OpenLDAP + Samba Domain Controller On Ubuntu 7.10

Preface

This document is a step by step guide for configuring Ubuntu 7.10 as a Samba Domain Controller with an LDAP backend (OpenLDAP). The point is to configure a server that can be comparable, from a central authentication point of view, to a Windows Server 2003 Domain Controller. The end result will be a server with an LDAP directory for storing user, group, and computer accounts. A Windows XP Professional SP2 workstation will be able to join the domain once properly configured. Please note that you do not have a fully comparable Windows domain controller at this time. Do not kid yourself, this guide only gets you a server with LDAP authentication. Of course this can be expanded to include slave servers to spread out authentication over multiple networks. Please also note that it took me approximately two and a half weeks to compile this information and get it working. The same functionality can be had in Windows in less than four hours (and this includes operating system installation). In my humble opinion the open source community will need to work on this side of Linux in order for it to be a true alternative to Windows.

 

Legal/Warranty/Etc...

This document is provided as-is with no implied warranty or agreement. I will not support other systems without compensation. This document is the property of Richard Maloley II. This document may be redistributed, copied, printed, and modified at will, however my name must remain as the original source. Legal action can and will be brought against any and all infractions of the terms.

 

Special Items of Interest

* My hostname during the installation was set to: dc01-ubuntu
* My fully qualified domain name will be: dc01-ubuntu.example.local
* After the installation my /etc/hostname was changed to: dc01-ubuntu.example.local
* After the installation my /etc/hosts was changed so that the line 127.0.1.1 contained "dc01-ubuntu dc01-ubuntu.example.local" to ensure no issues with name resolution.
* My LDAP domain is: example.local
* This translates to a Base DN of: dc=example,dc=local
* All passwords used are "12345" to keep things simple.
* I am not using TLS or SSL for my LDAP directory. Too much work for this tutorial.
* The user I created during the installation is: sysadmin
* The password I assigned during the installation is: 12345
* This local user will be used for all configuration purposes.

 

Assumptions

* Ubuntu Server 7.10 is installed.
* No other software was installed during the OS install!
* After installation you enabled all the repositories in /etc/apt/sources.list
* You fully updated your system

apt-get update
apt-get upgrade
reboot

* You configured a static IP address. For me I used the following information:

address 192.168.0.60
gateway 192.168.0.1
netmask 255.255.255.0

* You edited your /etc/hosts file so that your hostname and fully qualified domain name are on the line 127.0.1.1

127.0.1.1 dc01-ubuntu dc01-ubuntu.example.local

* You installed the OpenSSH Server.

apt-get install openssh-server

* You did not set a password on the root account. All commands will be run with sudo or by opening a root shell.

sudo bash

* Currently you do not have any other software running nor do you have any other users on the system.

 

Step 1: Install WebMin

We will be installing WebMin. Why? I like to use it to configure some things. This step is techinically optional but I feel as though it greatly simplifies administration of the server in the future.

# Download the WebMin package from their website.

wget http://superb-west.dl.sourceforge.net/sourceforge/webadmin/webmin_1.380_all.deb

# Install pre-requisite software.

apt-get install openssl libauthen-pam-perl libio-pty-perl libmd5-perl libnet-ssleay-perl

# Install WebMin

dpkg -i webmin_1.380_all.deb

# If the installation is successful you will see a message similar to this:

"Webmin install complete. You can now login to https://dc01-ubuntu.example.local:10000/
as root with your root password,
or as any user who can use sudo to run commands as root."

 

Step 2: Install OpenLDAP

For our LDAP server we will be using the very flexible OpenLDAP Server (slapd).

# Install the software.

apt-get install slapd ldap-utils migrationtools

# Answer the on-screen prompts with:

Admin password: 12345
Confirm password: 12345

# We need to configure OpenLDAP now.

dpkg-reconfigure slapd

# Answer the on-screen prompts with:

No
DNS domain name: example.local
Name of your organization: example.local
Admin password: 12345
Confirm password: 12345
OK
BDB
No
Yes
No

# Restart OpenLDAP.

/etc/init.d/slapd restart

 

Step 3: Install SAMBA

We will be using SAMBA for some main functions in this tutorial. In order to configure OpenLDAP correctly we must first install SAMBA.

# Install the software.

apt-get install samba smbldap-tools smbclient samba-doc

 

Step 4: Configure OpenLDAP for use with SAMBA

In order to use LDAP and SAMBA we need to configure the /etc/ldap/slapd.conf file.

# Copy the samba.schema file to the OpenLDAP schema directory.

cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/

# Unzip the file.

gzip -d /etc/ldap/schema/samba.schema.gz

# Open the /etc/ldap/slapd.conf file for editing.

vim /etc/ldap/slapd.conf

# Add the following lines to the document where the other "include" lines are:

include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/misc.schema

# Change the line:

access to attribute=userPassword

# to:

access to attrs=userPassword,sambaNTPassword,sambaLMPassword

# Restart OpenLDAP:

/etc/init.d/slapd restart