I'd imagine document will answer many prayers for stumped admins
These are my notes to setup SuSE Linux Enterprise Server v9
and how to configure Samba v3.04-SuSE to work as a member server in a
domain
Also, this document contains FULL instructions on how to setup SSL
Secured SWAT (Samba Web Administration Tool)
This document is a step by step guide to installing SLES and Samba. Of
course you don't need a RAID configured system like mine, but I'm going
to assume you know how to at least load linux and can plug in your own
stuff where you need it.
Hope this helps many of you.. Good Luck, if you have questions, please
feel free to contact me.
Loaded using SLES 9 Samba 3.04-SuSE
You will need CDs SLES1-SLES3 to complete this install.
Make sure the RAIDs are in an OPTIMAL state before you start
installation
Create 2 Containers, Container 0 named SLES9 and is 10gb, Container 1
named NAS
and is the remaining space, approx. 1.6TB
Boot from CD1
Select Installation
Software agreement click I agree
Language - English
Select New Installation
Partioning
Create Custom Partition
Custom Partition for experts
Create
Select SDA
Primary
Do Not format, Change File System ID to Linux Swap
Click format
Size, End = +1gb
Ok
Create
Select SDA
Primary
Ok
Create
Select SDB
Primary
Mount Point = /nas
Ok
Next
Software
Default
Detailed Selection
Select all of the following
LSB
C/C++
Analizing Tools
Uncheck SNORT
Uncheck AIDE
File Server
Check all Samba entries
Click Accept
Click Continue for dependancy Changes
Time Zone
Eastern
Hardware clock set to Local time
Accept
Click accept
Click Yes Install
Install starts
After CD swaps are done, the system reboots
Install continues
Root Password = (whatever you want)
Next
Click Network Interfaces
Click Change
Click Edit
Click STATIC Ip = Static ip for this box (ie. 192.168.1.2)
Click Host Name
Host name = nas1
Domain = yourdomain.com
name server = your dns name servers IP
name server = your dns name servers IP
Ok
Routing
default gateway = your gateway IP
Ok
Next
Finish
Next
Select Yes, Test Connection, Next
Result should = Success if network is config'd properly
Next
Yes Run Online Update
Change location from .de to .com in Location line
Click Next
Username = your suse portal username
Password = your suse portal password
Login
Select all security & Recommended, except Linux Kernel
Select Optional Update for Yast2-installation\
Click accept
Updates will start to download
Click Finish
Click Next
Authentication Method = LDAP
Next
LDAP Client Config = use all defaults, Click Next
Create LDAP User = username deleteme
Next
Accept warning for password and continue
Release notes, read, then click Next
Click Graphics Cards
Click Monitor
Change configuration
Properties
Dell M770
Finish
Click Color and Resolution
Change configuration
Properties
Resolution Tab
Click 1280x1024
Click Ok
CliCk Finish
finalize
click Test
make sure you can see the screen and click save
Click ok
Click Next
Click Finish
Linux boots
login as root
Go into Yast
Click online update
Click Next
enter SLES portal user and pass, click keep Authentication data,
login
Select any kernel updates available as well as any other
security or recommended updates.
If kernel updates are available you will get a warning,
after you have read the warning click
install patch.
Click Finish
If you installed a kernel update, reboot
login as root
Install Stunnel
Open YAST, software, Install & Remove Software
Filters, Search, Input Stunnel
Install Stunnel v4.05
Configuring SWAT over Stunnel
1. We generate a private key (1024 bit size) :
/usr/sbin/openssl genrsa -out /etc/stunnel/swat.key 1024
2. Generate a certificate signing request (csr) using the server key
generated above(output will be PEM formatted.)
/usr/sbin/openssl req -new -key /etc/stunnel/swat.key -out
/etc/stunnel/swat.csr
3. Create a self-signed certificate (X509 structure) the output will be
PEM formatted.
/usr/sbin/openssl x509 -req -days 365 -in /etc/stunnel/swat.csr
-signkey /etc/stunnel/swat.key -out /etc/stunnel/swat.crt
4. Prepare certificate for stunnel. According to samba / stunnel
documentation says that a blank line is needed between private key and
certificate and another blank line at the end of the file
echo "" > ~/blankline.txt
cat /etc/stunnel/swat.key ~/blankline.txt /etc/stunnel/swat.crt
~/blankline.txt > /etc/stunnel/swat.pem
5. Set the file permissions so no one but root has access to the file
chmod 700 /etc/stunnel/swat.pem
6. Configure STUNNEL to start at boot
vim /etc/stunnel/swat.conf
copy the following into this file:
cert = /etc/stunnel/swat.pem
pid = /var/run/stunnel.swat
service = swat
[swat]
accept = 901
exec = /usr/sbin/swat
execargs = swat
TIMEOUTclose = 0
Save & Exit vim
vim /etc/init.d/boot.local
add the following line
stunnel /etc/stunnel/swat.conf
Save & Exit
Start Stunnel Manually
stunnel /etc/stunnel/swat.conf
Open Yast
Network Services
Samba Server
*** PLEASE NOTE, if this is a re-installation, DELETE the Samba Host
computer completely from the
your domain(s)
click status
ensure that all 3 processes are running, if not, start them, and
then click restart all
Workgroup = Your NT/2k/AD Domain Name
No Domain Controller, Next
Enable on Boot
Shares Tab
disable all shares
Click add
Share name = Nas
Share Description = Check Imaging
Share Type = Directory
Share path = (select a mount point ie. /nas or
/home/bob/smbshare, etc.)
Ok
Identity Tab
remote wins server name = (Input your WINS
server IP here, We run wins on seperate box)
Click Advanced Settings, Expert Global
Click Add
idmap uid = 10000-11000 (if you have
more than 1000 users change the 11000 to whatever)
Click Add
idmap gid = 10000-11000 (if you have
more than 1000 users change the 11000 to whatever)
Click Ok
Click Advacned Settings, LDAP Settings, Click
Ok
Click Advacned User Authentication Sources
Click Add
smbpasswd File, ok
Click Add
ldap
Join the domain = Yes
username = someone your domain administrator
group
Prompted for root user password for samba
use same password as root user in linux
System
Runlevel editor
Change NSCD to disable
winbindd to enable
To test winbind
open a terminal window
type wbinfo -u
you should see a list of members in your domain, this may take a
few moments
Now, open a browser
login to https://IP.Wins.or.DNS.name.of.your.Samba.Server:901
username is root user
click shares, click advanced
choose share = nas
change admin users to = '@Yourdomain\Domain
Administrators Group Name' (use quotes, or just individual usernames
like Yourdomain\joebob without
quotes), seperate by comma's
Click commit changes
Click Status, and Restart All
Neil Proctor
First Volunteer Bank IT Dept
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
