OpenLDAP + Samba Domain Controller On Ubuntu 7.10 - Page 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by rickyjones (Contact Author) (Forums) on Fri, 2008-01-04 15:46. ::

Step 10: Install BIND (DNS Server)

Because we are going to be a domain controller and source for authentication it makes sense to also have some DNS services available. Please note that if you have multiple servers at your disposal it is recommended to install a seperate DNS server as well so we have two to look at.

# Install the software.

apt-get install bind9

 

Step 11: Configure our primary DNS Zone using WebMin

We now want to create our DNS zone so that we are in charge of it and can make use of it. I prefer using a GUI to do this as opposed to editing the zone files.

In a web browser navigate to: https://192.168.0.60:10000 (Please use the IP address that YOU assigned to your server.)
Login as "sysadmin" and "12345".
Servers > BIND DNS Server
Under "Existing DNS Zones" click "Create master zone".

Zone type: Forward (Names to Addresses)
Domain name / Network: example.local
Records file: Automatic
Master server: dc01-ubuntu.example.local
Email address: sysadmin@example.local

Click "Create" button.

Click "Apply Changes" button.

Click "Address (0)" at the top.

Name: dc01-ubuntu
Address: 192.168.0.60
Click "Create" button
Click "Return to record types"

Click "Apply Changes" button.

 

Step 12: Configure the server to use itself for DNS

DNS doesn't do a whole lot of good if we don't use it. In this section we point our /etc/resolv.conf file to ourselves. I also recommend leaving in a known working DNS server as the seconday source just in case something screws up. In some of my trials I did notice that the server would hang trying to start BIND9.

# Open the /etc/resolv.conf file for editing.

vim /etc/resolv.conf

# Add the following lines to the beginning of the file:

search example.local
nameserver 192.168.0.60

# Reboot the server to ensure that DNS is working correctly.

reboot

 

Step 13: Add a workstation account to LDAP

This tutorial is meant to create an opensource domain for Windows XP Professional client (and Linux clients) to authenticate against. Therefore we will add a workstation account for the Windows XP Professional workstation that we will be joining to the domain.

# Execute the command:

smbldap-useradd -w client-winxp

* "client-winxp" is the hostname of the computer that you will be adding to the domain. This must be very specific!

 

Step 14: Configure your Windows XP Professional Client

Now I will walk you through configuring your Windows XP Professional workstation so that it will join the domain.

# Assumptions:

* This is a vanilla installation of Windows XP Professional SP2.
* The computer name was set during installation to be: client-winxp
* The Administrator password assigned is: 12345
* All other installation options have been left at their default settings.
* After the installation the following occurred:
* The only user account on the computer in use was "Administrator"
* All available Windows Updates were installed.
* A static IP address was assigned with the following information (for my setup only!)

IP Address: 192.168.0.61
Gateway: 192.168.0.1
Netmask: 255.255.255.0
DNS: 192.168.0.60
Search domain: example.local

# Join the workstation to the domain.

* Log into the computer as Administrator.
* Right click "My Computer" and click "Properties".
* Click the tab "Computer Name".
* Click the button labeled "Change".
* At the bottom click the radial button labeled "Domain".
* In the box type the word "example" without quotes!
* Click the "OK" button.
* At the password prompt enter "root" for the user and "12345" for the password (substitute the password for what you assigned to your root user earlier!).

It should say "Welcome to the example domain."
* Click "OK".
* Click "OK" again.
* Click "OK" again.
Restart the workstation.

# Log in with your test user ("ricky") from earlier.
Try logging into the Windows XP workstation (after selecting the domain from the drop down box) using our test user. It should work without issue!

# Notes
Please note that this is basic authentication right now. You're on your own if you wish to add logon scripts, mapped drives, etc...

 

Step 15: (Optional) Install Apache2 and PHPLDAPAdmin

A nice way to view and modify your LDAP tree is with a GUI. PHPLDAPAdmin is one that many people recommend so I will show you how to install it and use it.

# Install the software.

apt-get install apache2 phpldapadmin

# Open the file /etc/apache2/httpd.conf for editing:

vim /etc/apache2/httpd.conf

# Add the following line to the top of the file. This prevents an annoying error message from Apache2.

ServerName dc01-ubuntu.example.local

# Restart Apache2

/etc/init.d/apache2 restart

# Copy the PHPLDAPAdmin folder into the main web site directory. This is the lazy way of doing things. This way we don't need to create a virtual server, we just access PHPLDAPAdmin by going to: http://192.168.0.60/phpldapadmin/

cp -R /usr/share/phpldapadmin/ /var/www/phpldapadmin

There you have it! A full Ubuntu LDAP and SAMBA Domain Controller in 15 easy steps.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Thu, 2010-07-08 11:32.

Awesome work here, I have been looking all over the web for these kind of details.

But I was wondering if I could join the domain on a Ubuntu Desktop distribution instead of Windows XP using something maybe similar to Likewise Open or some other kind of LDAP client for Linux and still be able to make the OS authenticate against the LDAP when logging on to the normal Ubuntu Desktop GUI login screen.

Don't worry about GPO or the mapping of drives, just authenticating logon

Thanks... again good work

Submitted by gabochiwas (not registered) on Tue, 2009-08-25 22:38.

tanks men excelent how to...

 ust one cuestion i need to activate the movile profile can u tell to me how can i do that?

i appreciate very much if u can show to me...

Submitted by Mathias Mamsch (not registered) on Tue, 2009-06-02 15:58.

Hi,

 I really enjoyed your tutorial. I just wanted to let you know that current versions of openldap will use runtime configuration, i.e. storing the ldap configuration in the /etc/ldap/slapd.d/ directory and by default ignoring a /etc/ldap/slapd.conf file. Users might experience several errors in this case:

1. There is no slapd.conf file where to add the include schemas, after installing openldap

2. When coming to the smbldap-populate command, the populating will fail (because the schemas will not be used in the configuration, even a slapd.conf file was created)

You might want to hint to that in the tutorial. In this case a search for "openldap runtime configuration" might turnout how to overcome those issues.

 Best regards, Mathias Mamsch

Submitted by 02walshe (not registered) on Tue, 2009-02-17 23:49.

Just wanted to say what a great topic this is! Got through it very quickly. Just one thing:

 when I log on to the domain, XP shows the 'loading your personal settings' screen, then after about 10 seconds, goes back to the 'press ctrl alt del' screen. very odd

 Thanks again for a good topic!

Submitted by atom_h2o (registered user) on Wed, 2009-02-04 12:34.

Thank you for your nice tutorial.

I've only one question: How can I change the password for the user sysadmin after I've completed the installation?

I've Ubuntu 8.04 Server 32 bit and I have this phenomenon:

$ passwd
Changing password for sysadmin.
(current) UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged


 

Submitted by Anonymous (not registered) on Mon, 2009-01-26 05:37.
Thanks so much worked first time!!!!!!!!!!!!
Submitted by tam (not registered) on Thu, 2008-12-04 22:43.

hi,

I know that the topic specified Ubuntu 7.10 and XPpro, but i was able to install the server pieces on Ubuntu Hardy without having any problem.

my problem is it fails to join the domain.

the client box is Vista Ultimate and the error message is "the network path was not found" 

 i wonder has anyone able to make this work with Windows Vista?

 thanks in advance,

Tam

Submitted by stefferd (not registered) on Sat, 2009-01-17 16:20.

Have you tried using the ip adress instead of the hostname when connecting to the domain controller?

It could be that your windows-box doesn't have the right DNS server configured in it's ip-adress settings, that way it won't find the hostname. To resolve this, setup your DHCP-server to use the DNS-server adress of the DC, or reconfigure your windows box that it uses the dns-server installed on your
Submitted by Anonymous (not registered) on Tue, 2008-11-18 09:57.

Nice tutorial

but since you already installed webmin I don't recommend installalling PHPLDAPadmin.

 LDAP is perfectly managable through webmin.

Submitted by Anonymous (not registered) on Mon, 2008-11-03 22:45.

Perfect Tutorial. I have done it with a fresh-installed Ubuntu-8-Server. Worked perfect without any problems.

Thank you!

Submitted by kaotix (registered user) on Sun, 2008-07-06 18:18.
is it neccessary to login to the controller with the root login? If I wanted a client to add themselves i'd rather not give out the root password. Also the possibility of a windows machine having the root login saved somewhere is a worrying thought.
Submitted by Anonymous (not registered) on Thu, 2008-11-06 00:06.
No you just have to make sure that he is a Domain Admin
Submitted by pak9rabid (registered user) on Fri, 2008-05-30 16:03.
Does the DNS server have to run on the same physical box as OpenLDAP + Samba?
Submitted by Anonymous (not registered) on Tue, 2008-11-18 09:52.
no, just make sure you fill in your DNS correctly on your client and server.
Submitted by mauritaly (registered user) on Sat, 2008-03-29 14:32.

Hi all

this was amazing, in less than 2 hours i installed that stuff on a virtual ubuntu and bound XP on the domain. would be great to add dhcp and ldap-account-manager... very easy, i did it. shall i write how?

for the future would be great to add tsl="1"

thanks 4 this good tutorial, as usual at howtoforge

Maurizio, Zurich 

 

Submitted by metalhannes (registered user) on Thu, 2008-03-13 14:18.

I cannot thank you enough for this..
You have saved my sanity and my server....
I wish I could say more but I really don't know what to say execpt for a BIG HUGE THANK YOU...
Keep it up

Hannes

Submitted by bi (not registered) on Thu, 2010-06-17 12:47.

I try this tutorial and I get this result:

1. For some reason (that I dont know), Linux client can join domain without problem with net rpc join -S ipofserver -U root.

2. Windows client cannot join domain with following error: http://osvn.pastebin.com/QUpVVq5q

I tried many ways to fix it but it seems out of my knowledge.

DNS is working fine, nslookup with full domain name: dc.DOMAIN.com can find where is the domain controller and its IP address.