{"id":22462,"date":"2013-05-13T12:03:14","date_gmt":"2013-05-13T06:33:14","guid":{"rendered":"http:\/\/vskills.in\/certification\/tutorial\/?p=22462"},"modified":"2024-04-12T14:16:55","modified_gmt":"2024-04-12T08:46:55","slug":"samba-and-ldap","status":"publish","type":"page","link":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/","title":{"rendered":"Samba and LDAP"},"content":{"rendered":"<p><a class=\"vsc\" href=\"http:\/\/www.vskills.in\/certification\/Certified Linux Administrator \"><span class=\"vsc-cn\" style=\"text-align: center;\"><span style=\"color: red;\">Certify and Increase Opportunity.<\/span><br \/>\n<span style=\"color: green;\">Be <\/span><br \/>\nGovt. Certified Linux Administrator<br \/>\n<\/span><\/a><\/p>\n<p><strong>Samba<\/strong><\/p>\n<p>Samba is software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. Samba uses the TCP\/IP protocol that is installed on the host server. When correctly configured, it allows that host to interact with a Microsoft Windows client or server as if it is a Windows file and print server.<\/p>\n<p>By supporting this protocol, Samba enables computers running Unix to get in on the action, communicating with the same networking protocol as Microsoft Windows and appearing as another Windows system on the network from the perspective of a Windows client. A Samba server offers the following services:<\/p>\n<ul>\n<li>Share one or more directory trees<\/li>\n<li>Share one or more Distributed filesystem (Dfs) trees<\/li>\n<li>Share printers installed on the server among Windows clients on the network<\/li>\n<li>Assist clients with network browsing<\/li>\n<li>Authenticate clients logging onto a Windows domain<\/li>\n<li>Provide or assist with Windows Internet Name Service (WINS) name-server resolution<\/li>\n<\/ul>\n<p>The Samba suite also includes client tools that allow users on a Unix system to access folders and printers that Windows systems and Samba servers offer on the network. Today, the Samba suite revolves around a pair of Unix daemons that provide shared resources\u2014called shares or services\u2014to SMB clients on the network. These are:<\/p>\n<ul>\n<li>smbd &#8211; A daemon that handles file and printer sharing and provides authentication and authorization for SMB clients.<\/li>\n<li>nmbd &#8211; A daemon that supports NetBIOS Name Service and WINS, which is Microsoft&#8217;s implementation of a NetBIOS Name Server (NBNS). It also assists with network browsing.<\/li>\n<\/ul>\n<p>Assume that we have the following basic network configuration: a Samba-enabled Unix system, to which we will assign the name toltec, and a pair of Windows clients, to which we will assign the names maya and aztec, all connected via a local area network (LAN). Let&#8217;s also assume that toltec also has a local inkjet printer connected to it, lp, and a disk share named spirit\u2014both of which it can offer to the other two computers. A graphic of this network is shown in Figure 1-1.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17382 aligncenter\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap.jpg\" alt=\"samba-and-ldap\" width=\"389\" height=\"174\" \/><\/p>\n<p>Figure 1-1. A simple network set up with a Samba server<\/p>\n<p>In this network, each computer listed shares the same workgroup. A workgroup is a group name tag that identifies an arbitrary collection of computers and their resources on an SMB network. Several workgroups can be on the network at any time, but for our basic network example, we&#8217;ll have only one: the METRAN workgroup.<\/p>\n<p>Sharing a Disk Service &#8211; If everything is properly configured, we should be able to see the Samba server, toltec, through the Network Neighborhood of the maya Windows desktop. In fact, Figure 1-2 shows the Network Neighborhood of the maya computer, including toltec and each computer that resides in the METRAN workgroup. Note the Entire Network icon at the top of the list. As we just mentioned, more than one workgroup can be on an SMB network at any given time. If a user clicks the Entire Network icon, she will see a list of all the workgroups that currently exist on the network.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-17383\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap-01.jpg\" alt=\"samba-and-ldap-01\" width=\"481\" height=\"223\" \/><\/p>\n<p>Figure 1-2. The Network Neighborhood directory<\/p>\n<p>We can take a closer look at the toltec server by double-clicking its icon. This contacts toltec itself and requests a list of its shares\u2014the file and printer resources\u2014that the computer provides. In this case, a printer named lp, a home directory named jay, and a disk share named spirit are on the server, as shown in Figure 1-3. Note that the Windows display shows hostnames in mixed case (Toltec). Case is irrelevant in hostnames, so you might see toltec, Toltec, and TOLTEC in various displays or command output, but they all refer to a single system. Thanks to Samba, Windows 98 sees the Unix server as a valid SMB server and can access the spirit folder as if it were just another system folder.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17384 aligncenter\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap-02.jpg\" alt=\"samba-and-ldap-02\" width=\"263\" height=\"196\" \/><\/p>\n<p>Figure 1-3. Shares available on the Toltec server as viewed from maya<\/p>\n<p>One popular Windows feature is the ability to map a drive letter (such as E:, F:, or Z:) to a shared directory on the network using the Map Network Drive option in Windows Explorer.[1] Once you do so, your applications can access the folder across the network using the drive letter. You can store data on it, install and run programs from it, and even password-protect it against unwanted visitors.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17385 aligncenter\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap-03.jpg\" alt=\"samba-and-ldap-03\" width=\"481\" height=\"195\" \/><\/p>\n<p>Figure 1-4. Mapping a network drive to a Windows drive letter<\/p>\n<p>Take a look at the Path: entry in the dialog box of Figure 1-4. An equivalent way to represent a directory on a network computer is by using two backslashes, followed by the name of the networked computer, another backslash, and the networked directory of the computer, as shown here:<\/p>\n<p>\\\\network-computer\\directory<\/p>\n<p>This is known as the Universal Naming Convention (UNC) in the Windows world. For example, the dialog box in Figure 1-4 represents the network directory on the toltec server as:<\/p>\n<p>\\\\toltec\\spirit<\/p>\n<p>If this looks somewhat familiar to you, you&#8217;re probably thinking of uniform resource locators (URLs), which are addresses that web browsers such as Netscape Navigator and Internet Explorer use to resolve systems across the Internet. Be sure not to confuse the two: URLs such as http:\/\/www.oreilly.com use forward slashes instead of backslashes, and they precede the initial slashes with the data transfer protocol (i.e., ftp, http) and a colon (:). In reality, URLs and UNCs are two completely separate things, although sometimes you can specify an SMB share using a URL rather than a UNC. As a URL, the \\\\toltec\\spirit share would be specified as smb:\/\/toltec\/spirit.<\/p>\n<p>Once the network drive is set up, Windows and its programs behave as if the networked directory were a local disk. If you have any applications that support multiuser functionality on a network, you can install those programs on the network drive.[2] Figure 1-5 shows the resulting network drive as it would appear with other storage devices in the Windows 98 client. Note the pipeline attachment in the icon for the J: drive; this indicates that it is a network drive rather than a fixed drive.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17386 aligncenter\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap-04.jpg\" alt=\"samba-and-ldap-04\" width=\"313\" height=\"266\" \/><\/p>\n<p>Figure 1-5. The Network directory mapped to the client drive letter J<\/p>\n<p>My Network Places, found in Windows Me, 2000, and XP, works differently from Network Neighborhood. It is necessary to click a few more icons, but eventually we can get to the view of the toltec server as shown in Figure 1-6. This is from a Windows 2000 system. Setting up the network drive using the Map Network Drive option in Windows 2000 works similarly to other Windows versions.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17387 aligncenter\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap-05.jpg\" alt=\"samba-and-ldap-05\" width=\"339\" height=\"213\" \/><\/p>\n<p>Figure 1-6. Shares available on Toltec (viewed from dine)<\/p>\n<p>Sharing a Printer &#8211; You probably noticed that the printer lp appeared under the available shares for toltec in Figure 1-3. This indicates that the Unix server has a printer that can be shared by the various SMB clients in the workgroup. Data sent to the printer from any of the clients will be spooled on the Unix server and printed in the order in which it is received.<\/p>\n<p>Setting up a Samba-enabled printer on the Windows side is even easier than setting up a disk share. By double-clicking the printer and identifying the manufacturer and model, you can install a driver for this printer on the Windows client. Windows can then properly format any information sent to the network printer and access it as if it were a local printer. On Windows 98, double-clicking the Printers icon in the Control Panel opens the Printers window shown in Figure 1-7. Again, note the pipeline attachment below the printer, which identifies it as being on a network.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17388 aligncenter\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap-06.jpg\" alt=\"samba-and-ldap-06\" width=\"259\" height=\"221\" \/><\/p>\n<p>Figure 1-7. A network printer available on Toltec<\/p>\n<p>The Unix side &#8211; As mentioned earlier, Samba appears in Unix as a set of daemon programs. You can view them with the Unix ps command; you can read any messages they generate through custom debug files or the Unix syslog (depending on how Samba is set up); and you can configure them from a single Samba configuration file: smb.conf. In addition, if you want to get an idea of what the daemons are doing, Samba has a program called smbstatus that will lay it all on the line. Here is how it works:<\/p>\n<p># smbstatus<\/p>\n<p>Processing section &#8220;[homes]&#8221;<\/p>\n<p>Processing section &#8220;[printers]&#8221;<\/p>\n<p>Processing section &#8220;[spirit]&#8221;<\/p>\n<p>Samba version 2.2.6<\/p>\n<p>Service\u00a0\u00a0\u00a0\u00a0 uid\u00a0\u00a0 gid\u00a0\u00a0 pid\u00a0\u00a0\u00a0\u00a0 machine<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/p>\n<p>spirit\u00a0\u00a0\u00a0\u00a0 jay\u00a0\u00a0 jay\u00a0\u00a0 7735\u00a0\u00a0 maya\u00a0\u00a0\u00a0\u00a0 (172.16.1.6) Sun Aug 12 12:17:14 2002<\/p>\n<p>spirit\u00a0\u00a0\u00a0\u00a0 jay\u00a0\u00a0 jay\u00a0\u00a0 7779\u00a0\u00a0 aztec\u00a0\u00a0 (172.16.1.2) Sun Aug 12 12:49:11 2002<\/p>\n<p>jay\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jay\u00a0\u00a0 jay\u00a0\u00a0 7735\u00a0\u00a0 maya\u00a0\u00a0\u00a0\u00a0 (172.16.1.6) Sun Aug 12 12:56:19 2002<\/p>\n<p>Locked files:<\/p>\n<p>Pid\u00a0\u00a0 DenyMode\u00a0\u00a0 R\/W\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Oplock\u00a0\u00a0\u00a0\u00a0 Name<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/p>\n<p>7735\u00a0\u00a0 DENY_WRITE RDONLY\u00a0\u00a0\u00a0\u00a0 NONE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/u\/RegClean.exe\u00a0\u00a0 Sun Aug 12 13:01:22 2002<\/p>\n<p>Share mode memory usage (bytes):<\/p>\n<p>1048368(99%) free + 136(0%) used + 72(0%) overhead = 1048576(100%) total<\/p>\n<p>The Samba status from this output provides three sets of data, each divided into separate sections. The first section tells which systems have connected to the Samba server, identifying each client by its machine name (maya and aztec) and IP (Internet Protocol) address. The second section reports the name and status of the files that are currently in use on a share on the server, including the read\/write status and any locks on the files. Finally, Samba reports the amount of memory it has currently allocated to the shares that it administers, including the amount actively used by the shares plus additional overhead. (Note that this is not the same as the total amount of memory that the smbd or nmbd processes are using.)<\/p>\n<p>Creating Samba Test Directory and Files &#8211; For this part of the procedure, you&#8217;ll use the su &#8211; (switch user) command to work as root. Although it\u2019s not best practice to do this regularly, there are times where it&#8217;s much more practical to work directly as root instead of trying to use sudo to do everything. You&#8217;re going to create a new directory containing three empty files which you&#8217;ll share using Samba.<\/p>\n<ul>\n<li>While logged on as root, create the new directory \/smbdemo with the following command &#8211; mkdir \/smbdemo<\/li>\n<li>Change the permissions on the new directory to 770 with the following command &#8211; chmod 770 \/smbdemo<\/li>\n<li>Navigate to the new directory with the following command &#8211; cd \/smbdemo<\/li>\n<li>Add three empty files to the directory with the following command &#8211; touch file1 file2 file3<\/li>\n<li>Adding the Samba User &#8211; You must add users to the Samba database in order for them to have access to their home directory and other Samba shares. Use the following command to add a new Samba user (the new Samba user must be an existing Linux user or the command will fail): smbpasswd -a &lt;username&gt;. For example, to add the user don, use the command smbpasswd -a don.<\/li>\n<li>Creating the Samba Group &#8211; Perform the following steps to create a smbusers group, change ownership of the \/smbdemo directory, and add a user to the smbusers group:<\/li>\n<\/ul>\n<p>groupadd smbusers<\/p>\n<p>chown :smbusers \/smbdemo<\/p>\n<p>usermod -G smbusers don<\/p>\n<p>Configuring Samba &#8211; Samba configuration is done in the file \/etc\/samba\/smb.conf. There are two parts to \/etc\/samba\/smb.conf:<\/p>\n<ul>\n<li>Global Settings: This is where you configure the server. You\u2019ll find things like authentication method, listening ports, interfaces, workgroup names, server names, log file settings, and similar parameters.<\/li>\n<li>Share Definitions: This is where you configure each of the shares for the users. By default, there\u2019s a printer share already configured.<\/li>\n<\/ul>\n<p>Configuring smb.conf &#8211; In the Global Settings section, change the workgroup name to your workgroup name. Now, confirm that the authentication type is set to user by going to the authentication section, still in Global Settings. Make sure there is no hash mark at the beginning of the line to enable user security. This change allows users on your Red Hat\/CentOS server to log in to shares on the Samba server.<\/p>\n<p>Next, add a section for \/smbdemo. You can just add it to the very bottom of \/etc\/samba\/smb.conf with the following lines:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17378 aligncenter\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/nfs-and-nis-02.jpg\" alt=\"nfs-and-nis-02\" width=\"588\" height=\"80\" \/><\/p>\n<p>Be sure to save your changes with a :wq. You can use the command testparm to test the configuration. In order for the server to re-read the configuration file and make the changes, you must restart the Samba service with the commands service smb restart and service nmb restart. When properly configured, you should be able to connect from a computer running the Windows operating system and see both the general share and the user\u2019s home directory.<\/p>\n<p><strong>LDAP<\/strong><\/p>\n<p>LDAP (Lightweight Directory Access Protocol) is a set of open protocols used to access centrally stored information over a network. It is based on the X.500 standard for directory sharing, but is less complex and resource-intensive. For this reason, LDAP is sometimes referred to as \u201cX.500 Lite\u201d.<\/p>\n<p>Like X.500, LDAP organizes information in a hierarchical manner using directories. These directories can store a variety of information such as names, addresses, or phone numbers, and can even be used in a manner similar to the Network Information Service (NIS), enabling anyone to access their account from any machine on the LDAP enabled network.<\/p>\n<p>LDAP is commonly used for centrally managed users and groups, user authentication, or system configuration. It can also serve as a virtual phone directory, allowing users to easily access contact information for other users. Additionally, it can refer a user to other LDAP servers throughout the world, and thus provide an ad-hoc global repository of information. However, it is most frequently used within individual organizations such as universities, government departments, and private companies.<\/p>\n<p>Using a client\/server architecture, LDAP provides reliable means to create a central information directory accessible from the network. When a client attempts to modify information within this directory, the server verifies the user has permission to make the change, and then adds or updates the entry as requested. To ensure the communication is secure, the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) cryptographic protocols can be used to prevent an attacker from intercepting the transmission.<\/p>\n<p>The following is a list of LDAP-specific terms that are used<\/p>\n<p>entry &#8211; A single unit within an LDAP directory. Each entry is identified by its unique Distinguished Name (DN).<\/p>\n<p>attribute &#8211; Information directly associated with an entry. For example, if an organization is represented as an LDAP entry, attributes associated with this organization might include an address, a fax number, etc. Similarly, people can be represented as entries with common attributes such as personal telephone number or email address.<\/p>\n<p>An attribute can either have a single value, or an unordered space-separated list of values. While certain attributes are optional, other are required. Required attributes are specified using the objectClass definition, and can be found in schema files located in the \/etc\/openldap\/slapd.d\/cn=config\/cn=schema\/ directory.<\/p>\n<p>The assertion of an attribute and its corresponding value is also referred to as a Relative Distinguished Name (RDN). Unlike distinguished names that are unique globally, a relative distinguished name is only unique per entry.<\/p>\n<p>LDIF &#8211; The LDAP Data Interchange Format (LDIF) is a plain text representation of an LDAP entry. It takes the following form:<\/p>\n[id] dn: distinguished_name<\/p>\n<p>attribute_type: attribute_value\u2026<\/p>\n<p>attribute_type: attribute_value\u2026<\/p>\n<p>\u2026<\/p>\n<p>The optional id is a number determined by the application that is used to edit the entry. Each entry can contain as many attribute_type and attribute_value pairs as needed, as long as they are all defined in a corresponding schema file. A blank line indicates the end of an entry.<\/p>\n<p>The typical steps to set up an LDAP server on Fedora are as<\/p>\n<ul>\n<li>Install the OpenLDAP suite.<\/li>\n<li>Customize the configuration<\/li>\n<li>Start the slapd service<\/li>\n<li>Use the ldapadd utility to add entries to the LDAP directory.<\/li>\n<li>Use the ldapsearch utility to verify that the slapd service is accessing the information correctly.<\/li>\n<\/ul>\n<p><strong>Installing the OpenLDAP Suite<\/strong><\/p>\n<p>The suite of OpenLDAP libraries and tools is provided by the following packages:<\/p>\n<table>\n<thead>\n<tr>\n<td width=\"151\">Package<\/td>\n<td width=\"487\">Description<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"151\">openldap<\/td>\n<td width=\"487\">A package containing the libraries necessary to run the OpenLDAP server and client applications.<\/td>\n<\/tr>\n<tr>\n<td width=\"151\">openldap-clients<\/td>\n<td width=\"487\">A package containing the command line utilities for viewing and modifying directories on an LDAP server.<\/td>\n<\/tr>\n<tr>\n<td width=\"151\">openldap-servers<\/td>\n<td width=\"487\">A package containing both the services and utilities to configure and run an LDAP server. This includes the Standalone LDAP Daemon, slapd.<\/td>\n<\/tr>\n<tr>\n<td width=\"151\">openldap-servers-sql<\/td>\n<td width=\"487\">A package containing the SQL support module.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>OpenLDAP Server Utilities &#8211; To perform administrative tasks, the openldap-servers package installs the following utilities along with the slapd service:<\/p>\n<table width=\"638\">\n<thead>\n<tr>\n<td width=\"95\">Command<\/td>\n<td width=\"544\">Description<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"95\">slapacl<\/td>\n<td width=\"544\">Allows you to check the access to a list of attributes.<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">slapadd<\/td>\n<td width=\"544\">Allows you to add entries from an LDIF file to an LDAP directory.<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">slapauth<\/td>\n<td width=\"544\">Allows you to check a list of IDs for authentication and authorization permissions.<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">slapcat<\/td>\n<td width=\"544\">Allows you to pull entries from an LDAP directory in the default format and save them in an LDIF file.<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">slapdn<\/td>\n<td width=\"544\">Allows you to check a list of Distinguished Names (DNs) based on available schema syntax.<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">slapindex<\/td>\n<td width=\"544\">Allows you to re-index the slapd directory based on the current content. Run this utility whenever you change indexing options in the configuration file.<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">slappasswd<\/td>\n<td width=\"544\">Allows you to create an encrypted user password to be used with the ldapmodify utility, or in the slapd configuration file.<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">slapschema<\/td>\n<td width=\"544\">Allows you to check the compliance of a database with the corresponding schema.<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">slaptest<\/td>\n<td width=\"544\">Allows you to check the LDAP server configuration.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>OpenLDAP Client Utilities &#8211; The openldap-clients package installs the following utilities which can be used to add, modify, and delete entries in an LDAP directory:<\/p>\n<table>\n<thead>\n<tr>\n<td width=\"102\">Command<\/td>\n<td width=\"537\">Description<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"102\">ldapadd<\/td>\n<td width=\"537\">Allows you to add entries to an LDAP directory, either from a file, or from standard input. It is a symbolic link to ldapmodify -a. ldapcompare Allows you to compare given attribute with an LDAP directory entry.<\/td>\n<\/tr>\n<tr>\n<td width=\"102\">ldapdelete<\/td>\n<td width=\"537\">Allows you to delete entries from an LDAP directory.<\/td>\n<\/tr>\n<tr>\n<td width=\"102\">ldapexop<\/td>\n<td width=\"537\">Allows you to perform extended LDAP operations.<\/td>\n<\/tr>\n<tr>\n<td width=\"102\">ldapmodify<\/td>\n<td width=\"537\">Allows you to modify entries in an LDAP directory, either from a file, or from standard input.<\/td>\n<\/tr>\n<tr>\n<td width=\"102\">ldapmodrdn<\/td>\n<td width=\"537\">Allows you to modify the RDN value of an LDAP directory entry.<\/td>\n<\/tr>\n<tr>\n<td width=\"102\">ldappasswd<\/td>\n<td width=\"537\">Allows you to set or change the password for an LDAP user.<\/td>\n<\/tr>\n<tr>\n<td width=\"102\">ldapsearch<\/td>\n<td width=\"537\">Allows you to search LDAP directory entries.<\/td>\n<\/tr>\n<tr>\n<td width=\"102\">ldapurl<\/td>\n<td width=\"537\">Allows you to compose or decompose LDAP URLs.<\/td>\n<\/tr>\n<tr>\n<td width=\"102\">ldapwhoami<\/td>\n<td width=\"537\">Allows you to perform a whoami operation on an LDAP server.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Configuring an OpenLDAP Server &#8211; By default, the OpenLDAP configuration is stored in the \/etc\/openldap\/ directory. The following table highlights the most important directories and files within this directory:<\/p>\n<table>\n<thead>\n<tr>\n<td width=\"173\">Path<\/td>\n<td width=\"465\">Description<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"173\">\/etc\/openldap\/ldap.conf<\/td>\n<td width=\"465\">The configuration file for client applications that use the OpenLDAP libraries. This includes ldapadd, ldapsearch, Evolution, etc.<\/td>\n<\/tr>\n<tr>\n<td width=\"173\">\/etc\/openldap\/slapd.d\/<\/td>\n<td width=\"465\">The directory containing the slapd configuration.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>OpenLDAP no longer reads its configuration from the \/etc\/openldap\/slapd.conf file. Instead, it uses a configuration database located in the \/etc\/openldap\/slapd.d\/ directory. If you have an existing slapd.conf file from a previous installation, you can convert it to the new format by running the following command as root:<\/p>\n<p>slaptest -f \/etc\/openldap\/slapd.conf -F \/etc\/openldap\/slapd.d\/<\/p>\n<p>The slapd configuration consists of LDIF entries organized in a hierarchical directory structure, and the recommended way to edit these entries is to use the server utilities.<\/p>\n<p>The steps to qualify<\/p>\n<ul>\n<li>Start the service<\/li>\n<\/ul>\n[root@ldap ~]# chkconfig &#8211;levels 235 ldap on<\/p>\n[root@ldap ~]# service ldap start<\/p>\n<ul>\n<li>Create LDAP root user password<\/li>\n<\/ul>\n[root@ldap ~]# slappasswd<\/p>\n<p>New password:<\/p>\n<p>Re-enter new password:<\/p>\n<p>{SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G\/DltW<\/p>\n[root@ldap ~]#<\/p>\n<ul>\n<li>Update \/etc\/openldap\/slapd.conf for the root password<\/li>\n<\/ul>\n[root@ldap ~]# vi \/etc\/openldap\/slapd.conf<\/p>\n<p>#68 database\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 bdb<\/p>\n<p>#69 suffix\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 &#8220;dc=adminmart,dc=com&#8221;<\/p>\n<p>#70 rootdn\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 &#8220;cn=Manager,dc=adminmart,dc=com&#8221;<\/p>\n<p>#71 rootpw\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G\/DltW<\/p>\n<ul>\n<li>Apply Changes<\/li>\n<\/ul>\n[root@ldap ~]# service ldap restart<\/p>\n<ul>\n<li>Create test users<\/li>\n<\/ul>\n[root@ldap ~]# useradd test1<\/p>\n[root@ldap ~]# passwd test1<\/p>\n<p>Changing password for user test1.<\/p>\n<p>New UNIX password:<\/p>\n<p>Retype new UNIX password:<\/p>\n<p>passwd: all authentication tokens updated successfully.<\/p>\n[root@ldap ~]# useradd test2<\/p>\n[root@ldap ~]# passwd test2<\/p>\n<p>Changing password for user test2.<\/p>\n<p>New UNIX password:<\/p>\n<p>Retype new UNIX password:<\/p>\n<p>passwd: all authentication tokens updated successfully.<\/p>\n[root@ldap ~]#<\/p>\n<p>Repeat the same for the rest of users<\/p>\n<ul>\n<li>Migrate local users to LDAP<\/li>\n<\/ul>\n[root@ldap ~]# grep root \/etc\/passwd &gt; \/etc\/openldap\/passwd.root<\/p>\n[root@ldap ~]# grep test1 \/etc\/passwd &gt; \/etc\/openldap\/passwd.test1<\/p>\n[root@ldap ~]# grep test2 \/etc\/passwd &gt; \/etc\/openldap\/passwd.test2<\/p>\n<p>Repeat the same for the rest of users<\/p>\n<ul>\n<li>Update default settings on file \/usr\/share\/openldap\/migration\/migrate_common.ph<\/li>\n<\/ul>\n<p>#71 $DEFAULT_MAIL_DOMAIN = &#8220;adminmart.com&#8221;;<\/p>\n<p>#74 $DEFAULT_BASE = &#8220;dc=adminmart,dc=com&#8221;;<\/p>\n<ul>\n<li>Convert passwd.file to ldif (LDAP Data Interchange Format) file<\/li>\n<\/ul>\n[root@ldap ~]# \/usr\/share\/openldap\/migration\/migrate_passwd.pl \/etc\/openldap\/passwd.root \/etc\/openldap\/root.ldif<\/p>\n[root@ldap ~]# \/usr\/share\/openldap\/migration\/migrate_passwd.pl \/etc\/openldap\/passwd.test1 \/etc\/openldap\/test1.ldif<\/p>\n[root@ldap ~]# \/usr\/share\/openldap\/migration\/migrate_passwd.pl \/etc\/openldap\/passwd.test2 \/etc\/openldap\/test2.ldif<\/p>\n<p>Repeat the same for the rest of users<\/p>\n<ul>\n<li>Update root.ldif file for the &#8220;Manager&#8221; of LDAP Server<\/li>\n<\/ul>\n[root@ldap ~]# vi \/etc\/openldap\/root.ldif<\/p>\n<p>#1 dn: uid=root,ou=People,dc=adminmart,dc=com<\/p>\n<p>#2 uid: root<\/p>\n<p>#3 cn: Manager<\/p>\n<p>#4 objectClass: account<\/p>\n<ul>\n<li>Create a domain ldif file (\/etc\/openldap\/adminmart.com.ldif)<\/li>\n<\/ul>\n[root@ldap ~]# cat \/etc\/openldap\/adminmart.com.ldif<\/p>\n<p>dn: dc=adminmart,dc=com<\/p>\n<p>dc: adminmart<\/p>\n<p>description: LDAP Admin<\/p>\n<p>objectClass: dcObject<\/p>\n<p>objectClass: organizationalUnit<\/p>\n<p>ou: rootobject<\/p>\n<p>dn: ou=People, dc=adminmart,dc=com<\/p>\n<p>ou: People<\/p>\n<p>description: Users of adminmart<\/p>\n<p>objectClass: organizationalUnit<\/p>\n<ul>\n<li>Import all users in to the LDAP<\/li>\n<\/ul>\n<p><u>Add the Domain ldif file <\/u><\/p>\n[root@ldap ~]# ldapadd -x -D &#8220;cn=Manager,dc=adminmart,dc=com&#8221; -W -f \/etc\/openldap\/adminmart.com.ldif<\/p>\n<p>Enter LDAP Password:<\/p>\n<p>adding new entry &#8220;dc=adminmart,dc=com&#8221;<\/p>\n<p>adding new entry &#8220;ou=People, dc=adminmart,dc=com&#8221;<\/p>\n[root@ldap ~]#<\/p>\n<p><u>Add the users:<\/u><\/p>\n[root@ldap ~]# ldapadd -x -D &#8220;cn=Manager,dc=adminmart,dc=com&#8221; -W -f \/etc\/openldap\/root.ldif<\/p>\n<p>Enter LDAP Password:<\/p>\n<p>adding new entry &#8220;uid=root,ou=People,dc=adminmart,dc=com&#8221;<\/p>\n<p>adding new entry &#8220;uid=operator,ou=People,dc=adminmart,dc=com&#8221;<\/p>\n[root@ldap ~]#<\/p>\n[root@ldap ~]# ldapadd -x -D &#8220;cn=Manager,dc=adminmart,dc=com&#8221; -W -f \/etc\/openldap\/test1.ldif<\/p>\n<p>Enter LDAP Password:<\/p>\n<p>adding new entry &#8220;uid=test1,ou=People,dc=adminmart,dc=com&#8221;<\/p>\n[root@ldap ~]#<\/p>\n[root@ldap ~]# ldapadd -x -D &#8220;cn=Manager,dc=adminmart,dc=com&#8221; -W -f \/etc\/openldap\/test2.ldif<\/p>\n<p>Enter LDAP Password:<\/p>\n<p>adding new entry &#8220;uid=test2,ou=People,dc=adminmart,dc=com&#8221;<\/p>\n[root@ldap ~]#<\/p>\n<p>Repeat the same for the rest of users<\/p>\n<p>Apply Changes<\/p>\n[root@ldap ~]# service ldap restart<\/p>\n<p>Test LDAP Server<\/p>\n<p>It prints all the user information:<\/p>\n[root@ldap ~]# ldapsearch -x -b &#8216;dc=adminmart,dc=com&#8217; &#8216;(objectclass=*)&#8217;<\/p>\n<p><strong>LDAP Client Configuration<\/strong><\/p>\n<ul>\n<li>Run the command<\/li>\n<\/ul>\n[root@ldapclient ~]# authconfig<\/p>\n<ul>\n<li>Settings<\/li>\n<\/ul>\n[*] Use LDAP\u00a0\u00a0\u00a0\u00a0 [*] Use LDAP Authentication<\/p>\n<p>Both should be checked<\/p>\n<p>Click &#8220;Next&#8221;.<\/p>\n[ ] Use TLS<\/p>\n<p>Server: ldap.adminmart.com<\/p>\n<p>Base DN: dc=adminmart,dc=com<\/p>\n<p>Click &#8220;Ok&#8221; to confirm.<\/p>\n<p>Use your domain name instead of adminmart.<\/p>\n<p><a href=\"https:\/\/www.vskills.in\/certification\/tutorial\/linux-administrator\/\" target=\"_blank\" rel=\"noopener noreferrer\">Back to Tutorial<\/a><\/p>\n<div class=\"apply\">\n<h3>Apply for Linux Administration Certification Now!!<\/h3>\n<p><a href=\"http:\/\/www.vskills.in\/certification\/Certified-Linux-Administrator\">http:\/\/www.vskills.in\/certification\/Certified-Linux-Administrator<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Certify and Increase Opportunity. Be Govt. Certified Linux Administrator Samba Samba is software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. Samba uses the TCP\/IP protocol that is installed on the host server. When correctly configured, it allows that host&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[291],"tags":[],"class_list":["post-22462","page","type-page","status-publish","hentry","category-linux-administration"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Samba and LDAP Tutorials<\/title>\n<meta name=\"description\" content=\"Samba and LDAP Tutorials\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Samba and LDAP Tutorials\" \/>\n<meta property=\"og:description\" content=\"Samba and LDAP Tutorials\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/\" \/>\n<meta property=\"og:site_name\" content=\"Tutorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vskills.in\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-12T08:46:55+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"18 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/\",\"name\":\"Samba and LDAP Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap.jpg\",\"datePublished\":\"2013-05-13T06:33:14+00:00\",\"dateModified\":\"2024-04-12T08:46:55+00:00\",\"description\":\"Samba and LDAP Tutorials\",\"breadcrumb\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#primaryimage\",\"url\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap.jpg\",\"contentUrl\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Samba and LDAP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"name\":\"Tutorial\",\"description\":\"Vskills - A initiative in elearning and certification\",\"publisher\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\",\"name\":\"Vskills\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"contentUrl\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"width\":73,\"height\":55,\"caption\":\"Vskills\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/vskills.in\/\",\"https:\/\/x.com\/vskills_in\",\"https:\/\/www.linkedin.com\/company-beta\/1371554\/\",\"https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Samba and LDAP Tutorials","description":"Samba and LDAP Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/","og_locale":"en_US","og_type":"article","og_title":"Samba and LDAP Tutorials","og_description":"Samba and LDAP Tutorials","og_url":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/","og_site_name":"Tutorial","article_publisher":"https:\/\/www.facebook.com\/vskills.in\/","article_modified_time":"2024-04-12T08:46:55+00:00","og_image":[{"url":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap.jpg","type":"","width":"","height":""}],"twitter_misc":{"Est. reading time":"18 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/","name":"Samba and LDAP Tutorials","isPartOf":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#primaryimage"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#primaryimage"},"thumbnailUrl":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap.jpg","datePublished":"2013-05-13T06:33:14+00:00","dateModified":"2024-04-12T08:46:55+00:00","description":"Samba and LDAP Tutorials","breadcrumb":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#primaryimage","url":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap.jpg","contentUrl":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/samba-and-ldap.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/samba-and-ldap\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.vskills.in\/certification\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Samba and LDAP"}]},{"@type":"WebSite","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","name":"Tutorial","description":"Vskills - A initiative in elearning and certification","publisher":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization","name":"Vskills","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","contentUrl":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","width":73,"height":55,"caption":"Vskills"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vskills.in\/","https:\/\/x.com\/vskills_in","https:\/\/www.linkedin.com\/company-beta\/1371554\/","https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw"]}]}},"_links":{"self":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/22462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/comments?post=22462"}],"version-history":[{"count":6,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/22462\/revisions"}],"predecessor-version":[{"id":111701,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/22462\/revisions\/111701"}],"wp:attachment":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/media?parent=22462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/categories?post=22462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/tags?post=22462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}