Este es un resumen de los pasos a seguir para poder configurar un PDC con Samba y OpenLDAP. Los conceptos tanto de Samba como LDAP se pueden encontrar ampliamente explicados en la web.
Datos:
Dominio: pamplona.local
IP del Linux: 172.16.0.24
SO: CentOS 6.2 de 64 bits
Primero empezamos con la configuracion de OpenLDAP
# yum -y install openldap-servers openldap-clients
Nos aseguramos que en el archivo
/etc/sysconfig/ldap tengamos habilitado lo siguiente:
SLAPD_LDAPI = yes
Creamos el archivo slapd.conf dentro del directorio /etc/openldap
# vi /etc/openldap/slapd.conf
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
Eliminamos todo el contenido dentro del directorio /etc/openldap/slapd.d/
# rm -rf /etc/openldap/slapd.d/*
Generamos nuestros archivos de configuracion ldif
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
Editamos el archivo generado, modificar la linea 4 quedando del siguiente modo
# vi /etc/openldap/slapd.d/cn=config/olcDatabase\={0}config.ldif
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
#olcAccess: {0}to * by * none
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 54a95934-67a4-1031-9c0b-6b11c7427936
creatorsName: cn=config
createTimestamp: 20120721172202Z
entryCSN: 20120721172202.648710Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120721172202Z
Creamos el archivo sigiente
# vi /etc/openldap/slapd.d/cn=config/olcDatabase\={1}monitor.ldif
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {1}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
creatorsName: cn=config
modifiersName: cn=config
Configuramos el usuario propietario y permisos ...
# chown -R ldap. /etc/openldap/slapd.d
# chmod -R 700 /etc/openldap/slapd.d
# /etc/rc.d/init.d/slapd start
# chkconfig slapd on
Realizamos las configuraciones iniciales
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=core,cn=schema,cn=config"
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"
#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"
#slappasswd
New password:
Re-enter new password:
{SSHA}XAmVut5MmHJLyK4ooNh4bVsBEOzkFIUy
Creamos los siguientes archivo ldif con los datos de nuestro dominio(pamplona.local)
# vi backend.ldif
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib64/openldap
olcModuleload: back_hdb
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcSuffix: dc=pamplona,dc=local
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=pamplona,dc=local
olcRootPW: {SSHA}XAmVut5MmHJLyK4ooNh4bVsBEOzkFIUy
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcMonitoring: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=pamplona,dc=local" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=pamplona,dc=local" write by * read
...
# ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
adding new entry "olcDatabase=hdb,cn=config"
En el siguiente archivo poner la clave generada con el comando slappasswd
# vi frontend.ldif
dn: dc=pamplona,dc=local
objectClass: top
objectClass: dcObject
objectclass: organization
o: pamplona local
dc: pamplona
dn: cn=admin,dc=pamplona,dc=local
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {SSHA}XAmVut5MmHJLyK4ooNh4bVsBEOzkFIUy
dn: ou=people,dc=pamplona,dc=local
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=pamplona,dc=local
objectClass: organizationalUnit
ou: groups
...
# ldapadd -x -D cn=admin,dc=pamplona,dc=local -W -f frontend.ldif
Enter LDAP Password:
adding new entry "dc=pamplona,dc=local"
adding new entry "cn=admin,dc=pamplona,dc=local"
adding new entry "ou=people,dc=pamplona,dc=local"
adding new entry "ou=groups,dc=pamplona,dc=local"
Ahora configuraremos el cliente LDAP
# yum -y install openldap-clients nss-pam-ldapd
Editamos los siguientes archivos con los datos de nuestro dominio
# vi /etc/openldap/ldap.conf
URI ldap://172.16.0.24/
BASE dc=pamplona,dc=local
TLS_CACERTDIR /etc/openldap/certs
# vi /etc/nslcd.conf
uri ldap://172.16.0.24/
base dc=pamplona,dc=local
ssl no
tls_cacertdir /etc/openldap/certs
# vi /etc/pam_ldap.conf
#host 127.0.0.1
base dc=pamplona,dc=local
Agregar al final del archivo pam_ldap.conf lo siguiente:
uri ldap://172.16.0.24/
ssl no
tls_cacertdir /etc/openldap/certs
pam_password md5
Agregar al archivo system-auth las lineas con ##
# vi /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass ##
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so ##
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok ##
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so ##
session optional pam_mkhomedir.so skel=/etc/skel umask=077 ##
Agregamos la fuente ldap a nuestro archivo nsswitch.conf
# vi /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
netgroup: ldap
publickey: nisplus
automount: files ldap
# vi /etc/sysconfig/authconfig
USELDAP=yes
# chkconfig nslcd on
Reiniciamos nuestro servidor ...
# reboot
Ahora instalamos samba
# yum -y install samba
#cd /tmp
#vi schema_convert.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/samba.schema
# mkdir ldif_output
slapcat -f schema_convert.conf -F ./ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > ./cn=samba.ldif
Eliminar el '{12}' del archivo cn=samba.ldif y quedar del siguiente modo
# vi cn=samba.ldif
dn: cn=samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: samba
Eliminar las siguientes 7 lineas del archivo cn=samba.ldif
structuralObjectClass: olcSchemaConfig
entryUUID: e24790da-67a9-1031-9ca2-7f12861cadca
creatorsName: cn=config
createTimestamp: 20120721180147Z
entryCSN: 20120721180147.725827Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120721180147Z
# ldapadd -Y EXTERNAL -H ldapi:/// -f cn=samba.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=samba,cn=schema,cn=config"
Creamos el sguiente archivo...
# vi samba_indexes.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub
# ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
# cd
# rm -rf /tmp/*
# /etc/rc.d/init.d/slapd restart
Stopping slapd: [ OK ]
Starting slapd: [ OK ]
Agregamos la fuente epel para instalar el smbldap-tools
# vi /etc/yum.repos.d/CentOS-epel.repo
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
# rpm --import https://fedoraproject.org/static/0608B895.txt
# yum -y install smbldap-tools
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
cp /usr/share/doc/smbldap-tools-0.9.6/smb.conf /etc/samba/smb.conf
vi /etc/samba/smb.conf
...
# Global parameters
[global]
workgroup = PAMPLONA
netbios name = PDC01
security = user
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = yes
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
log level = 0
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = CP932
Unix charset = UTF-8
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://172.16.0.24/
ldap admin dn = cn=admin,dc=pamplona,dc=local
ldap suffix = dc=pamplona,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
#ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
admin users = sysadmin
ldap ssl = no
# printers configuration
#printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
...
# mkdir /home/netlogon
# /etc/rc.d/init.d/smb restart
Shutting down SMB services: [FAILED]
Starting SMB services: [ OK ]
# /etc/rc.d/init.d/nmb restart
Shutting down NMB services: [FAILED]
Starting NMB services: [ OK ]
[root@pdc01 ~]# chkconfig smb on
[root@pdc01 ~]# chkconfig nmb on
# smbpasswd -W
Setting stored password for "cn=admin,dc=pamplona,dc=local" in secrets.tdb
New SMB password:
Retype new SMB password:
Ahora vamos a configurar el smbldap a traves del archivo perl
# perl /usr/share/doc/smbldap-tools-0.9.6/configure.pl
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
smbldap-tools script configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Before starting, check
. if your samba controller is up and running.
. if the domain SID is defined (you can get it with the 'net getlocalsid')
. you can leave the configuration using the Ctrl-c key combination
. empty value can be set with the "." character
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Looking for configuration files...
Samba Configuration File Path [/etc/samba/smb.conf] > Enter
The default directory in which the smbldap configuration files are stored is shown.
If you need to change this, enter the full directory path, then press enter to continue.
Smbldap-tools Configuration Directory Path [/etc/smbldap-tools] >
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's start configuring the smbldap-tools scripts ...
. workgroup name: name of the domain Samba acts as a PDC for
workgroup name [PAMPLONA] > Enter
. netbios name: netbios name of the samba controller
netbios name [PDC01] > Enter
. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
logon drive [H:] > Enter
. logon home: home directory location (for Win95/98 or NT Workstation).
(use %U as username) Ex:'\\PDC01\%U'
logon home (press the "." character if you don't want homeDirectory) [\\PDC01\%U] > Enter
. logon path: directory where roaming profiles are stored. Ex:'\\PDC01\profiles\%U'
logon path (press the "." character if you don't want roaming profiles) [\\PDC01\profiles\%U] > .
. home directory prefix (use %U as username) [/home/%U] > Enter
. default users' homeDirectory mode [700] > Enter
. default user netlogon script (use %U as username) [logon.bat] > Enter
default password validation time (time in days) [45] > Enter
. ldap suffix [dc=pamplona,dc=local] > Enter
. ldap group suffix [ou=Groups] > Enter
. ldap user suffix [ou=Users] > Enter
. ldap machine suffix [ou=Computers] > Enter
. Idmap suffix [ou=Idmap] > Enter
. sambaUnixIdPooldn: object where you want to store the next uidNumber
and gidNumber available for new users and groups
sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=PAMPLONA] >
. ldap master server: IP address or DNS name of the master (writable) ldap server
ldap master server [172.16.0.24] > Enter
. ldap master port [389] > Enter
. ldap master bind dn [cn=admin,dc=pamplona,dc=local] > Enter
. ldap master bind password [] > Ingresamos la clave
. ldap slave server: IP address or DNS name of the slave ldap server: can also be the master one
ldap slave server [172.16.0.24] > Enter
. ldap slave port [389] > Enter
. ldap slave bind dn [cn=admin,dc=pamplona,dc=local] > Enter
. ldap slave bind password [] > Ingresamos la clave
. ldap tls support (1/0) [0] > Enter
. SID for domain PAMPLONA: SID of the domain (can be obtained with 'net getlocalsid PDC01')
SID for domain PAMPLONA [S-1-5-21-3173375413-340090289-266529731] > Enter
. unix password encryption: encryption used for unix passwords
unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > Enter
. default user gidNumber [513] > Enter
. default computer gidNumber [515] > Enter
. default login shell [/bin/bash] > Enter
. default skeleton directory [/etc/skel] > Enter
. default domain name to append to mail address [] > Enter
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
backup old configuration files:
/etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
/etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
writing new configuration file:
/etc/smbldap-tools/smbldap.conf done.
/etc/smbldap-tools/smbldap_bind.conf done.
Ejecutamos lo siguiente:
# smbldap-populate
Populating LDAP directory for domain PAMPLONA (S-1-5-21-3173375413-340090289-266529731)
(using builtin directory structure)
entry dc=pamplona,dc=local already exist.
adding new entry: ou=Users,dc=pamplona,dc=local
entry ou=Groups,dc=pamplona,dc=local already exist.
adding new entry: ou=Computers,dc=pamplona,dc=local
adding new entry: ou=Idmap,dc=pamplona,dc=local
adding new entry: uid=root,ou=Users,dc=pamplona,dc=local
adding new entry: uid=nobody,ou=Users,dc=pamplona,dc=local
adding new entry: cn=Domain Admins,ou=Groups,dc=pamplona,dc=local
adding new entry: cn=Domain Users,ou=Groups,dc=pamplona,dc=local
adding new entry: cn=Domain Guests,ou=Groups,dc=pamplona,dc=local
adding new entry: cn=Domain Computers,ou=Groups,dc=pamplona,dc=local
adding new entry: cn=Administrators,ou=Groups,dc=pamplona,dc=local
adding new entry: cn=Account Operators,ou=Groups,dc=pamplona,dc=local
adding new entry: cn=Print Operators,ou=Groups,dc=pamplona,dc=local
adding new entry: cn=Backup Operators,ou=Groups,dc=pamplona,dc=local
adding new entry: cn=Replicators,ou=Groups,dc=pamplona,dc=local
entry sambaDomainName=PAMPLONA,dc=pamplona,dc=local already exist. Updating it...
Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:
Creamos el usuario y grupo sysadmin
# smbldap-groupadd -a sysadmin
[root@pdc01 ~]# smbldap-useradd -am -g sysadmin sysadmin
[root@pdc01 ~]# smbldap-passwd sysadmin
Changing UNIX and samba passwords for sysadmin
New password:
Retype new password:
[root@pdc01 ~]# su - sysadmin
[sysadmin@pdc01 ~]$ exit
logout
Creamos un usuario de prueba
# smbldap-useradd -am fruiz
[root@pdc01 ~]# smbldap-groupmod -m fruiz "Domain Users"
adding user fruiz to group Domain Users
[root@pdc01 ~]# smbldap-passwd fruiz
Changing UNIX and samba passwords for fruiz
New password:
Retype new password:
Deshabilitamos el selinux
# vi /etc/sysconfig/selinux
SELINUX=disabled
En el firewall podemos habilitar los puertos correspondientes(TCP: 139,389,445 y UDP: 137,138 ), para el ejemplo lo deshabilitamos ...
# /etc/init.d/iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
Listo, ahora podemos empezar a unir las maquinas al dominio pamplona. Debemos tener en cuenta lo siguiente para los Windows 7
Modificar los siguientes registros:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
LanmanWorkstation -> parameters
DomainCompatibilityMode : 1
DNSNameResolutionRequired : 0
Netlogon -> parameters
RequireSignOrSeal 0
RequireStrongKey 1
SealSecureChannel 1
SignSecureChannel 1
Tcpip -> parameters
NameServer : pamplona
NV Domain : pamplona
En la configuracion de red la PC seccion TCP/IP nos dirigimos a opciones avanzadas, en la pestaña WINS le agregamos la IP de nuestro PDC (172.16.0.24)
Ahora si, ya podemos unir al dominio las PCs con Windows 7.
Luego de ingresar al dominio pedira reinicar la PC.
Para la administracion una buena herramienta es la siguiente: LDPAdmin lo pueden bajar de
aqui
Luego de bajar ejecutar el programa y crear una nueva conexion
Este es una primera guia del PDC...
Fuentes:
http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=1