Passerelles Numeriques Cambodia Network Administrator
P a g e 1 | 81
Contents ****Interface Yast***** I. Create Openldap server GUI ................................................................................................... 4 II. Create User with GUI .............................................................................................................. 5 III. 1. IV. a.
Take another Client (SUSE) Join domain with LDAP server + Login (GUI) ..................... 7 test user login ..................................................................................................................... 19 4. Configure SAMBA ........................................................................................................ 21 Combid Samba with OpenLDAP....................................................................................... 21
B. Allow Windows Client join domain + Login ....................................................................... 25 **** Configuration File **** ....................................................................................................... 31 I.
Configure Openldap (slapd.conf) .......................................................................................... 34
II.
Create and Insert with *.ldif (file): .................................................................................... 34 A. Create file name : Domain we need to create file name Domain (touch domain.ldif) ...... 34
III.
Configure LDAP Client File or LDAP client (GUI) ......................................................... 37
IV.
Take another Client (SUSE) Join domain with LDAP server + Login ............................. 40
V. Configure SAMBA vai Configuration file or( GUI) ............................................................. 43 A. Combid Samba with OpenLDAP ......................................................................................... 43 B. Allow Windows Client join domain + Login ....................................................................... 46 #### SAMBA File sharing ##### ................................................................................................ 51 I.
Create Folders in /srv with: ................................................................................................... 51 A. SNA2015 .............................................................................................................................. 51 A. SNA-A............................................................................................................................ 51 B. SNA-B ............................................................................................................................ 52 B. SNA2014 .............................................................................................................................. 52 A. SNA-A............................................................................................................................ 52 B. SNA-B ............................................................................................................................ 52
II. Create user in OpenLDAP (file.ldif) ..................................................................................... 52 A. Firstname.Lastname, your friends (at least 2) .................................................................... 53 B. sopheak.ros......................................................................................................................... 53 III.
Make sure: .......................................................................................................................... 54
A. you and your friends:Access only SNA2015,but you can only access your owner folder .. 54
P a g e 2 | 81
IV.
Take windows Client test. .................................................................................................. 58
V. Install and configure: ............................................................................................................. 64 A. LDAP Admin software to create user, group, reset password, computer account on Openldap server......................................................................................................................... 64 B. Install Openfire package on Openldap server for allow user charting............................... 69 C. - Configure Openfire by remote from client ...................................................................... 72 D. Using Spark software for charting with each other ........................................................... 77
P a g e 3 | 81
**** Interface (Yast) **** I.
Create Openldap server GUI We need to write command is (yast –i) for to install opendap server
Afrer we write yast –I we write openldap on the box to find the openldap server
We install opnldap server
P a g e 4 | 81
After we install it. We need to use command for run service for openldap server and aother service (sh name service.sh)
II.
Create User with GUI We use click on computer => click word control Center
We write => user and then click on user and Group Management
P a g e 5 | 81
We click on Add for Add user by GUI
After we click and then we write user name and password for user => OK!
P a g e 6 | 81
After we create user have one user name is ( user1)
After we create it we need to enable user write command is (smbpasswd –a name of user)
III.
Take another Client (SUSE) Join domain with LDAP server + Login (GUI) We need to write command yast lan for put domain name server, Hostname DNS of server
P a g e 7 | 81
Alt+I to configure Hostname(sless11), Domain name(Vannai.info),DNS(1.1.1.1)
Alt+ U to put Default Gateway (1.1.1.2)
We go to yast lan agiant for to configure IP address for server,Subnet Mask,and Hostname of server
IP address (1.1.1.1),Subnet Mask (/24) , Hostname(Vannai.info)
P a g e 8 | 81
We go to yast –I to install ldap ( nss_ldap,pam_ldap)
We go to yast => Enter on Network service => Enter LDAP server for install LDAP server
For to start LDAP server (Alt+Y)
P a g e 9 | 81
New Database => Alt+ D (dn=Vannai,dc=info) cn=Administrator (=> put password of LDAP Administrator),Alt+U for use this data base
After we configure LDAP by interface we successful New Data base
P a g e 10 | 81
ďƒ° After we configure LDAP server and then we need to install LDAP client for client => Network service => Enter on LDAP client for install service client
ďƒ° Alt + U LDAP Client configuration put IP address of server and DN (dc=Vannai,dc=com) Alt+r to create Home Directory on login and Alt +A to Advanced configuration ,Alt+S IP for put LDAP server (1.1.1.1)
P a g e 11 | 81
ďƒ° After we put IP and domain (User=dc=Vannai,dc=com),password and Alt + m to Administrator Settings
ďƒ° After Alt+m configuration client setting (ou=ldapconfig,dc=Vannai,dc=com) Alt+D (cn=Administrator,dc=Vannai,dc=com) Alt +e for Home Directories on this machine and one more Alt+P for Append Base DN
P a g e 12 | 81
After we use Alt +p already we need to use Alt +S for configure User Management Settings… And LDAP server Password
We use command yast lan for configure for machine of client (Alt+S) put Home name (sless1 ) Domain Name put Domain name of server ( Vannai.info) DNS of server (1.1.1.1)
P a g e 13 | 81
ďƒ° Alt+ U for put Default Gatway the same of server (1.1.1.2)
ďƒ° We go to command yast lan to assign IP address for suse client
P a g e 14 | 81
We use Alt +I for assign IP address for client (IP=1.1.1.4,suebnet Mask =/24)
We need to close firewall for client and for server too (rcSuSEfirewall2 stop)
Machine of server ping to client IP 1.1.1.4 and client is reply
Machine of client ping to server IP 1.1.1.1 and server is reply
P a g e 15 | 81
ďƒ° We go to yast for install service LDAP client for suse client=> Network services => Enter LDAP client
=>
we use Alt + U for Use LDAP client and put Address for LDAP server 1.1.1.1 LDAP base DN dc=Vannai,dc=com
P a g e 16 | 81
ďƒ° Client setting (user Map dc=Vannai,dc=com)( Passwrod Map dc=Vannai,dc=com)(Group Map dc=Vannai, dc=com)
ďƒ° Alt +m for put Administrator DN (cn=Administrator,dc=Vannai,dc=com) Alt+e Home Directory on this machine (Alt+P for Append base DN )
P a g e 17 | 81
We need to create user by Extension (.ldif) for login to suse client (in ldap server)
We use vim user.ldif for write informantion for user
We add user after cteate .ldif to ldap (ldapadd –x D cn=Adminstrator,dc=Vannai,dc=info –W –f name of file.ldif) Enable password(smbpasswd –a user1) Enable password (smbpasswd –e user1)
P a g e 18 | 81
1. test user login => click on computer => login to suse client
ďƒ° We need click on Switch user for user login
P a g e 19 | 81
ďƒ° Login user name is ( user1) and password of user1
ďƒ° User is have been login to suse client successful
P a g e 20 | 81
IV.
4. Configure SAMBA
a. Combid Samba with OpenLDAP => we need to use command yast => Network Services=> Samba Service for combine samba with OpenLDAP
ďƒ° We need put domain name of server is ( Vannai.info)
P a g e 21 | 81
We need to choose => Primary Domain Colltroler (PCD)
After we chose Primary Domain Colltroler => we need choose Manually
After we choose Manually need to use (Alt+D : for identify ,Netbios, workgroup or domain name )
P a g e 22 | 81
ďƒ° After we Alt+D and then we use Alt+L for ldap setting
ďƒ° We completed combine(samba & open LDAP )it already and successful
P a g e 23 | 81
ďƒ° After we successful ldap setting we need to use Alt+ T for testing and then put password of samba
P a g e 24 | 81
B. Allow Windows Client join domain + Login => We need write command (yast lan) to know about hostname (sless11),Domain name (Vannai.info),DNS(1.1.1.1)
ďƒ° We need to put gatway 1.1.1.2 for suse server
P a g e 25 | 81
We use command yast lan for assign IP for server , Subnet mask ,and hostname
We use sh namefile.sh (rcnetwork restrt,rcldap restart,rcsmb restart)for restart service
After we assign IP for server need to know about IP ,DNS ,Gateway of client we use command ncpa.cpl => right click on Local Area Connection => get the word => properties
P a g e 26 | 81
ďƒ° Click on start => click on My computer => get the word Properties
ďƒ° Click on computer name => get the word => change => click on Domain put the domain
P a g e 27 | 81
ďƒ° After put the name of server that you want to join domain and put name (root and password) OK!
P a g e 28 | 81
After we join domain computer need to restart
We just create only user for to test login to server suse add user to samba [create users (useradd –m user1 ) put password and add it to samba (smbpasswd –a user1) after enable password (smbpasswd –e user1)
P a g e 29 | 81
ďƒ° After we create user we just user login to window client ( put name user and password)
ďƒ° After we login user have one user name user1 ( click on start and can see name of user)
P a g e 30 | 81
ďƒ° After we go to my computer for see user1 samba login
**** Configuration File ****
ďƒ° We need go to yast lan for put IP ,DNS, domain name ,hostname , and other more - Alt+I for configure all below - IP 2.2.2.2 - Subnetmask /24=255.255.255.0 - Hostname channa.net
P a g e 31 | 81
ďƒ° We use Alt+ S for assign put hostname,Domain name, DNS, Domain search for server - Hostname =sless11 - Domain name = channa.net - DNS = 2.2.2.2 the same IP - Domian search =channa.net
P a g e 32 | 81
Alt + U for put Defualt gateway (3.3.3.3)
We need to install such as command (zipper install –y nss_ldap pam_ldap openldap2)
After we istall nns_ldap , pam_ldap openldap2 we need to restart service (rcnetwork restart for service network ,rcnmb restart for service network service samba,rcsmb restart for restart service samba)
P a g e 33 | 81
I.
Configure Openldap (slapd.conf)
After we restart some service and then we need go to configure Openldap ( vim /etc/openldap/slapd.conf)
After we write command ( vim /etc/openldap/slapd.conf) and then we write (“dc=channa,dc=net” ,“cn=Adminstrator,dc=channa,dc=net”) for configure
II.
Create and Insert with *.ldif (file):
A. Create file name : Domain we need to create file name Domain (touch
domain.ldif) + we write command (vim domain.ldif) for write information - “dn: dc=channa,dc=net” ,- “dc: channa” ,– “objectClass: domain”
P a g e 34 | 81
B. Create file name : OU we need to create file name Domain (touch ou.ldif) + we write command (vim ou.ldif) for write information “dn: ou=SNA15-A, dc=channa,dc=net” ,- “dc: channa” ,– “objectClass: domain”
After we create (domain,ou.ldif) we need to restart service (rcnetwork restart for service network ,rcnmb restart for service network service samba,rcsmb restart for restart service samba)
P a g e 35 | 81
After we run service then we need to add domain,ou to ldap ( ldapadd –x –D cn=Adminstrator,dc=channa,dc=net –W –f name domain or ou.ldif)
We need to create user for login by file .ldif ( touch votha.ldif) (vim votha.ldif for information for user votha)
Below is syntax for information of user
P a g e 36 | 81
After we create user we need to restart some service for user by command ( rcnetwork restart for restart service network ,rcldap restart for restart service ldap server ,rcsmb restart for restart service samba ,rcnmb restart for restart service network samba) We use (ldapadd –x –D cn=Administrator,dc=channa,dc=net –W –f votha.ldif) for add user votha to ldap or new entry
We need to enable user name is votha can login ( smbpasswd –a votha for put passwd for user , smbpasswd –e votha user can use this passwd)
After enable user passwd we need to add passwd user ldap ( ldappasswd –x –D cn=Administrator,dc=channa,dc=net –W –S uid=votha1,dc=channa,dc=net)
III.
Configure LDAP Client File or LDAP client (GUI) We go to yast for install service LDAP client for suse client
P a g e 37 | 81
ďƒ° After we write yast => Enter on Network Services => Enter LDAP client
ďƒ° We need to use Alt+U for use LDAP and Alt+S for Addresses of LDAP servers , - Alt+S =2.2.2.2 , Alt+D = dc=channa,dc=net and Alt +T for disable TLS and Alt+A for continue , Alt+ R for create home directory on login ( NOTE : put something that server have sach as below)
P a g e 38 | 81
After we use Alt+ A this result and then we use Alt+M for going to Adminstrator setting
After we use Alt+M for going to Adminstrator setting - Alt+B :for (ou=ldapconfig,dc=channa,dc=net) , Alt+D : for (cn=Admistrator,dc=channa,dc=net, Alt+P : for (Append Base DN) ,Alt+S (for configure User)
After Alt+S we need put ldap password
P a g e 39 | 81
If alert this message we to install it ( Alt+I )
IV.
Take another Client (SUSE) Join domain with LDAP server + Login We go to yast lan to put IP ,DNS of server ,hostname of server
IP =2.2.2.3 , Sunetmask = /24 =255.255.255.0 ,hostname =channa.net
P a g e 40 | 81
Hostname of machine (sless1 ,Domain name of server ,DNS=2.2.2.2)
Default Gateway 3.3.3.3
Test user login to suse client => click on computer => logout for put other user
P a g e 41 | 81
We need to click on switch user for login user to suse client
User login to suse client name is votha1
After we put user name of user we put password of user
P a g e 42 | 81
ďƒ° After we login we have one user name is votha1
V.
Configure SAMBA vai Configuration file or( GUI) A. Combine Samba with OpenLDAP
=> we need to use command yast for combine samba with openldap
ďƒ° After we go to yast => Enter on Network Services => Enter on Samba Server
P a g e 43 | 81
(Alt+W) for We put wrokroup name is channa.net
After we put Workroup choose Primary Domain Controller (PDC)
We choose Manually and then we use Alt+D for Identity
P a g e 44 | 81
ďƒ° After we Alt+N for put netbios hostname
ďƒ° We need to Alt+L for ldap setting some have default and we need to put password of Administrator Alt+T for test connection
P a g e 45 | 81
ďƒ° After we test result is successful
ďƒ° After result successful we need to put password of samba and verify password
B. Allow Windows Client join domain + Login => we need to use ( ncpa.cpl )for put IP and DNS for window client
P a g e 46 | 81
=> After we put IP and DNS for user ( server ping to window client is reply to suse server)
ďƒ° We to restart server for suse server and enable root(we need to restart some service for user by command ( rcnetwork restart for restart service network ,rcldap restart for restart service ldap server ,rcsmb restart for restart service samba ,rcnmb restart for restart service network samba), Enable root (smbpasswd –a root )
ďƒ° We need to ping to server ping 2.2.2.2 is IP of server is reply to client
P a g e 47 | 81
If window client can’t join domain with suse linux we need go to regedit => HKEY_LOCAL_MACHINE=> SYSTEM=> service=> Tcpip=> click on Parameter
We need go to start => right click on My computer => get word properties and continue
P a g e 48 | 81
ďƒ° Join domain click on Domain and then put domain name of server that we want to join such as below domain is channa.net is computer to join
ďƒ° After we put domain name and OK it srsult is computer name changes (user name = root,password= passwd of root)
P a g e 49 | 81
We need to create one user for login to window client use (useradd –m khem ,passwd khem)and enable user and add user to samba (smbpasswd –a khem ,smbpasswd –e khem)
After create user we need to test user login to suse server name is khem
P a g e 50 | 81
Afer we login user name is khem
#### SAMBA File sharing ##### I. Create Folders in /srv with: A. SNA2015 A. SNA-A we use (md name folder) for create fulder (cd name folder) for go to folder
we go to SNA-A just use cd SNA-A and create two folder name Vannai.sat votha.lach
P a g e 51 | 81
B. SNA-B We go to SNA-B just use cd SNA-B and create two folder name limin.sokhom Vannai.sat
B. SNA2014 A. SNA-A B. SNA-B we just use md SNA2014 for create folder and use cd SNA2014 for go to one folder for create folder md SNA-A SNA-B for create sub folder
II. Create user in OpenLDAP (file.ldif) We create file just use touch usera.ldif and go to write file vim usera.ldif
P a g e 52 | 81
A. Firstname.Lastname, your friends (at least 2) ďƒ° Create user two name sopearak.on and channa.srey below is syntax of user for create
B. sopheak.ros ďƒ° create user name sopeak.ros the same syntax above
P a g e 53 | 81
After we create user by .ldif above we need to add it to ldap (ldapadd –x –D cn=Administrator,dc=channa,dc=net –W –f usera.ldif) We need to add to samba (smbpasswd –a sopearak.on),(smbpasswd –a channa.srey),(smbpasswd –a sopeak.ros) and put passwd for user
We need to enable user can use name (smbpasswd – easopearak.on),(smbpasswd –e channa.srey),(smbpasswd –e sopeak.ros)
III. Make sure: A. you and your friends:Access only SNA2015,but you can only access your owner folder
=> we need go to vi /etc/samba/smb.conf for create folder [SNA2014,SNA2015]
P a g e 54 | 81
Folder for share name is [SNA2015 for G_SNA2015,SNA2014 for G_SNA2014]
We need to create group by use (groupadd G_SNA2014,groupadd G_SNA2015) Add user to group G_SNA2015 (groupmod –A channa.srey,sophearak.on G_SNA2105)
Write command vim /etc/group for to see user in the group
P a g e 55 | 81
Change group owner ( chown root:G_SNA2015 SNA2015) Put permission to SNA2015 for group full control (chmod 770 SNA2015) Add user sopheak.ros to manage only one folder SNA2015 full control (chown sopheak.ros:root SNA2014)
Give permission user sopheak.ros full control (chmod 700 SNA2014)
P a g e 56 | 81
ďƒ° Cd SNA2015 => cd SNA-A (chown channa.srey:root vohta.alch for change group owner ) and (chmod 700 vohta.lach for put permission for user channa.srey control this folder)
ďƒ° Cd SNA2015 => cd SNA-A (chown sophearak.on:root Vannai.sat for change group owner ) and (chmod 700 vannai.sat for put permission for user sophearak.on control this folder)
To configure file sharing using command line: # vim /etc/samba/smb.conf Do the following syntax like picture below:
P a g e 57 | 81
ďƒ° We need to restart some service (rcnetwork restart ,rcnmb restart,rcsmb restart,rcldap restart)
IV. Take windows Client test. ďƒ° After put permission to each user and each folder we need just login user name sopeak.ros for test access folder share name folder SNA2014
P a g e 58 | 81
User name is sophaek.ros has been login and then access to server folder share \\2.2.2.2
User sopheak.ros can access only folder SNA2014 that server share user can write and other more that user want but can’t access to SNA2015 because Administrator set permission
P a g e 59 | 81
User can’t access SNA2015 because folder is deny
After login user sopeak.ros can’t access folder SNA2015 and then login user name channa.srey for test access folder share name folder SNA2015
User channa.srey can access only folder SNA2015 that server share but can’t access to SNA2014 because Administrator set permission
P a g e 60 | 81
User can’t access folder Vannai.sat because folder is deny
User can access to folder vohta.lach that Admin allow
user can’t access to folder SNA2014 folder is deny
P a g e 61 | 81
ďƒ° User name is sophearak.on has been login and then access to server folder share \\2.2.2.2
ďƒ° User can create file or folder on folder Vannai.sat
P a g e 62 | 81
User can’t access to folder vohta.lach folder access in deny
User can’t access to folder SNA2014 because access is deny
P a g e 63 | 81
V. Install and configure: A. LDAP Admin software to create user, group, reset password, computer account on Openldap server We need to download ldapAmin => double click on ldapAmin => click on New connection
Connetion name : channa.net, Host 2.2.2.2 ,Base : dc=channa,dc=net Username : cn=Administrator,dc=channa,dc=net and then click on test connection OK!
P a g e 64 | 81
ďƒ° After we click on OK we have name channa.net
ďƒ° OU and user on server channa.net that we romote to server suse
P a g e 65 | 81
Create suer Right click on OU=> get the word new => click on user and continue
User name ccie that we create and OK
P a g e 66 | 81
ďƒ° Create computer name right click on OU => get the work => New => click on Computer
ďƒ° Computer name is channa_PC and then OK
P a g e 67 | 81
ďƒ° After we create computer name have one computer name is channa_PC
ďƒ° Reset password for user right click on user name => get word Set password
P a g e 68 | 81
ďƒ° After we click on Set Password put password
B. Install Openfire package on Openldap server for allow user charting ďƒ° We need to download openfire for install in window client or copy to suse server and install it in suse server. NOTE: we need remote tools SSH connect to server suse
P a g e 69 | 81
ďƒ° We need to copy openfire by remote use SSH to suse server ( Click on openfire => Add )
ďƒ° After we copy it to suse server we have openfire on suse server
P a g e 70 | 81
We create folder one for put openfire and use dir for list to see openfire
We can install it by remote or on suse server by using command (rpm –ivp openfire3.7.0-1.i386.rpm )
We just use command (/etc/init.d/openfire status to see openfire start or no and then we use /etc/init.d/openfire start for give openfire start)
P a g e 71 | 81
C. - Configure Openfire by remote from client ďƒ° We just double click on openfire get the word use web service to find application program=> OK
ďƒ° After we run it on browser use (http://2.2.2.2:9090) put IP of server suse
P a g e 72 | 81
We just put domain 2.2.2.2 of server IP and continue ( server setting )
We click on the word Embedded Database and continue (Database Setting) continuce
We just click on Directory Server (LDAP) (profile Setting) continue
P a g e 73 | 81
ďƒ° We need to choose OpenLDAP ,put host (2.2.2.2), Base DN: dc=channa,dc=net) Administrator DN: cn=Administrator,dc=channa,dc=net and click on test Setting
ďƒ° After test we have result is connection setting (Status: Success!) and then save & continue
P a g e 74 | 81
Need to click on save and continue ( NOTE: everything in here don’t catch it )
Group map is have default don’t catch it and save and continue
Administrator Account you want to add up to you
P a g e 75 | 81
This step is AutoComplete you just click on yes
After we create ccie we have one and continue
We click on login to the Admin console
P a g e 76 | 81
D. Using Spark software for charting with each other ďƒ° We just install application spark for user chart ( right click on spark and get the word open )
ďƒ° Click on next for continue
P a g e 77 | 81
If you want to browse you just click on browse to put source of spark => next
You just click on next for continue
If you want to create a desktop just tick => next
P a g e 78 | 81
ďƒ° After you install it just use name of user login (channa.srey, server 2.2.2.2)
P a g e 79 | 81
ďƒ° User name channa.srey is login to spark and you just click on photos of people if you want to add contact for to give user chating
ďƒ° Just double click on account name after create you can write manage and charting too!
P a g e 80 | 81
Just login user name account sophearak.on server 2.2.2.2
User just double click on account user channa.srey user can charting and sent manage too
The End LDAP+SAMBA LINUX P a g e 81 | 81