Automated Samba + LDAP Installation For FreeBSD 7.1

Now includes Dovecot/Postfix Email Servers!

Overview

The following is a description of the automated installation I have written for FreeBSD 7.1 (AMD64 or i386).

The script automates the process of setting up a Samba v3 server with an OpenLDAP v2.4 backend as a Primary Domain Controller with as little interaction as possible. During the scripted installation you will be prompted for your root password once and asked to hit ok twice.

SourceForge.net Project Page: { http://sourceforge.net/projects/autosambaldap/ }

UPDATE: THE INSTALLER NOW INCLUDES THE OPTION OF INSTALLING DOVECOT AND POSTFIX! BOTH OF THESE WILL AUTHENTICATE TO THE SAME LDAP BACKEND AS SAMBA. ALSO INCLUDED IN THE LATEST RELEASE IS ROUNDCUBE (WEBMAIL).

Installation Method

The entire process for the CD-ROM version from start (bare metal) to finish (working server (including the seperate installation of FreeBSD 7.1)) should take about 12 minutes.

LATEST VERSION AVAILABLE ON PROJECT PAGE

Quick Start

mount /cdrom && cd /cdrom && sh setup.sh

Watch a WMV capture of a FreeBSD 7.1/i386 + Rev5 installation using VMWare { HERE }

Once installed you can add users via the command-line (see: /root/adduser_example.txt) or with Microsoft User Manager for Domains (USRMGR.exe) from the Windows 2003 Resource Kit. { http://download.microsoft.com/download/a/8/b/a8bc2027-f25c-438e-b763-bbef1dbdbf4b/usrmgr.msi }  

 

Prerequisites

• A fresh installation of FreeBSD 7.1 (Minimal Installation) with a configured network and a working internet connection.

• A "/home" directory that will be used for the storage of user data.

 

Disk Layout

This script assumes that you will have a mount-point /home/ that will be used as the location of your user data storage.

The system software will fit on a partition of < 1GiB. On my own system I am using a 1GiB Solid State Disk for this and the operating system uses 652MB on a fully configured system. For my /home/ I am using a pair of 160GiB SATA disks in a ZFS mirror. I will have to look into some logging issues at some point in the near future with this configuration because as we all know log files can and will eat up a lot of space.

For my testing I have a bootable USB thumb drive with an installation of FreeBSD that I "dd" to my SSD each time rather than reinstalling for each test.

#!/bin/sh
/bin/dd if=/dev/da0 of=/dev/ad0 bs=1M
/sbin/fsck /dev/ad0s1a
/sbin/mount /dev/ad0s1a /mnt
/usr/bin/sed -e 's/da0s1a/ad0s1a/g' /mnt/etc/fstab >> /mnt/etc/fstab.new
/bin/mv /mnt/etc/fstab.new /mnt/etc/fstab
/sbin/halt

I setup my /home/ with the following script that is not part of the installation script that is being discussed in this document.
This is why the script has some ZFS specific settings included in it (these are currently commented out).

#!/bin/sh
/bin/rm -rf /home
/sbin/zpool import home
/sbin/zpool destroy home
/sbin/zpool create home mirror ad4 ad6
/sbin/zpool status
/bin/chmod 0777 /home
exit 0

Network Setup

You must configure your new server with a three part name. { i.e. hostname.domain.root }

This is required because of the way that I wrote the automated install script and how it handles the configuration files.

You should also assign a static IPv4 address to your new server.
Instructions on how to properly configure your network are beyond the scope of this document.

 

Installed Software

The following is a list of packages that will be installed with this setup script: ( pkg_info |awk '{print $1}' )

bind9-9.3.5.2 Removed as of v0.93 - we use the base version.
cups-base-1.3.9_2
db46-4.6.21.1
gettext-0.17_1
gnutls-2.4.2_1
ja-p5-Jcode-2.07
jpeg-6b_7
krb5-1.6.3_5 Removed as of v0.93 - we use the base version.
libexecinfo-1.1_2
libgcrypt-1.4.1_1
libgpg-error-1.6_1
libiconv-1.11_1
libltdl-1.5.26
libxml2-2.6.32
lighttpd-1.4.19_3
nss_ldap-1.257
openldap-client-2.4.11
openldap-server-2.4.11_1
openssh-portable-5.0.p1,1
openssl-0.9.8h_1
p5-Authen-SASL-2.12
p5-Convert-ASN1-0.21
p5-Crypt-SmbHash-0.12
p5-Digest-HMAC-1.01
p5-Digest-MD5-2.36_1
p5-Digest-SHA1-2.11
p5-GSSAPI-0.26
p5-IO-Socket-SSL-1.15
p5-Net-SSLeay-1.35
p5-Text-Iconv-1.7
p5-URI-1.37
p5-Unicode-Map-0.112
p5-Unicode-Map8-0.12
p5-Unicode-MapUTF8-1.11
p5-Unicode-String-2.09
p5-XML-Filter-BufferText-1.01
p5-XML-NamespaceSupport-1.09_1
p5-XML-SAX-0.96
p5-XML-SAX-Writer-0.50
p5-perl-ldap-0.36
pam_ldap-1.8.4
pcre-7.7_1
perl-5.8.8_1
php5-5.2.8
php5-gettext-5.2.8
php5-ldap-5.2.8
pkg-config-0.23_1
png-1.2.32
popt-1.7_5
samba-3.0.32_2,1
smbldap-tools-0.9.5
tiff-3.8.2_2
wget-1.11.2_1

 

Other Stuff....

The "Web Based Administration Tools" are a work in progress, these will take some time to get finished. As things currently stand with version 0.93 you can add/delete users and groups, change group membership, change passwords, export LDIFs (per user and global) and monitor disk space usage on a per user level.

A few things to note:

You can not remove a user from the "Domain Users" group. Once added to this group you can not remove the user from it.
-- I may modify some of the smbldap-tools code to allow it in the future.....
You cannot remove the "Default" groups - these should really stay there for compatibly with Windows clients.
The "root" and "nobody" users are "hidden" from the web-gui user listing (although it is possible to get to them).
You can not at this time edit the information (other than password) of an existing user.

 

Last Updated: April 08, 2009- Copyright 2009 - Adam G. Sweeney - All Rights Reserved

Not what you are looking for?? Go to the forums.