Centos configures samba+ldap authentication

Enterprise 2023-10-05 00:10:38 views: null
  • LDAP
  • Install openldap to provide account authentication for the apache service;
  • Create chinaskills.cn directory service, create user group ldsgp, and add zsuser, Isusr, wuusr
  • SAMBA
  • Create a samba share. The local directory is /data/share1. Requirements: The share name is share1.
  • Only zsuser users are allowed to upload files.
  • Create a Samba share. The local directory is /data/public. The share name is required to be public. Anonymous access is allowed. All users can upload files
     

1. Install ldap

[root@storagesrv /]# yum install openldap-servers openldap-clients  -y

2. Set slapd password

[root@storagesrv /]# slappasswd -s 000000
{SSHA}cZXMT165vMoGShSBCrwX1lbrbrYNDBON

3. Modify the configuration file

[root@storagesrv /]# nano /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=chinaskills,dc=cn    	//修改题目需要
olcRootDN: cn=Manager,dc=chinaskills,dc=cn  //修改题目需要
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: 1e20e918-bfaf-103c-9ba0-e91fe8f8981a
creatorsName: cn=config
createTimestamp: 20220903083532Z
entryCSN: 20220903083532.329466Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20220903083532Z
olcRootPW: {SSHA}cZXMT165vMoGShSBCrwX1lbrbrYNDBON  //OpenLDAP管理员的密码,就是我们刚刚生成

[root@storagesrv /]# nano /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth" read by dn.base="cn=Manager,dc=chinaskills,dc=cn" read by * none   //修改题目需求
structuralObjectClass: olcDatabaseConfig
entryUUID: 1e20e53a-bfaf-103c-9b9f-e91fe8f8981a
creatorsName: cn=config
createTimestamp: 20220903083532Z
entryCSN: 20220903083532.329367Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20220903083532Z
~

4. Start the ldap service and import Schema

[root@storagesrv /]# systemctl start slapd
[root@storagesrv /]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"
[root@localhost ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"
[root@storagesrv /]## ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"

5. Import database and user groups

[root@storagesrv /]# cat base.ldif  
dn: dc=chinaskills,dc=cn
dc: chinaskills
objectClass: top
objectClass: domain
objectClass: domainRelatedObject
associatedDomain: chinaskills.cn
dn: ou=users,dc=chinaskills,dc=cn
objectclass: organizationalUnit
ou: users
dn: ou=ldsgp,dc=chinaskills,dc=cn
objectClass: organizationalUnit
ou: group

[root@storagesrv /]# ldapadd -x -W -D "cn=Manager,dc=chinaskills,dc=cn" -f bash.ldif 
Enter LDAP Password: 			//刚开始设置的密码
adding new entry "dc=chinaskills,dc=cn"
adding new entry "ou=ldsgp,dc=chinaskills,dc=cn"

6. Import users

[root@storagesrv /]# cat users.ldif  
dn: uid=zsuser,ou=ldsgp,dc=chinaskills,dc=cn
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
uid: zsuser
cn: zsuser
userPassword: ChinaSkill22
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
loginShell: /bin/bash
uidNumber: 1008
gidNumber: 1008
homeDirectory: /home/zsuser
gecos: zsuser


dn: uid=lsusr,ou=ldsgp,dc=chinaskills,dc=cn
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
uid: lsusr
cn: lsusr
userPassword: ChinaSkill22
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
loginShell: /bin/bash
uidNumber: 1008
gidNumber: 1008
homeDirectory: /home/lsusr
gecos: lsusr


dn: uid=wuusr,ou=ldsgp,dc=chinaskills,dc=cn
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
uid: wuusr
cn: wuusr
userPassword: ChinaSkill22
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
loginShell: /bin/bash
uidNumber: 1008
gidNumber: 1008
homeDirectory: /home/wuusr
gecos: wuusr

[root@storagesrv /]# ldapadd -x -W -D "cn=Manager,dc=chinaskills,dc=cn" -f users.ldif 
Enter LDAP Password: 
adding new entry "uid=zsuser,ou=ldsgp,dc=chinaskills,dc=cn"
adding new entry "uid=lsusr,ou=ldsgp,dc=chinaskills,dc=cn"
adding new entry "uid=wuusr,ou=ldsgp,dc=chinaskills,dc=cn"

7. Modify the configuration file

[root@storagesrv /]# vim /etc/openldap/ldap.conf  
BASE    dc=chinaskills,dc=cn

8. Test

[root@storagesrv /]# ldapsearch -x -LLL | grep 'dn: dc'  
dn: dc=chinaskills,dc=cn

1. Install samba server and client

[root@storagesrv /]# yum install samba samba-client smbldap-tools -y

2. Create a directory

[root@storagesrv /]# mkdir -p /data/share1
[root@storagesrv /]# mkdir -p /data/public

3. Configure samba template and authorization

[root@storagesrv /]# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /usr/share/doc/samba-4.10.16/LDAP/samba.ldif  
[root@storagesrv /]# chmod -R 777 /data/

4. Modify the configuration file

[root@storagesrv /]# vim /etc/samba/smb.conf
[global]
passdb backend = ldapsam:ldap://192.168.100.100
ldap suffix = "dc=chinaskills,dc=cn"
ldap admin dn = "cn=Manager,dc=chinaskills,dc=cn"
ldap user suffix = "ou=users,dc=chinaskills,dc=cn"
ldap group suffix = "ou=group,dc=chinaskills,dc=cn"
ldap delete dn = no
ldap passwd sync = yes
ldap ssl = no
map to guest = bad user
workgroup = chinaskills.cn
[share1]
        path = /data/share1
        write list = zsuser
[public]
        path = /data/public
        guest ok = yes
        writeable = yes
        
        
[root@storagesrv /]# smbpasswd -w 000000           
Setting stored password for "cn=Manager,dc=chinaskills,dc=cn" in secrets.tdb
[root@storagesrv /]# systemctl restart smb.service

5. Test

[root@storagesrv /]# useradd zsuser
[root@storagesrv /]# useradd lsusr
[root@storagesrv /]# useradd wuusr
[root@storagesrv /]# smbpasswd -a zsuser
New SMB password:
Retype new SMB password:
[root@storagesrv /]# smbpasswd -a lsuser
New SMB password:
Retype new SMB password:
Failed to add entry for user lsuser.
[root@storagesrv /]# smbpasswd -a wuusr
New SMB password:
Retype new SMB password:

[root@storagesrv /]# smbclient //127.0.0.1/share1 -U zsuser
Enter SAMBA\zsuser's password: 
Try "help" to get a list of possible commands.
smb: \> put /etc/issue test.txt
putting file /etc/issue as \test.txt (11.2 kb/s) (average 11.2 kb/s)
smb: \> q
[root@storagesrv /]# smbclient //127.0.0.1/public
Enter SAMBA\root's password: 
Anonymous login successful
Try "help" to get a list of possible commands.
smb: \> put /etc/issue testpublic
putting file /etc/issue as \testpublic (22.5 kb/s) (average 22.5 kb/s)
smb: \> q

Guess you like

Origin blog.csdn.net/LLLLLoodwd/article/details/131325440
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com