"
All lines are included, you just have to update them.
Edit smbldap_bind.conf file
Code:
vim /etc/smbldap-tools/smbldap_bind.conf
Update
Code:
slaveDN="cn=admin,dc=example,dc=local"
slavePw="(Your openLDAP password)"
masterDN="cn=admin,dc=example,dc=local"
masterPw="(Your openLDAP password)"
All lines are included, you just have to update them.
Set file permission
Code:
chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
Populate to openLDAP server
You might get prompt for openLDAP password, just enter the one you set.
Edit /etc/samba/smb.conf file
Code:
vim /etc/samba/smb.conf
Update
Code:
workgroup = EXAMPLE
security = user
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no
;invalid users = root
domain logons = yes
Add
Code:
ldap admin dn = cn=admin,dc=example,dc=local
ldap suffix = dc=example, dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
If root is not your manager account, add another line
Code:
admin users = USER_NAME
Restart samba
Code:
/etc/init.d/samba restart
Set openLDAP password for samba
Code:
smbpasswd -w (Your openLDAP password)
Until here, you are pretty much done.
Here is how to add users, you can use the text mode or GUI mode like phpldapadmin.
Text Mode:
Add user
Code:
smbldap-useradd -a -m USER_NAME
useradd -g GROUP USER_NAME
smbldap-passwd USER_NAME
Add machine account
Code:
smbldap-useradd -a -m MACHINE_NAME$
useradd –-g GROUP -–d /dev/null -–s /dev/null MACHINE_NAME$
Notice there is a $ sign after machine name.
Install GUI Mode:
Code:
apt-get install apache2 phpldapadmin
Edit /etc/apache2/httpd.conf
Code:
vim /etc/apache2/httpd.conf
Add
Code:
ServerName pdc.example.local
Restart apache
Code:
/etc/init.d/apache2 restart
Copy phpldapadmin to apache www directory
Code:
cp -R /usr/share/phpldapadmin/ /var/www/phpldapadmin
GUI Mode is really simple, you just have to open up the browser and go to http://localhost/phpldapadmin/ . Login as username cn=admin,dc=example,dc=local and your openLDAP password. Then you may add user or machine account throught the left side of the menu. If you are trying to add machine account. Click on "Create new entry here" under "ou=Computers", and select "Samba3 Machine".
After all the procedures, you may login your Windows client into the doamin. Right click on "My Computer" -> Properties -> Computer Name -> Either "Network ID" or "Change..."
If you have any question, I will try to answer you when I'm free. But since I am new to this too. My answer will be very limited. This tutorial I have tried myself on several computers. So I am pretty sure it works unless I missed something. There are lots of settings you need to study yourself since this is the easiest way of setting up. So I do not want to include them. For example the samba's netlogon and shares settings in smb.conf.
Changelogs:
2/26/2008 - First version
Bookmarks