Arsip Ku: Ubuntu Server 12.04 - Bag. 4 : Instalasi, Konfigurasi dan Integrasi LDAP & Samba Server

Pada tutorial sebelumnya kita juga telah membahas Instalasi, Konfigurasi dan Integrasi LDAP & Samba Server. Pada artikel tersebut kita menggunakan perintah sederhana dari utility smbldap-tools untuk memigrasikan user linux ke LDAP Server secara satu-persatu, kemudian menambahkan user samba dengan perintah "smbpasswd -a user" agar user tersebut memiliki attribut "objectClass: sambaSamAccount" di server LDAP.
Nah, jika yang akan di-migrasikan adalah sebuah sistem linux yang sudah memiliki ratusan bahkan ribuan user / group, apakah bisa kita menggunakan smbldap-tools ?, jujur saja sebagai manusia biasa seorang sysadmin tentu akan menghindari untuk mengentri satu persatu ratusan atau bahkan ribuan user yang telah ada di sistem linux tersebut. Selain membutuhkan waktu yang lama kemungkinan kesalahan pengetikan yang akan terjadi tentu saja cukup besar. Untuk solusi masalah ini kita dapat menggunakan utility MigrationTools yang dibuat oleh padl.com. Utility ini akan meng-export user dan group linux kedalam file ldif, kemudian user dan group yang sudah ada dalam format ldif di tambahkan ke dalam database LDAP Server. Selanjutnya untuk memasukkan user-user samba kedalam database LDAP Server, maka kita harus mengimport file tdbsam kedalam ldapsam. Adapun langkah-langkah yang harus dilakukan adalah sebagai berikut :

Melakukan migrasi user & group sistem linux ke LDAP menggunakan MigrationTools dari padl.com. Tahapan ini terdiri dari meng-export user dan group sistem linux menjadi file ldif, kemudian mengedit file ldif tersebut sesuai kebutuhan, dan yang terakhir menambahkan user dan group ke dalam database LDAP Server dengan menggunakan file ldif tersebut.
Megimport user dan group samba dari database tdbsam ke database ldapsam.

Mudah bukan ?. Baiklah, langsung saja kita lakukan tahapan-tahapannya. Adapun topologi jaringan masih sama dengan tutorial sebelumnya, secara garis besar dapat dilihat dari informasi IP Address berikut :

PC : LDAP Server, DNS Server Master
OS : Ubuntu 12.04 Server
Hostname : ns.wanasl.lcl
IP Address : 172.16.16.106

PC : SAMBA Server, DNS Server Slave
OS : Ubuntu 14.04 Server
Hostname : acc-filesrv.wanasl.lcl
IP Address : 192.168.1.196

Network : 172.16.16.0/24
Alokasi : DMZ Area

Network : 192.168.0.0/16
Alokasi : Clients

Pada Host LDAP Server, yang harus diinstall adalah paket slapd, ldap-utils, db5.1-util, dan samba-doc. Adapun cara-cara yang dilakukan sekaligus cara konfigurasi telah dibahas pada tutorial sebelumnya, berikut adalah ringkasannya.

root@ns:/home/it# cat /etc/os-release 
NAME="Ubuntu"
VERSION="12.04.5 LTS, Precise Pangolin"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu precise (12.04.5 LTS)"
VERSION_ID="12.04"

root@ns:/home/it# ifconfig eth2
eth2      Link encap:Ethernet  HWaddr 4a:f8:8d:37:15:ee  
          inet addr:172.16.16.106  Bcast:172.16.16.127  Mask:255.255.255.224
          inet6 addr: fe80::48f8:8dff:fe37:15ee/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:319553 errors:0 dropped:57 overruns:0 frame:0
          TX packets:358063 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:199644016 (199.6 MB)  TX bytes:229808350 (229.8 MB)
          Interrupt:36 

root@ns:/home/it# apt-get install slapd ldap-utils db5.1-util
root@ns:/home/it# dpkg-reconfigure slapd
     Omit OpenLDAP server configuration? No
     DNS domain name: wanasl.lcl
     Organization name: wanasl
     Administrator password : ->   Isi dengan password administratoe sewaktu instalasi slapd atau gunakan password lain.
     Confirm password: -> Konfirmasi password
     Database backend to use:  HDB
     Do you want the database to be removed when   slapd is purged ? No
     Move old database ? Yes
     Allow LDAPv2 protocol ? No

root@ns:/home/it# apt-get install samba-doc
root@ns:/home/it# cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/
root@ns:/home/it# gzip -d /etc/ldap/schema/samba.schema.gz
root@ns:/home/it# vim schema_convert.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/ldapns.schema
include /etc/ldap/schema/pmi.schema
include /etc/ldap/schema/samba.schema

root@ns:/etc/ldap/schema# mkdir ldif_output
root@ns:/etc/ldap/schema# slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema
dn: cn={14}samba,cn=schema,cn=config

root@ns:/home/it# slapcat -f schema_convert.conf -F ldif_output -n0 -H ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif

root@ns:/home/it# vim cn\=samba.ldif 
.
.
.
//Hapus mulai baris dibawah ini (kalimat yang dimiringkan)
structuralObjectClass: olcSchemaConfig
entryUUID: 2d13ca26-8f42-1034-93e0-7185e8f014c4
creatorsName: cn=config
createTimestamp: 20150515113505Z
entryCSN: 20150515113505.079104Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150515113505Z

root@ns:/home/it# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\=samba.ldif 
adding new entry "cn={14}samba,cn=schema,cn=config"

root@ns:/home/it# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config 'cn=*samba*'
dn: cn={4}samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {4}samba
.
.
.
olcObjectClasses: {11}( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC
  'Samba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustTyp
 e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFla
 tName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdenti
 fier $ sambaTrustForestTrustInfo ) )

root@ns:/home/it# vim samba_indices.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub

root@ns:/home/it# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif 
modifying entry "olcDatabase={1}hdb,cn=config"

root@ns:/home/it# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase={1}hdb olcDbIndex
dn: olcDatabase={1}hdb,cn=config
olcDbIndex: objectClass eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub

Pindah ke Host Samba Server dan lakukan tahapan seperti berikut ini.

root@Acc-FileSrv:/home/it# apt-get install samba smbldap-tools ldap-utils
root@Acc-FileSrv:/home/it# cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/
root@Acc-FileSrv:/home/it# cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/
root@Acc-FileSrv:/home/it# cd /etc/smbldap-tools/
root@Acc-FileSrv:/etc/smbldap-tools# gzip -d smbldap.conf.gz
root@Acc-FileSrv:/etc/smbldap-tools# ls -l
total 12
-rw-r--r-- 1 root root  490 May 12 13:16 smbldap_bind.conf
-rw-r--r-- 1 root root 7817 May 12 13:17 smbldap.conf

root@Acc-FileSrv:/etc/smbldap-tools# smbpasswd -w passwordAdminLDAP   //beritahu samba password admin ldap

root@Acc-FileSrv:/etc/smbldap-tools# net getlocalsid
SID for domain ACC-FILESRV is: S-1-5-21-1814403270-3853942490-1171393500

root@Acc-FileSrv:/etc/smbldap-tools# vim smbldap.conf 
.
.
sambaDomain="wanasl.lcl"
.
.
slaveLDAP="ldap://ns.wanasl.lcl/"
.
.
masterLDAP="ldap://ns.wanasl.lcl/"
.
.
#ldapTLS="1"
ldapTLS="0"
.
.
.
suffix="dc=wanasl,dc=lcl"
.
.
usersdn="ou=Users,${suffix}"
.
.
computersdn="ou=Computers,${suffix}"
.
.
groupsdn="ou=Groups,${suffix}"
.
.
idmapdn="ou=Idmap,${suffix}"
.
.
# Ex: mailDomain="idealx.com"
mailDomain="wanasl.lcl"
.
.
.

root@Acc-FileSrv:/etc/smbldap-tools# vim smbldap_bind.conf 
.
.
slaveDN="cn=admin,dc=wanasl,dc=lcl"
slavePw="PasswordAdminLDAPServerlSlave"
masterDN="cn=admin,dc=wanasl,dc=lcl"
masterPw="PasswordAdminLDAPServerlMaster"

root@Acc-FileSrv:/etc/smbldap-tools# chmod 0644 smbldap.conf 
root@Acc-FileSrv:/etc/smbldap-tools# chmod 0600 smbldap_bind.conf 
root@Acc-FileSrv:/etc/smbldap-tools# smbldap-populate
Populating LDAP directory for domain wanasl.lcl (S-1-5-21-1814403270-3853942490-1171393500)
(using builtin directory structure)

entry dc=wanasl,dc=lcl already exist. 
adding new entry: ou=Users,dc=wanasl,dc=lcl
adding new entry: ou=Groups,dc=wanasl,dc=lcl
adding new entry: ou=Computers,dc=wanasl,dc=lcl
adding new entry: ou=Idmap,dc=wanasl,dc=lcl
adding new entry: sambaDomainName=wanasl.lcl,dc=wanasl,dc=lcl
adding new entry: uid=root,ou=Users,dc=wanasl,dc=lcl
adding new entry: uid=nobody,ou=Users,dc=wanasl,dc=lcl
adding new entry: cn=Domain Admins,ou=Groups,dc=wanasl,dc=lcl
adding new entry: cn=Domain Users,ou=Groups,dc=wanasl,dc=lcl
adding new entry: cn=Domain Guests,ou=Groups,dc=wanasl,dc=lcl
adding new entry: cn=Domain Computers,ou=Groups,dc=wanasl,dc=lcl
adding new entry: cn=Administrators,ou=Groups,dc=wanasl,dc=lcl
adding new entry: cn=Account Operators,ou=Groups,dc=wanasl,dc=lcl
adding new entry: cn=Print Operators,ou=Groups,dc=wanasl,dc=lcl
adding new entry: cn=Backup Operators,ou=Groups,dc=wanasl,dc=lcl
adding new entry: cn=Replicators,ou=Groups,dc=wanasl,dc=lcl

Please provide a password for the domain root: 
Changing UNIX and samba passwords for root
New password: 
Retype new password: 

root@Acc-FileSrv:/etc/smbldap-tools# ldapsearch -x -LLL -H ldap://ns.wanasl.lcl -b dc=wanasl,dc=lcl
dn: dc=wanasl,dc=lcl
objectClass: top
objectClass: dcObject
objectClass: organization
o: wanasl.lcl
dc: wanasl

dn: cn=admin,dc=wanasl,dc=lcl
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

dn: ou=Users,dc=wanasl,dc=lcl
objectClass: organizationalUnit
ou: Users

dn: ou=Groups,dc=wanasl,dc=lcl
objectClass: organizationalUnit
ou: Groups

dn: ou=Computers,dc=wanasl,dc=lcl
objectClass: organizationalUnit
ou: Computers

dn: ou=Idmap,dc=wanasl,dc=lcl
objectClass: organizationalUnit
ou: Idmap

dn: sambaDomainName=wanasl.lcl,dc=wanasl,dc=lcl
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaDomainName: wanasl.lcl
sambaSID: S-1-5-21-1814403270-3853942490-1171393500
sambaNextRid: 1000
uidNumber: 1000
gidNumber: 1000

dn: uid=root,ou=Users,dc=wanasl,dc=lcl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
uid: root
cn: root
sn: root
gidNumber: 0
uidNumber: 0
homeDirectory: /home/root
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaHomePath: \\PDC-SRV\root
sambaHomeDrive: H:
sambaProfilePath: \\PDC-SRV\profiles\root
sambaPrimaryGroupSID: S-1-5-21-1814403270-3853942490-1171393500-512
sambaSID: S-1-5-21-1814403270-3853942490-1171393500-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaPwdLastSet: 1431918925
sambaNTPassword: 68365827D79C4F5CC9B52B688495FD51
sambaAcctFlags: [U]
sambaLMPassword: 6089B6316B3577C4944E2DF489A880E4
sambaPwdMustChange: 1435806925
shadowMax: 45

dn: uid=nobody,ou=Users,dc=wanasl,dc=lcl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
cn: nobody
sn: nobody
gidNumber: 514
uid: nobody
uidNumber: 65534
homeDirectory: /nonexistent
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\PDC-SRV\nobody
sambaHomeDrive: H:
sambaProfilePath: \\PDC-SRV\profiles\nobody
sambaPrimaryGroupSID: S-1-5-21-1814403270-3853942490-1171393500-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NUD        ]
sambaSID: S-1-5-21-1814403270-3853942490-1171393500-501
loginShell: /bin/false

dn: cn=Domain Admins,ou=Groups,dc=wanasl,dc=lcl
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Domain Admins
gidNumber: 512
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-1814403270-3853942490-1171393500-512
sambaGroupType: 2
displayName: Domain Admins

dn: cn=Domain Users,ou=Groups,dc=wanasl,dc=lcl
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Domain Users
gidNumber: 513
description: Netbios Domain Users
sambaSID: S-1-5-21-1814403270-3853942490-1171393500-513
sambaGroupType: 2
displayName: Domain Users

dn: cn=Domain Guests,ou=Groups,dc=wanasl,dc=lcl
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Domain Guests
gidNumber: 514
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-1814403270-3853942490-1171393500-514
sambaGroupType: 2
displayName: Domain Guests

dn: cn=Domain Computers,ou=Groups,dc=wanasl,dc=lcl
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Domain Computers
gidNumber: 515
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-1814403270-3853942490-1171393500-515
sambaGroupType: 2
displayName: Domain Computers

dn: cn=Administrators,ou=Groups,dc=wanasl,dc=lcl
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Administrators
gidNumber: 544
description: Netbios Domain Members can fully administer the computer/sambaDom
 ainName
sambaSID: S-1-5-32-544
sambaGroupType: 4
displayName: Administrators

dn: cn=Account Operators,ou=Groups,dc=wanasl,dc=lcl
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Account Operators
gidNumber: 548
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 4
displayName: Account Operators

dn: cn=Print Operators,ou=Groups,dc=wanasl,dc=lcl
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Print Operators
gidNumber: 550
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 4
displayName: Print Operators

dn: cn=Backup Operators,ou=Groups,dc=wanasl,dc=lcl
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Backup Operators
gidNumber: 551
description: Netbios Domain Members can bypass file security to back up files
sambaSID: S-1-5-32-551
sambaGroupType: 4
displayName: Backup Operators

dn: cn=Replicators,ou=Groups,dc=wanasl,dc=lcl
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Replicators
gidNumber: 552
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 4
displayName: Replicators

root@Acc-FileSrv:/home/it# vim /etc/security/limits.conf
.
.
.
#ftp             -       chroot          /ftp
#@student        -       maxlogins       4

*   -  nofile   16384

# End of file

root@Acc-FileSrv:/etc/smbldap-tools# smbd -b | grep -i ldap      <- Pastikan Samba sudah mendukung LDAP
   HAVE_LDAP_H
   HAVE_LDAP
   HAVE_LDAP_ADD_RESULT_ENTRY
   HAVE_LDAP_INIT
   HAVE_LDAP_INITIALIZE
   HAVE_LDAP_INIT_FD
   HAVE_LDAP_OPT_SOCKBUF
   HAVE_LDAP_SASL_WRAPPING
   HAVE_LDAP_SET_REBIND_PROC
   HAVE_LIBLDAP
   LDAP_DEPRECATED
   LDAP_SET_REBIND_PROC_ARGS
   idmap_ldap_init
   vfs_posixacl pdb_smbpasswd pdb_tdbsam pdb_wbc_sam auth_sam auth_unix auth_winbind auth_wbc auth_domain auth_builtin vfs_default nss_info_template idmap_tdb idmap_passdb idmap_nss pdb_samba_dsdb pdb_ldapsam

root@Acc-FileSrv:~# wget -c http://www.padl.com/download/MigrationTools.tgz <--Kemudian ekstrak di /opt/migrationtools, atau gunakan instalasi melalui repository seperti dibawah
root@Acc-FileSrv:~# apt-get install migrationtools

//5 baris perintah berikut untuk meng-export user dan group linux menjadi file ldif
root@Acc-FileSrv:/home/it# cd /usr/share/migrationtools#
root@Acc-FileSrv:/usr/share/migrationtools# vim migrate_common.ph 
.
.
$DEFAULT_MAIL_DOMAIN = "wanasl.lcl";
.
.
$DEFAULT_BASE = "dc=wanasl,dc=lcl";
.
.
$DEFAULT_MAIL_HOST = "mail.wanasl.lcl";
.
.
$EXTENDED_SCHEMA = 1;
.
.
.

root@Acc-FileSrv:/usr/share/migrationtools# ./migrate_base.pl > /tmp/base.ldif
root@Acc-FileSrv:/usr/share/migrationtools# ./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif
root@Acc-FileSrv:/usr/share/migrationtools# ./migrate_group.pl /etc/group /tmp/group.ldif

//Saya gagal mengubah base dn dari file ldif yang digenerate dari 5 baris perintah diatas menjadi "dc=wanasl,dc=lcl". Maka saya menggunakan 1 baris perintah berikut.

root@Acc-FileSrv:/usr/share/migrationtools# LDAPADD="badword " ./migrate_all_online.sh
Enter the X.500 naming context you wish to import into: [dc=padl,dc=com] dc=wanasl,dc=lcl
Enter the hostname of your LDAP server [ldap]: ns.wanasl.lcl
Enter the manager DN: [cn=admin,dc=wanasl,dc=lcl]: cn=admin,dc=wanasl,dc=lcl
Enter the credentials to bind with: 
Do you wish to generate a DUAConfigProfile [yes|no]? no

Importing into dc=wanasl,dc=lcl...

Creating naming context entries...
Migrating aliases...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
Importing into LDAP...
./migrate_all_online.sh: 203: ./migrate_all_online.sh: badword: not found
badword : returned non-zero exit status: saving failed LDIF to /tmp/nis.ldif.dNmAvphoJe

root@Acc-FileSrv:/usr/share/migrationtools# ls -l /tmp/
total 120
-rw-r--r-- 1 root root  1200 May 18 10:47 base.ldif
-rw-r--r-- 1 root root  7859 May 18 10:47 group.ldif
-rw------- 1 root root 92752 May 18 10:51 nis.ldif.dNmAvphoJe
-rw-r--r-- 1 root root 15104 May 18 10:47 passwd.ldif 

//Edit file nis.ldif.dNmAvphoJe sesuai dengan kebutuhan (user dan group)

root@Acc-FileSrv:/usr/share/migrationtools# vim /tmp/nis.ldif.dNmAvphoJe
dn: ou=People,dc=wanasl,dc=lcl
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=wanasl,dc=lcl
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: cn=users,ou=Group,dc=wanasl,dc=lcl
objectClass: posixGroup
objectClass: top
cn: users
userPassword: {crypt}x
gidNumber: 100

dn: cn=nogroup,ou=Group,dc=wanasl,dc=lcl
objectClass: posixGroup
objectClass: top
cn: nogroup
userPassword: {crypt}x
gidNumber: 65534

dn: cn=it,ou=Group,dc=wanasl,dc=lcl
objectClass: posixGroup
objectClass: top
cn: it
userPassword: {crypt}x
gidNumber: 1000

dn: cn=HRD,ou=Group,dc=wanasl,dc=lcl
objectClass: posixGroup
objectClass: top
cn: HRD
userPassword: {crypt}x
gidNumber: 19000

dn: cn=Accounting,ou=Group,dc=wanasl,dc=lcl
objectClass: posixGroup
objectClass: top
cn: Accounting
userPassword: {crypt}x
gidNumber: 20000

dn: cn=L2E,ou=Group,dc=wanasl,dc=lcl
objectClass: posixGroup
objectClass: top
cn: L2E
userPassword: {crypt}x
gidNumber: 21000

dn: uid=root,ou=People,dc=wanasl,dc=lcl
uid: root
cn: root
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16518
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

dn: uid=it,ou=People,dc=wanasl,dc=lcl
uid: it
cn: IT
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$y6ANJb2u$WGMpjES5sNQWBlj8CrERB.lh5AwUdvS4EDYsJROssdkvQax0LAlbrF5Pe9GI4EN.zeqaks25ju8ucvc0AUjly.
shadowLastChange: 16570
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/it
gecos: IT,,,

dn: uid=Akiu,ou=People,dc=wanasl,dc=lcl
uid: Akiu
cn: Akiu
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 19001
gidNumber: 19000
homeDirectory: /home/HRD/Akiu

dn: uid=Nunus,ou=People,dc=wanasl,dc=lcl
uid: Nunus
cn: Nunus
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 19002
gidNumber: 19000
homeDirectory: /home/HRD/Nunus

dn: uid=Ika,ou=People,dc=wanasl,dc=lcl
uid: Ika
cn: Ika
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 19003
gidNumber: 19000
homeDirectory: /home/HRD/Ika

dn: uid=Ozy,ou=People,dc=wanasl,dc=lcl
uid: Ozy
cn: Ozy
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 19004
gidNumber: 19000
homeDirectory: /home/HRD/Ozy

dn: uid=Emy,ou=People,dc=wanasl,dc=lcl
uid: Emy
cn: Emy
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 19005
gidNumber: 19000
homeDirectory: /home/HRD/Emy

dn: uid=Wawan,ou=People,dc=wanasl,dc=lcl
uid: Wawan
cn: Wawan
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 19006
gidNumber: 19000
homeDirectory: /home/HRD/Wawan

dn: uid=Nurmala,ou=People,dc=wanasl,dc=lcl
uid: Nurmala
cn: Nurmala
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 19007
gidNumber: 19000
homeDirectory: /home/HRD/Nurmala

dn: uid=Nakayama,ou=People,dc=wanasl,dc=lcl
uid: Nakayama
cn: Nakayama
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$/WwkC0Fy$Koa96Jwc.FHq2w9j0FpduvhVohRLl1CYfEaZySRTQKwEF/AeBd1YR3EHJ1ejXNwHUR/ihdoCzGEHPQPHs7zHY0
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 20001
gidNumber: 20000
homeDirectory: /home/Accounting/Nakayama

dn: uid=Ferry,ou=People,dc=wanasl,dc=lcl
uid: Ferry
cn: Ferry
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 20002
gidNumber: 20000
homeDirectory: /home/Accounting/Ferry

dn: uid=Aan,ou=People,dc=wanasl,dc=lcl
uid: Aan
cn: Aan
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 20003
gidNumber: 20000
homeDirectory: /home/Accounting/Aan

dn: uid=Nurhafsah,ou=People,dc=wanasl,dc=lcl
uid: Nurhafsah
cn: Nurhafsah
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 20004
gidNumber: 20000
homeDirectory: /home/Accounting/Nurhafsah

dn: uid=Susi,ou=People,dc=wanasl,dc=lcl
uid: Susi
cn: Susi
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 20005
gidNumber: 20000
homeDirectory: /home/Accounting/Susi

dn: uid=Shelly,ou=People,dc=wanasl,dc=lcl
uid: Shelly
cn: Shelly
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 20006
gidNumber: 20000
homeDirectory: /home/Accounting/Shelly

dn: uid=Iin,ou=People,dc=wanasl,dc=lcl
uid: Iin
cn: Iin
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 20007
gidNumber: 20000
homeDirectory: /home/Accounting/Iin

dn: uid=Zefnemi,ou=People,dc=wanasl,dc=lcl
uid: Zefnemi
cn: Zefnemi
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 20008
gidNumber: 20000
homeDirectory: /home/Accounting/Zefnemi

dn: uid=Indra,ou=People,dc=wanasl,dc=lcl
uid: Indra
cn: Indra
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 21001
gidNumber: 21000
homeDirectory: /home/L2E/Indra

dn: uid=Anca,ou=People,dc=wanasl,dc=lcl
uid: Anca
cn: Anca
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 21002
gidNumber: 21000
homeDirectory: /home/L2E/Anca

dn: uid=Lia,ou=People,dc=wanasl,dc=lcl
uid: Lia
cn: Lia
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 21003
gidNumber: 21000
homeDirectory: /home/L2E/Lia

dn: uid=Rifqi,ou=People,dc=wanasl,dc=lcl
uid: Rifqi
cn: Rifqi
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!
shadowLastChange: 16568
shadowMax: 99999
shadowWarning: 7
uidNumber: 21004
gidNumber: 21000
homeDirectory: /home/L2E/Rifqi

root@Acc-FileSrv:/usr/share/migrationtools# mv /tmp/nis.ldif.dNmAvphoJe /home/it/usersNgroups-accfilesrv.wanasl.lcl.ldif

root@Acc-FileSrv:/home/it# ldapadd -x -D "cn=admin,dc=wanasl,dc=lcl" -W -f usersNgroups-accfilesrv.wanasl.lcl.ldif -h ns.wanasl.lcl
Enter LDAP Password: 
adding new entry "ou=People,dc=wanasl,dc=lcl"
adding new entry "ou=Group,dc=wanasl,dc=lcl"
adding new entry "cn=users,ou=Group,dc=wanasl,dc=lcl"
adding new entry "cn=nogroup,ou=Group,dc=wanasl,dc=lcl"
adding new entry "cn=it,ou=Group,dc=wanasl,dc=lcl"
adding new entry "cn=HRD,ou=Group,dc=wanasl,dc=lcl"
adding new entry "cn=Accounting,ou=Group,dc=wanasl,dc=lcl"
adding new entry "cn=L2E,ou=Group,dc=wanasl,dc=lcl"
adding new entry "uid=root,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=it,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Akiu,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Nunus,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Ika,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Ozy,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Emy,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Wawan,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Nurmala,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Nakayama,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Ferry,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Aan,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Nurhafsah,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Susi,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Shelly,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Iin,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Zefnemi,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Indra,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Anca,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Lia,ou=People,dc=wanasl,dc=lcl"
adding new entry "uid=Rifqi,ou=People,dc=wanasl,dc=lcl"

root@Acc-FileSrv:/home/it# pdbedit -i smbpasswd -e tdbsam
root@Acc-FileSrv:/home/it# vim /etc/samba/smb.conf
root@Acc-FileSrv:/home/it# cat /etc/samba/smb.conf
 .
 .
 .
 #passdb backend = tdbsam
 passdb backend = ldapsam:ldap://ns.wanasl.lcl/
 ldap suffix = dc=wanasl,dc=lcl
 ldap admin dn = cn=admin,dc=wanasl,dc=lcl
 ldap passwd sync = yes
 ldap delete dn = yes
 .
 .
 .

root@Acc-FileSrv:/home/it# service smbd restart
root@Acc-FileSrv:/home/it# service nmbd restart

//root@Acc-FileSrv:/home/it# vim /etc/ldap/ldap.conf 
//.
//.
//#BASE dc=example,dc=com
//#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
//BASE dc=wanasl,dc=lcl
//URI ldap://ns.wanasl.lcl
//.
//.

root@Acc-FileSrv:/home/it# pdbedit -i tdbsam -e ldapsam:ldap://ns.wanasl.lcl
Importing account for Iin...ok
Importing account for Akiu...ok
Importing account for Nakayama...ok
Importing account for Aan...ok
Importing account for Nunus...ok
Importing account for Ika...ok
Importing account for Ozy...ok
Importing account for Emy...ok
Importing account for Wawan...ok
Importing account for Nurmala...ok

Konfigurasi telah selesai. Sekarang server Samba akan mencari username dan password di server LDAP apabila ada client samba yang akan mengakses folder sharing. Untuk memastikan bahwa server Samba sudah menggunakan database ldapsam, sekarang coba matikan service slapd di host ldap dengan perintah "service slapd stop", kemudian coba akses folder sharing samba server melalui client (disini saya menggunakan client dengan ip 172.16.16.116), maka folder sharing samba akan gagal di akses, dan pada host samba akan terlihat log seperti berikut.

root@Acc-FileSrv:/home/it# tail -f /var/log/samba/log.172.16.16.116 
[2015/05/18 13:35:03.543385,  0] ../source3/lib/smbldap.c:998(smbldap_connect_system)
  failed to bind to server ldap://ns.wanasl.lcl with dn="cn=admin,dc=wanasl,dc=lcl" Error: Can't contact LDAP server
   (unknown)
[2015/05/18 13:36:25.662250,  0] ../source3/lib/smbldap.c:998(smbldap_connect_system)
  failed to bind to server ldap://ns.wanasl.lcl with dn="cn=admin,dc=wanasl,dc=lcl" Error: Can't contact LDAP server
   (unknown)

Start kembali service slapd di host LDAP Server (service slapd start), kemudian coba akses kembali folder sharing samba dan masukkan username dan password samba yang telah di import ke dalam database ldapsam, maka kita akan berhasil mengakses folder sharing samba. Dengan begitu berarti kita telah berhasil mengintegrasikan Samba dan LDAP dengan informasi user dan group yang persis sama antara user/group linux dengan user/group dalam LDAP Server.
Demikian tutorial kali ini, mohon maaf jika ada kekurangan atau kelebihan. Jika ada kekeliruan atau pendapat yang berbeda silahkan sampaikan di kolom komentar.
Thanks.

Arsip Ku

Laman

Senin, 18 Mei 2015

Ubuntu Server 12.04 - Bag. 4 : Instalasi, Konfigurasi dan Integrasi LDAP & Samba Server - 2

Tidak ada komentar:

Posting Komentar