Pada tutorial sebelumnya : Instalasi, Konfigurasi dan Integrasi LDAP & Samba Server - 2, saya telah membahas cara memigrasikan user-user linux yang telah exist di system ke server LDAP menggunakan utility MigrationTools dari padl.com. Dengan menggunakan utility ini, user & group di LDAP memiliki informasi UID, GID, Lokasi Home Directory, dll yang sama dengan di System Linux.
Sedangkan pada tutorial yang sebelumnya lagi : Instalasi, Konfigurasi dan Integrasi LDAP & Samba Server -1, saya juga sempat membahas cara menambahkan user LDAP menggunakan perintah yang sangat sederhana menggunakan "smbldap-tools". Ini mengakibatkan informasi GID, UID, Lokasi Home Directory user LDAP tersebut berbeda dengan yang ada di System Linux.
Nah, pada tutorial kali ini saya akan menunjukkan cara membuat group & user Linux berikut GID, UID dan lokasi Home Directory-nya, kemudian menambahkan group & user LDAP yang memiliki informasi GID, UID dan lokasi Home Directory yang sama dengan yang terdapat pada System Linux.
Disini saya mengasumsikan kita telah menjalankan perintah "smbldap-populate" dan file "smb.conf" dikonfigurasi seperti berikut ini.
root@Acc-FileSrv:~# vim /etc/samba/smb.conf [global] workgroup = WANASL.LCL netbios name = wanasl.lcl server string = %h server (Samba, Ubuntu) server role = standalone server map to guest = Bad User obey pam restrictions = Yes pam password change = Yes #passwd program = /usr/bin/passwd %u #passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -m "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 printcap name = cups dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d #idmap config * : backend = tdb #passdb backend = tdbsam passdb backend = ldapsam:"ldap://ns.wanasl.lcl" ldap suffix = dc=wanasl,dc=lcl ldap admin dn = cn=admin,dc=wanasl,dc=lcl ldap passwd sync = yes #ldap delete dn = yes ldap idmap suffix = ou=Users ldap group suffix = ou=Groups ldap user suffix = ou-Users ldap machine suffix = ou=Computers ldap ssl = off [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [Public] comment = Writeable Public File Sharing path = /home/Public #force user = public #force group = public read only = No force create mode = 0777 force directory mode = 0777 guest ok = Yes [Accounting] comment = Accounting Dept path = /home/Accounting valid users = aan, ferry, iin, nakayama, nurhafsah, shelly, susi, zefnemy force group = accounting read only = No force create mode = 0750 force directory mode = 0750 inherit permissions = Yes delete veto files = Yes veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/ [HRD] comment = HRD Dept path = /home/HRD valid users = akiu, ana, emy, ika, nunus, nurmala, ozy, wawan force group = hrd read only = No force create mode = 0750 force directory mode = 0750 inherit permissions = Yes delete veto files = Yes veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/ [L2E] comment = L2E Dept path = /home/L2E valid users = indra, anca, lia, rifqi force group = l2e read only = No force create mode = 0750 force directory mode = 0750 inherit permissions = Yes delete veto files = Yes veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/ [IT] comment = IT Dept path = /home/IT valid users = it, havizul, owncloud force group = it read only = No force create mode = 0750 force directory mode = 0750 inherit permissions = Yes delete veto files = Yes veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/ root@Acc-FileSrv:~# service smbd restart root@Acc-FileSrv:~# service nmbd restart
Kemudian, selanjutnya tambahkan group dan user baru di Linux berikut GID, UID dan lokasi Home Directory-nya masing-masing.
root@Acc-FileSrv:~# groupadd it -g 1600 root@Acc-FileSrv:~# groupadd hrd -g 1900 root@Acc-FileSrv:~# groupadd accounting -g 2000 root@Acc-FileSrv:~# groupadd l2e -g 2100
root@Acc-FileSrv:~# chown root.accounting /home/Accounting/
root@Acc-FileSrv:~# chown root.hrd /home/HRD/
root@Acc-FileSrv:~# chown root.l2e /home/L2E/
root@Acc-FileSrv:~# chown root.it /home/IT/
root@Acc-FileSrv:~# tail -5 /etc/group vboxsf:x:999: it:x:1600: hrd:x:1900: accounting:x:2000: l2e:x:2100: root@Acc-FileSrv:~# mkdir /home/IT root@Acc-FileSrv:~# mkdir /home/HRD root@Acc-FileSrv:~# mkdir /home/Accounting root@Acc-FileSrv:~# mkdir /home/L2E root@Acc-FileSrv:~# mkdir /home/IT root@Acc-FileSrv:~# useradd it -m -d /home/IT/ -u 1601 -g 1600 root@Acc-FileSrv:~# useradd owncloud -m -d /home/IT/Owncloud -u 1602 -g 1600 root@Acc-FileSrv:~# useradd havizul -m -d /home/IT/Havizul -u 1603 -g 1600 root@Acc-FileSrv:~# useradd akiu -m -d /home/HRD/Akiu -u 1901 -g 1900 root@Acc-FileSrv:~# useradd nunus -m -d /home/HRD/Nunus -u 1902 -g 1900 root@Acc-FileSrv:~# useradd ika -m -d /home/HRD/Ika -u 1903 -g 1900 root@Acc-FileSrv:~# useradd emy -m -d /home/HRD/Emy -u 1904 -g 1900 root@Acc-FileSrv:~# useradd ozy -m -d /home/HRD/Ozy -u 1905 -g 1900 root@Acc-FileSrv:~# useradd wawan -m -d /home/HRD/Wawan -u 1906 -g 1900 root@Acc-FileSrv:~# useradd nurmala -m -d /home/HRD/Nurmala -u 1907 -g 1900 root@Acc-FileSrv:~# useradd nakayama -m -d /home/Accounting/Nakayama -u 2001 -g 2000 root@Acc-FileSrv:~# useradd ferry -m -d /home/Accounting/Ferry -u 2002 -g 2000 root@Acc-FileSrv:~# useradd aan -m -d /home/Accounting/Aan -u 2003 -g 2000 root@Acc-FileSrv:~# useradd nurhafsah -m -d /home/Accounting/Nurhafsah -u 2004 -g 2000 root@Acc-FileSrv:~# useradd susi -m -d /home/Accounting/Susi -u 2005 -g 2000 root@Acc-FileSrv:~# useradd shelly -m -d /home/Accounting/Shelly -u 2006 -g 2000 root@Acc-FileSrv:~# useradd zefnemy -m -d /home/Accounting/Zefnemy -u 2007 -g 2000 root@Acc-FileSrv:~# useradd iin -m -d /home/Accounting/Iin -u 2008 -g 2000 root@Acc-FileSrv:~# useradd indra -m -d /home/L2E/Indra -u 2101 -g 2100 root@Acc-FileSrv:~# useradd anca -m -d /home/L2E/Anca -u 2102 -g 2100 root@Acc-FileSrv:~# useradd lia -m -d /home/L2E/Lia -u 2103 -g 2100 root@Acc-FileSrv:~# useradd rifqi -m -d /home/L2E/Rifqi -u 2104 -g 2100
Langkah berikutnya adalah menambahkan group dan user yang sama ke server LDAP berikut GID, UID dan lokasi Home Directory masing-masing user menggunakan utility "smbldap-tools".
root@Acc-FileSrv:~# smbldap-groupadd -g 16000 it root@Acc-FileSrv:~# smbldap-groupadd -g 19000 hrd root@Acc-FileSrv:~# smbldap-groupadd -g 20000 accounting root@Acc-FileSrv:~# smbldap-groupadd -g 21000 l2e root@Acc-FileSrv:~# smbldap-groupshow it dn: cn=it,ou=Groups,dc=wanasl,dc=lcl objectClass: top,posixGroup cn: it gidNumber: 16000 root@Acc-FileSrv:~# smbldap-groupshow l2e dn: cn=l2e,ou=Groups,dc=wanasl,dc=lcl objectClass: top,posixGroup cn: l2e gidNumber: 21000 root@Acc-FileSrv:~# smbldap-useradd -u 16001 -g 16000 -d /home/IT it root@Acc-FileSrv:~# smbldap-useradd -u 16002 -g 16000 -d /home/IT/Owncloud owncloud root@Acc-FileSrv:~# smbldap-useradd -u 16003 -g 16000 -d /home/IT/Havizul havizul root@Acc-FileSrv:~# smbldap-useradd -u 19001 -g 19000 -d /home/HRD/Akiu akiu root@Acc-FileSrv:~# smbldap-useradd -u 19002 -g 19000 -d /home/HRD/Nunus nunus root@Acc-FileSrv:~# smbldap-useradd -u 19003 -g 19000 -d /home/HRD/Ika ika root@Acc-FileSrv:~# smbldap-useradd -u 19004 -g 19000 -d /home/HRD/Emy emy root@Acc-FileSrv:~# smbldap-useradd -u 19005 -g 19000 -d /home/HRD/Ozy ozy root@Acc-FileSrv:~# smbldap-useradd -u 19006 -g 19000 -d /home/HRD/Wawan wawan root@Acc-FileSrv:~# smbldap-useradd -u 19007 -g 19000 -d /home/HRD/Nurmala nurmala root@Acc-FileSrv:~# smbldap-useradd -u 20001 -g 20000 -d /home/Accounting/Nakayama nakayama root@Acc-FileSrv:~# smbldap-useradd -u 20002 -g 20000 -d /home/Accounting/Ferry ferry root@Acc-FileSrv:~# smbldap-useradd -u 20003 -g 20000 -d /home/Accounting/Aan aan root@Acc-FileSrv:~# smbldap-useradd -u 20004 -g 20000 -d /home/Accounting/Nurhafsah nurhafsah root@Acc-FileSrv:~# smbldap-useradd -u 20005 -g 20000 -d /home/Accounting/Susi susi root@Acc-FileSrv:~# smbldap-useradd -u 20006 -g 20000 -d /home/Accounting/Shelly shelly root@Acc-FileSrv:~# smbldap-useradd -u 20007 -g 20000 -d /home/Accounting/Zefnemy zefnemy root@Acc-FileSrv:~# smbldap-useradd -u 20008 -g 20000 -d /home/Accounting/Iin iin root@Acc-FileSrv:~# smbldap-useradd -u 21001 -g 21000 -d /home/L2E/Indra indra root@Acc-FileSrv:~# smbldap-useradd -u 21002 -g 21000 -d /home/L2E/Anca anca root@Acc-FileSrv:~# smbldap-useradd -u 21003 -g 21000 -d /home/L2E/Lia lia root@Acc-FileSrv:~# smbldap-useradd -u 21004 -g 21000 -d /home/L2E/Rifqi rifqi root@Acc-FileSrv:~# smbldap-usershow indra dn: uid=indra,ou=Users,dc=wanasl,dc=lcl objectClass: top,person,organizationalPerson,posixAccount,shadowAccount,inetOrgPerson cn: indra sn: indra uid: indra uidNumber: 21001 gidNumber: 21000 homeDirectory: /home/L2E/Indra loginShell: /bin/bash gecos: System User userPassword: {crypt}x givenName: indra root@Acc-FileSrv:~# smbldap-usershow susi dn: uid=susi,ou=Users,dc=wanasl,dc=lcl objectClass: top,person,organizationalPerson,posixAccount,shadowAccount,inetOrgPerson cn: susi sn: susi uid: susi uidNumber: 20005 gidNumber: 20000 homeDirectory: /home/Accounting/Susi loginShell: /bin/bash gecos: System User userPassword: {crypt}x givenName: susi root@Acc-FileSrv:~# smbldap-usershow ika dn: uid=ika,ou=Users,dc=wanasl,dc=lcl objectClass: top,person,organizationalPerson,posixAccount,shadowAccount,inetOrgPerson cn: ika sn: ika uid: ika uidNumber: 19003 gidNumber: 19000 homeDirectory: /home/HRD/Ika loginShell: /bin/bash gecos: System User userPassword: {crypt}x givenName: ika root@Acc-FileSrv:~# smbldap-usershow it dn: uid=it,ou=Users,dc=wanasl,dc=lcl objectClass: top,person,organizationalPerson,posixAccount,shadowAccount,inetOrgPerson cn: it sn: it uid: it uidNumber: 16001 gidNumber: 16000 homeDirectory: /home/IT loginShell: /bin/bash gecos: System User userPassword: {crypt}x givenName: it
Kemudian tambahkan password Samba agar user-user di LDAP memiliki attribut sebagai user samba. Perintah pembuatan password samba bagi user juga akan merubah password LDAP user tersebut. Jadi setiap penggantian password samba, maka otomatis password LDAP juga akan berubah menjadi sama dengan password samba. Namun jika anda mengganti password LDAP dari user, menggunakan perintah LDAP, maka password samba tidak akan ikut berubah.
root@Acc-FileSrv:~# smbpasswd -a akiu New SMB password: Retype new SMB password: Added user akiu. root@Acc-FileSrv:~# smbpasswd -a havizul New SMB password: Retype new SMB password: Added user havizul. root@Acc-FileSrv:~# smbpasswd -a it New SMB password: Retype new SMB password: Added user it. root@Acc-FileSrv:~# smbpasswd -a owncloud New SMB password: Retype new SMB password: Added user owncloud. . . . . .
Baiklah, demikian tutorial kali ini, mohon maaf jika ada kesalahan ataupun kekurangan. Silahkan ingatkan di kolom komentar jika ada kesalahan, sehingga bisa diperbaiki. Salam.
Tidak ada komentar:
Posting Komentar