Il est preferable que le PDC oit sous technologie Windows NT voir 2003.
il est possible de recuperer par "vampire" le compte NT ou W2003.
Il faut inscrire le serveur comme SDC .
Il existe de nouveau tutos
la securité à l'accès des fichiers sera à partir du controleur de domaine.
il faut installer opanldap sur le serveur linux

Bonjour,

Je serai intéressé par des pistes pour monter un PDC sous linux (FC5/FC6 suivant le début de mise en place)dans un environement Windows (Serveurs : Win2k server, Win2003 server [PDC actuel]; clients : WinXP, Win2k, Win98), ainsi que les services suivants :

DHCP, DNS, Partage d'imprimantes réseau et répertoires personnels (Samba), Annuaire (OpenLDAP), Serveur de mail (PostFix, courrier-imap, courrier-pop) et Groupware (pour remplacer Exchange)

Quelqu'un airai déja mis en place une telle structure ?

Pour certaines chose j'ai trouvé des tutos très bien faits sur http://christian.caleca.free.fr/ (DHCP, DNS...), mais j'ai du mal a trouver un tuto explicite en ce qui concerne Samba et OpenLDAP en PDC pour un domaine Windows.

Si des personnes ont déja été confronté a se type de situation ou ont des liens traitant de se sujet, j'en serai ravi. 8-)

Cordialement.

conseil : faire une etude de migration
tu dois effectuer ta migration en douceur
1) commencer par mettre ne place ton serveur openlad
recherche de doc+ tester->si ok deployement
nombre de clients type de base openldap
2) migrer les information de l'Active Directory
deployement
3)migration du PDC
voir l'exemple ci-joint
et prevoir un retour en arriere
4)mettre poxtFix et le reste
Gros chantier
Expliquer que les avantages et les inconvenients aux responsables
Sinon attention
les documentations en anglais ne manquent pas par contre la garantie de son efficience reste à prouver
j'espere que tu ne vas pas tout installer sur le meme serveur
nombre de clients et le detail des serveurs par machine

Using Samba 3 as a Primary Domain Controller
Install samba, samba-client and samba-common

Make a backup of the /etc/samba/smb.conf file

Copy in the associated smb.conf file (copy from between the #########)
modify the server name
modify the domain name
modify the hosts allow line for your IP ranges (if necessary)

################################################## ###########

# Global parameters
[global]
workgroup = NEWDOM
netbios name = PDC
server string = PDC
interfaces = eth0
bind interfaces only = Yes
passdb backend = tdbsam
pam password change = Yes
passwd chat = *New*Password* %nn *Re-enter*new*password* %nn *Password*changed*
username map = /etc/samba/smbusers
unix password sync = Yes
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = scriptslogon.bat
logon path = \%Lprofiles%U
logon drive = X:
logon home = \%Lhome%U
domain logons = Yes
local master = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins support = Yes
utmp = Yes
map acl inherit = Yes
printing = cups
veto oplock files = /*.doc/*.xls/*.mdb/

[IPC$]
path = /tmp
hosts allow = 192.168.0.0/24, 192.168.1.0/24, 127.0.0.1
hosts deny = 0.0.0.0/0

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
use client driver = Yes
default devmode = Yes
browseable = No

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No

[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes

[shared]
comment = Network Shares
path = /shared
read only = No

################################################## ###########



mkdir -p /shared
chmod -R ug+rwxs,o+rx-w /shared
chown root.users /shared
mkdir -p /var/lib/samba/{netlogon/scripts,profiles}
chown -R root.root /var/spool/samba
chown -R root.root /var/lib/samba
chmod a+rwxt /var/spool/samba

For each user account that is created on the system, the following commands should be executed (substitute the real username for username:

mkdir /var/lib/samba/profiles/username
chown username.users /var/lib/samba/profiles/username
chmod ug+wrx,o+wrx,-w /var/lib/samba/profiles/username
instead use chmod 770 /var/lib/samba/profiles/username (otherwise, roaming profiles fail)

Create a logon script called /var/lib/samba/netlogon/scripts/logon.bat.unix with the following;
net time PDC /set /yes
net use h: PDC%USERNAME%
net use p: PDCshared

unix2dos < /var/lib/samba/netlogon/scripts/logon.bat.unix > /var/lib/samba/netlogon/scripts/logon.bat


chmod 755 /var/lib/samba/netlogon/scripts/logon.bat

Add the root user to the password backend as follows:
smbpasswd -a root
this should create the tdbsam database


Create the Standard NT-Unix group mappings with the following commands:

net groupmap modify ntgroup="Domain Admins" unixgroup=root
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody

NOTE: add any additional groups that you need
Unix group needs to be added first with groupadd

Check that the groups are setup with the command:
net groupmap list | sort

Add all users with the command line on the linux server as follows;
Linux
useradd -m username
passwd username

Windows
smbpasswd -a username

chkconfig cups on
chkconfig smb on
service cups restart
service smb restart

edit /etc/nsswitch.conf to read
hosts: files dns wins


Test the config with
ping {servername}
testparm -s
smbclient -L {servername} -U%




JOINING CLIENTS TO THE DOMAIN

Windows XP
change Domain to LINUXDOM
username is root
password (root's smbpasswd) as set above.

It should say welcome to the LinuxDOM domain



************************************************** ************************************************** *****************************
***********************TROUBLE SHOOTING AND MISCELLANEOUS STEPS********************************************* *********************
************************************************** ************************************************** *****************************

CLEANING UP NTGROUPS AND UNIXGROUPS
net groupmap cleanup
net groupmap delete ntgroup="Print Operators"
net groupmap delete ntgroup="Domain Guests"


NOTES: CentOS4.0 came with a version of shadow-utils which prevented an XP machine from joining the domain
yum update shadow-utils to the version found in CentOS4.2 will resolve this issue.


SETTING NT STYLE PERMISSIONS
NOTE: You must have ACL support enabled on the file system.

Modify /etc/fstab and add acl to the list of options for the mounted file system in question.
e.g. /dev/VolGroup00/LogVol00 / ext3 de
r

Merci beaucoup pour ta réponse !

Pour te rassurer, il est bien sur prévu de répartir tout beau monde super plusieurs serveurs, je pensais partir sur :
Serveur1:
PDC, OpenLDAP

Serveur2:
Serveur de données Samba

Serveur3:
Serveur de mail & Groupware

Serveur4:
Serveur web

Serveur5:
DNS, DHCP, Serveur d'impression

Serveur6:
SGBD, Subversion

Sinon conenessez vous des problèmes de compatibilités entre FC5 et les serveurs de type HP Proliant DL 360/380 ?

Merci encore pour ton post.

Cordialement.

un lien sur openldap
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-pam.html
certains elements ont du evoluer avec l integration de openldap sur FC5
To integrate Samba and LDAP you need to install a few tools:
Go to http://dag.wieers.com/packages/perl-Crypt-SmbHash/ and download the fc3 noarch.rpm file. Once downloaded copy it to the root share accessed earlier.

Go to http://www.idealx.org/prj/samba/dist/ and click on the latest version .noarch.rpm file to download it. Once downloaded copy it to the root share accessed earlier.

Back in putty issue the following commands:
rpm ?i perl-Crypt-SmbHash-0.02-1.1.fc3.rf.noarch.rpm
rpm ?i smbldap-tools-0.9.1-1.noarch.rpm
(changing file versions where necessary)

Next we must copy the samba scema for the LDAP server:
cp /usr/share/doc/samba-3.0.14a/LDAP/samba.schema /etc/openldap/schema/

To configure the LDAP server for our samba configuration you must edit the conf file:

vi /etc/openldap/slapd.conf

Add the following line under the ?include section? so it looks like this:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema

Under the ?database? section, alter it so it looks like this, (altering DOMAIN to the name you want your domain to be):

database bdb
directory /var/lib/ldap

suffix "dc=DOMAIN,dc=COM"
rootdn "cn=Manager,dc=DOMAIN,dc=COM"

rootpw mysecretpwd

Change the rootpw to whatever you want ? I just left it as is.

Next we need to edit some more conf files:

vi /etc/openldap/ldap.conf

Edit so it looks like this: (replacing DOMAIN of course)

HOST 127.0.0.1
BASE dc=DOMAIN,dc=COM

Next we need to configure the LDAP client:

vi /etc/ldap.conf

Find the section that looks like this:
# Your LDAP server. Must be resolvable without using LDAP.
And add below it:
host 127.0.0.1

Find the section that looks like this:
# The distinguished name of the search base.
Add/Change Below It:
base dc=DOMAIN,dc=COM
Replacing DOMAIN where necessary.

Find the section that looks like this:
# The distinguished name to bind to the server with if the effective user ID
# is root. Password must be stored in /etc/ldap.secret (mode 600)
Add/Change Below It:
rootbinddn cn=nssldap,ou=DSA,dc=DOMAIN,dc=COM
Replacing DOMAIN where necessary.

Find the section that looks like this:
# RFC2307bis naming contexts
# we use ?sub (and not the default ?one) because we
# separated sambaAccounts on ou=Computer,dc=DOMAIN,dc=COM
# and ou=Users,dc=DOMAIN,dc=COM
Add/Change Below It:
nss_base_passwd ou=Users,dc=DOMAIN,dc=COM?one
nss_base_passwd ou=Computers,dc=DOMAIN,dc=COM?one
nss_base_shadow ou=Users,dc=DOMAIN,dc=COM?one
nss_base_group ou=Groups,dc=DOMAIN,dc=COM?one
Replacing DOMAIN where necessary.

One last conf file:

vi /etc/nsswitch.conf

Find the section that looks like this:
# significative entries for /etc/nsswitch.conf using
# Samba and OpenLDAP
Add/Change below it:
passwd: files ldap
shadow: files ldap
group: files ldap

We should have a go at starting the LDAP server now:

service ldap start

quelques elements sur samba avec ldap
# Global parameters
[global]
workgroup = DOMAIN
netbios name = linuxserver
enable privileges = yes
username map = /etc/samba/smbusers
server string = linuxserver
security = user
encrypt passwords = yes
obey pam restrictions = no
ldap password sync = yes
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

logon drive = H:
logon path = linuxserverprofiles%u
domain logons = yes
os level = 65
preferred master = yes
domain master = yes
wins support = yes

passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=DOMAIN,dc=com
ldap suffix = dc=DOMAIN,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

preserve case = yes
short preserve case = yes
case sensitive = no

[homes]
comment = Home Directory
read only = No
create mask = 0644
directory mask = 0775
browseable = No

[netlogon]
path = /home/samba/netlogon/
browseable = No
read only = yes

[profiles]
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = No
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"

#Remove this if you want
[rootdir]
writeable = yes
guest ok = yes
path = /

Close the open window.
Save the file and issue the following commands in putty:
service smb restart this could take awhile
smbpasswd ?w mysecretpwd change this to your rootpw from slapd.conf
service smb restart
mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
chmod 1777 /home/samba/profiles

Merci pour ces infos. Je me met au travail dès a présent.

Cordialement.

Pour ce qui recherchent de la doc sur OpenLdap et Samba, voici quelques adresses, qui je pense, combleront vos attentes.

http://samba.2037.org/documentation.php
http://contribs.martymac.com/
http://cj.tronquet.free.fr/doc/samba3ldap.php

Voila !

en esperant que cela sera utile a d'autres que moi.

Bonjour à tous!
Je devrais migrer Windows 2003 Server vers Fedora, mais j'ai fait beaucoup de recherches je ne vois pas de documents là dessus.
Si quelqu'un pourrait avoir la gentillesse de m'indiquer là où est traité ce problème ou m'orienter je ne saurait comment le remercier.

Merci à trés bienôt.

??? Tu veux migrer quels types de services de win2003 à fedora ?
Quels type d'outils vas tu utiliser sous fedora ?