Archive

Archive for October, 2004

HOWTO Setup Bonding Ethernet on Debian with a 2.6 kernel

October 16, 2004 Leave a comment
This article was first written in October 2004 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/179).

To use Bonding Ethernet for High-Availability (failover) on Debian (Sarge or Sid with a 2.6.x kernel [1]) you need to:

  • install package ifenslave-2.6 [2]
  • make sure the real NICs kernel modules are loaded automatically
  • edit /etc/network/interfaces to look like this:
iface bond0 inet static
        address 10.31.1.5
        netmask 255.255.255.0
        network 10.31.1.0
        gateway 10.31.1.254
        up /sbin/ifenslave bond0 eth0 eth1
        down /sbin/ifenslave -d bond0 eth0 eth1
  • comment or borrow the lines referring to your real NICs in the same file
  • add the following lines to your /etc/modprobe.d/arch/i386:
alias bond0 bonding
options bonding mode=1 miimon=100 downdelay=200 updelay=200

[1] see HOWTO Setup Bonding Ethernet on Debian with a 2.4 kernel for 2.4.x kernels

[2] at least version 1.1.0-4 of the package, otherwise be careful ifenslave is in /usr/sbin, not /sbin

HOWTO Use Samba as PDC using LDAP on Debian

October 15, 2004 Leave a comment
This article was first written in October 2004 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/180).

Starting from Debian Sarge, the Samba version which ship with Debian is 3.0.x. This is the first real version to support well being a PDC while using LDAP as backend.

Here is how to use Samba as PDC with LDAP backend for authentication on Debian.

Install the following packages, which are all part of Samba

  • samba: The server itself
  • samba-doc: The documentation (very complete)
  • smbclient: FTP-like client for SMB/CiFS
  • swat: Samba Web Administration Tool (web interface to configure Samba and access the full documentation through a browser, if installed)

Aside, we will install LDAP

  • slapd: the server itself

Some companies provide useful tools to help in the setting up of a Samba server with LDAP as PDC:

  • smbldap-tools: IDEALX tools for Samba use to ease installation and migration when using together with LDAP

Configure the Name Service Switch to use LDAP

Install package libnss-ldap and configure it according to the LDAP configuration [1].

Edit /etc/nsswitch.conf by adding a mention ldap to the end of the three following lines: passwd:, group:, shadow: and a mention wins to the end of the line hosts:.

Configure PAM to also use LDAP

Install package libpam-ldap and configure it according to the LDAP configuration.

Edit /etc/pam.d/common-account and add the following line before the existing second line:

account  sufficient     pam_ldap.so
account required        pam_unix.so

Edit /etc/pam.d/common-auth and add the following line before the existing second line:

auth    sufficient      pam_ldap.so
auth    required        pam_unix.so nullok_secure

Edit /etc/pam.d/common-password and add the following line before the existing second line:

password   sufficient pam_ldap.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5

Set the LDAP password in Samba

Samba stores its passwords in /var/lib/samba/secrets.tdb, and also stores there the LDAP admin password to use to connect to OpenLDAP. To set/change the password:

smbpasswd -w MySecretPassword

where MySecretPassword is LDAP’s admin password.

WARNING: with that configuration, it asks twice to type password to authenticate anyone! TODO

Add the Samba schema to OpenLDAP’s list of schemas

An example that you can copy “as is” (well, you just need to unzip it first) is available in /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz in /etc/ldap/schemas and edit /etc/ldap/slapd.conf to use it.

Configure /etc/ldap/ldap.conf and /etc/ldap/slapd.conf.

Tools to manage it afterwards

LDAP Account Manager (LAM) (web-based frontend to Samba accounts for machines, users and groups in LDAP) or phpLDAPadmin (which is not specific for managing Samba, but can also manage addressbooks, UNIX authentication, …).

Create your machines in the Domain

To be continued…


[1] it will configure /etc/libnss-ldap.conf

%d bloggers like this: