Required software packages for Samba and OpenLDAP integration:
- Samba: Samba SMB server.
- Samba-Client: Samba (SMB) client program.
- Samba-common: the samba-common package provides necessary files for Samba servers and client software packages.
Some tools:
- Smbldap-tools: Samba-OpenLDAP user and group management toolkit. When setting Samba and OpenLDAP servers, it can replace the tools provided by the system to manage users, groups, and passwords. (Dependent on some Perl-unicode encoding modules)
- Perl-LDAP: a Perl module used to access the LDAP server and provide APIs for querying and managing directory entries. (Installed by default)
- Nss_ldap: the package includes two LDAP access clients: nss_ldap and pam_ldap. (Installed by default)
- Nss_ldap is a group of C library extensions, it allows X.500 and LDAP directory servers to be used as aliases, ether, group groups, hosts, networks, protocols, users, RPC, services, and shield passwords (except for using flat files or NIS).
- Pam_ldap is a Linux-PAM module that supports password change, V2 client, Netscape SSL, ypldapd, Netscape Directory Server Password Policy, Access authorization, and encryption hashing.
- Nss_db: the NSS library of Berkeley dB. (Installed by default) nss_db is a group of C library extensions, it allows the use of the Berkeley database as an alias, ether, group, host, network, protocol, user, RPC, service, and shield password (except for using a flat file or NIS). If your flat name service file is too large and the search is too slow, install the nss_db package.
- Quota: restrict the use of user space. You can limit the space used by each user.
About the installation process:
- Basically follow the steps in Samba PDC server. You only need to install three basic software packages: samba, samba-client, and samba-Common. If you want to better manage Samba and LDAP users, you can install smbldap-tools again. Some Perl modules will be installed on your own during Yum installation.
Configuration:
- When configuring according to Samba PDC server, there are some mistakes. For example:
- When configuring/etc/smbldap-tools/smbldap. conf, it should be "ldaptls = 0", that is, disable start_tls
- Samba PDC server and many online tutorials are configured when SELinux is disabled. If SELinux is enabled, you need to run the commands listed below. For details, see The SELinux user section of Samba's default configuration file smb. conf.
- Setsebool-P samba_domain_controller on
- Setsebool-P samba_enable_home_dirs on
- Getsebool-A | grep Samba view more Samba se options
Encoding:
- Encoding in several places:
- The encoding of the configuration file/etc/samba/smb. conf. After the centos 5.5 Chinese interface is installed, the file is extended ASCII code (usually parsed as a local code, such as GBK ). If the configuration contains Chinese characters, the encoding of various systems (Windows and Linux) may be chaotic, resulting in different levels of garbled code. The command to set file encoding in VIM is: Set fenc = xxx, XXX is the encoding name, such as UTF-8
- The default encoding for Linux (Chinese is installed as a UTF-8 by default ). You can view the locale command. You can modify it in/etc/sysconfig/i18n. In an application environment, if the application does not specify the encoding, the default encoding is used to process the string. Of course, the general application uses this system encoding by default, unless explicitly indicated by the user. For example, if some files with Chinese names are created in shell, the file names will be saved in the file system by default encoding.
- The UNIX charset parameter set by smb. conf. This parameter specifies the encoding in which Samba will parse or process the file name. If this parameter is not specified, the default encoding is used.
- Note: The above encoding must be consistent so that no garbled characters are detected and the final height of each system is consistent.