OpenLDAP + Samba Domain Controller On Ubuntu 7.10

Want to support HowtoForge? Become a subscriber!
 
Submitted by rickyjones (Contact Author) (Forums) on Fri, 2008-01-04 15:39. :: Ubuntu | Samba | Storage

OpenLDAP + Samba Domain Controller On Ubuntu 7.10

Preface

This document is a step by step guide for configuring Ubuntu 7.10 as a Samba Domain Controller with an LDAP backend (OpenLDAP). The point is to configure a server that can be comparable, from a central authentication point of view, to a Windows Server 2003 Domain Controller. The end result will be a server with an LDAP directory for storing user, group, and computer accounts. A Windows XP Professional SP2 workstation will be able to join the domain once properly configured. Please note that you do not have a fully comparable Windows domain controller at this time. Do not kid yourself, this guide only gets you a server with LDAP authentication. Of course this can be expanded to include slave servers to spread out authentication over multiple networks. Please also note that it took me approximately two and a half weeks to compile this information and get it working. The same functionality can be had in Windows in less than four hours (and this includes operating system installation). In my humble opinion the open source community will need to work on this side of Linux in order for it to be a true alternative to Windows.

 

Legal/Warranty/Etc...

This document is provided as-is with no implied warranty or agreement. I will not support other systems without compensation. This document is the property of Richard Maloley II. This document may be redistributed, copied, printed, and modified at will, however my name must remain as the original source. Legal action can and will be brought against any and all infractions of the terms.

 

Special Items of Interest

* My hostname during the installation was set to: dc01-ubuntu
* My fully qualified domain name will be: dc01-ubuntu.example.local
* After the installation my /etc/hostname was changed to: dc01-ubuntu.example.local
* After the installation my /etc/hosts was changed so that the line 127.0.1.1 contained "dc01-ubuntu dc01-ubuntu.example.local" to ensure no issues with name resolution.
* My LDAP domain is: example.local
* This translates to a Base DN of: dc=example,dc=local
* All passwords used are "12345" to keep things simple.
* I am not using TLS or SSL for my LDAP directory. Too much work for this tutorial.
* The user I created during the installation is: sysadmin
* The password I assigned during the installation is: 12345
* This local user will be used for all configuration purposes.

 

Assumptions

* Ubuntu Server 7.10 is installed.
* No other software was installed during the OS install!
* After installation you enabled all the repositories in /etc/apt/sources.list
* You fully updated your system

apt-get update
apt-get upgrade
reboot

* You configured a static IP address. For me I used the following information:

address 192.168.0.60
gateway 192.168.0.1
netmask 255.255.255.0

* You edited your /etc/hosts file so that your hostname and fully qualified domain name are on the line 127.0.1.1
127.0.1.1 dc01-ubuntu dc01-ubuntu.example.local
* You installed the OpenSSH Server.

apt-get install openssh-server

* You did not set a password on the root account. All commands will be run with sudo or by opening a root shell.

sudo bash

* Currently you do not have any other software running nor do you have any other users on the system.

 

Step 1: Install WebMin

We will be installing WebMin. Why? I like to use it to configure some things. This step is techinically optional but I feel as though it greatly simplifies administration of the server in the future.

# Download the WebMin package from their website.

wget http://superb-west.dl.sourceforge.net/sourceforge/webadmin/webmin_1.380_all.deb

# Install pre-requisite software.

apt-get install openssl libauthen-pam-perl libio-pty-perl libmd5-perl libnet-ssleay-perl

# Install WebMin

dpkg -i webmin_1.380_all.deb

# If the installation is successful you will see a message similar to this:

"Webmin install complete. You can now login to https://dc01-ubuntu.example.local:10000/
as root with your root password,
or as any user who can use sudo to run commands as root."

 

Step 2: Install OpenLDAP

For our LDAP server we will be using the very flexible OpenLDAP Server (slapd).

# Install the software.

apt-get install slapd ldap-utils migrationtools

# Answer the on-screen prompts with:

Admin password: 12345
Confirm password: 12345

# We need to configure OpenLDAP now.

dpkg-reconfigure slapd

# Answer the on-screen prompts with:

No
DNS domain name: example.local
Name of your organization: example.local
Admin password: 12345
Confirm password: 12345
OK
BDB
No
Yes
No

# Restart OpenLDAP.

/etc/init.d/slapd restart

 

Step 3: Install SAMBA

We will be using SAMBA for some main functions in this tutorial. In order to configure OpenLDAP correctly we must first install SAMBA.

# Install the software.

apt-get install samba smbldap-tools smbclient samba-doc

 

Step 4: Configure OpenLDAP for use with SAMBA

In order to use LDAP and SAMBA we need to configure the /etc/ldap/slapd.conf file.

# Copy the samba.schema file to the OpenLDAP schema directory.

cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/

# Unzip the file.

gzip -d /etc/ldap/schema/samba.schema.gz

# Open the /etc/ldap/slapd.conf file for editing.

vim /etc/ldap/slapd.conf

# Add the following lines to the document where the other "include" lines are:

include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/misc.schema

# Change the line:

access to attribute=userPassword

# to:

access to attrs=userPassword,sambaNTPassword,sambaLMPassword

# Restart OpenLDAP:

/etc/init.d/slapd restart


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Jack (not registered) on Mon, 2010-05-10 17:04.

Recently I installed samba PDC using following article. It really helps me, thanks a lot "universal"

Submitted by pixel::doc (not registered) on Tue, 2009-09-08 17:16.

At Preface /etc/hosts should look like this:

127.0.0.1       localhost
192.168.0.60 dc01-ubuntu.example.local dc01-ubuntu

or

127.0.1.1         dc01-ubuntu.example.local    dc01-ubuntu

Otherwise good tutorial!

Submitted by Jack (not registered) on Sat, 2009-04-04 13:00.
I have an auto installer for Ubuntu 8.1. You can download it from my website www.setschoolsfree.com. The installer may work with other debain versions of linux but I have not had the change to test it. The installer is intended for use by schools but anyone can use it including companies.
Submitted by mauritaly (not registered) on Mon, 2009-06-29 16:46.

Hi Jack

thank you to public your wizard. I will test it on a lenny VM

Submitted by Cybermeow (not registered) on Mon, 2009-02-02 11:00.

Now that I have setup domain control with SAMBA and ldap, what is the right way to backup the system in case the server fail? How can I setup a BDC?

Also, in daily backup of config files and ldap user login information, what is the right way to do?

Submitted by rickofborg (not registered) on Tue, 2009-01-27 20:43.

If you are using Ubuntu Server 8.10 and you are missing slapd.conf at Step 4, it is because Ubuntu 8.10 version of Open LDAP utilizes a new configuration scheme.  There is no slapd.conf any more.  You have to create one from scratch and edit /etc/default/slapd to tell OpenLDAP where to find it.

Information about that is here: http://ubuntuforums.org/showthread.php?t=980713

 For this to work "out of the box", you'd better use Ubuntu 7.10.

 

Submitted by Anonymous (not registered) on Wed, 2008-12-31 17:58.
Step 4-Cannot find slapd.conf in /etc/ldap. I have installed Ubuntu Server 8.10 and also installed the desktop version so I have the GUI mode. I cannot find the file slapd.conf in my whole Ubuntu box after installing the mentioned package OpenLDAP and following all your steps. Please help.
Submitted by jordi (not registered) on Fri, 2008-12-26 00:10.

The tutorial is great. At least about a great topic. I am surprised there are no easy alternatives to W2003 server.

 Anyway I had problems at step 4. The mentioned file (/etc/ldap/slapd.conf) is not on my Ubuntu system. I need to say that I am using the desktop edition, not the server, and I am using 8.10 and not 7.10. I followed all the prerequisites and steps before, I believe.

Because the file is not there, I tried skipping the step (I know this is not good). If skipping step 4, I get serious errors at step 7, as follows:

entry dc=codina,dc=local already exist.
adding new entry: ou=Users,dc=codina,dc=local
adding new entry: ou=Groups,dc=codina,dc=local
adding new entry: ou=Computers,dc=codina,dc=local
adding new entry: ou=Idmap,dc=codina,dc=local
adding new entry: uid=root,ou=Users,dc=codina,dc=local
failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 55.
adding new entry: uid=nobody,ou=Users,dc=codina,dc=local
failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 83.
adding new entry: cn=Domain Admins,ou=Groups,dc=codina,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 95.
adding new entry: cn=Domain Users,ou=Groups,dc=codina,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 106.
... (a few more like this)

 Anyone experienced this?

Submitted by darryl worley (not registered) on Fri, 2008-12-12 23:51.

First of all, great how-to. Very straightforward and well-commented/explained.

However, I keep getting the same error message. I have tried running through the procedure thrice now, to make sure I haven't missed some 'critical' step or anything, but the same error:

"Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 135, <CONFIGFILE> line 115"

I get this error msg at step 8 ("smbldap-useradd -a -m -M ricky -c "Richard M" ricky. I am running this after a fresh install of Ubuntu Server v.8.04.1. Any tips?

Thanks, -darryl

Submitted by chuchi2k2 (registered user) on Sat, 2008-01-05 00:21.
This is the "how to" i´ve waiting for months/years... Congratulations rickyjones to make our life more easy!!!
Submitted by japh (registered user) on Thu, 2008-02-21 09:37.

Brilliant tutorial!  Thanks heaps  :)

Either there's a step missing though, or I'm doing something wrong (most likely), but I can't seem to get it work quite right.  I cannot seem to add Windows workstations to the domain, and using phpLDAPAdmin, I can only seem to access it in readonly mode.  Trying to use the LDAP Browser in Webmin also gives the following error: "The LDAP browser cannot be used : No user to login as was found in the LDAP server configuration".  I'm guessing it's all related to the same issue...

 Can anyone give me some tips?  Or suggest where I can get more info to provide?

 Cheers,

Japh 

Submitted by thuan (registered user) on Sat, 2008-03-22 12:38.

First, I want to thank rickyjones for making this guide that's just work. I think you should have included roaming profile and home share settings in your guide though. Well, I managed to figure out that part anyway, so it's all good.

As for the one above me, you should have used the forum as asked to but oh well: you have to add your admin DN and password into LDAP server configuration in LDAP server module of webmin for it to work.

Submitted by Anonymous (not registered) on Tue, 2008-12-02 07:39.

Hi Thuan,

 

How did you manage to get the roaming profile right?

Submitted by Tom (not registered) on Sun, 2008-11-23 18:36.
How did you 'figure out' the roaming profiles? I really need to know this and dont have much experience with ubuntu server and openldap or samba!