I. cài đặt openldap
server
#yum -y install
openldap-servers openldap-clents
[root@svr1 Desktop]# vi
/etc/sysconfig/ldap
10 # Run slapd with -h "... ldapi:///
..."
11 #
yes/no, default: yes
12 SLAPD_LDAPI=yes
[root@svr1 Desktop]# vi /etc/openldap/slapd.conf
Create new:
pidfile
/var/run/openldap/slapd.pid
argsfile
/var/run/openldap/slapd.args
[root@svr1 Desktop]# rm -rf
/etc/openldap/slapd.d/*
[root@svr1 Desktop]# slaptest -f
/etc/openldap/slapd.conf -F /etc/openldap/slapd.d
config
file testing succeeded
[root@svr1 Desktop]# vi
/etc/openldap/slapd.d/cn=config/olcDatabase\={0}config.ldif
Line 4: change:
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by *
break
[root@svr1 Desktop]# vi
/etc/openldap/slapd.d/cn=config/olcDatabase\={1}monitor.ldif
create new:
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {1}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by *
break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
creatorsName: cn=config
modifiersName: cn=config
[root@svr1
Desktop]# chown -R ldap. /etc/openldap/slapd.d
[root@svr1
Desktop]# chmod -R 700 /etc/openldap/slapd.d
[root@svr1
Desktop]# service slapd start
Starting slapd:
[ OK ]
[root@svr1
Desktop]# chkconfig slapd on
[root@svr1
Desktop]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
SASL/EXTERNAL authentication started
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=core,cn=schema,cn=config"
[root@svr1
Desktop]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"
[root@svr1
Desktop]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL/EXTERNAL authentication started
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"
# ldapadd
-Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
[root@svr1 Desktop]# slappasswd
New password:
Re-enter new password:
{SSHA}S6ZIGyr9HJoY2Pdq32Vhuh/uLKEaEdvP
[root@svr1
Desktop]# mkdir /tmp/setldap ; cd /tmp/setldap
[root@svr1
setldap]# vi backend.ldif
create:
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib64/openldap
olcModuleload: back_hdb
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcSuffix: dc=tencongty,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=Manager,dc=tencongty,dc=com
olcRootPW: {SSHA}S6ZIGyr9HJoY2Pdq32Vhuh/uLKEaEdvP
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcMonitoring: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by
dn=”cn=Manager,dc=tencongty,dc=com” write by anonymous auth by self write by *
none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base=”" by * read
olcAccess: to * by dn=”cn=Manager,dc=tencongty,dc=com” write by
* read
[root@svr1
setldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif
SASL/EXTERNAL authentication started
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
adding new entry "olcDatabase=hdb,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional
info: <olcAccess> handler exited with 1
nếu ở đây bị lỗi thì vui lòng kiểm tra lại dấu(“) khi copy
nếu đúng thì nó giống như
dòng dưới đây:
[root@svr1
setldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif
SASL/EXTERNAL authentication started
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
adding new entry "olcDatabase=hdb,cn=config"
[root@svr1
setldap]# vi frontend.ldif
dn:
dc=tencongty,dc=com
objectClass:
top
objectClass:
dcObject
objectclass:
organization
o:
tencongty.com
dc: tencongty
dn:
cn=Manager,dc=tencongty,dc=com
objectClass:
simpleSecurityObject
objectClass:
organizationalRole
cn: Manager
userPassword:
{SSHA}S6ZIGyr9HJoY2Pdq32Vhuh/uLKEaEdvP
dn:
ou=people,dc=tencongty,dc=com
objectClass:
organizationalUnit
ou: people
dn:
ou=groups,dc=tencongty,dc=com
objectClass:
organizationalUnit
ou: groups
[root@svr1
setldap]# ldapadd -x -D cn=Manager,dc=tencongty,dc=com -W -f frontend.ldif
Enter LDAP
Password:
adding new entry “dc=ttencongty,dc=coml”
adding new
entry “cn=Manager,dc=tencongty,dc=com”
adding new entry
“ou=people,dc=tencongty,dc=com”
adding new
entry “ou=groups,dc=tencongty,dc=com”
# extract local users who have 500-999 digit UID
# replace "SUFFIX=***" to your own suffix
# this is an example
#!/bin/bash
SUFFIX='dc=tencongty,dc=com'
LDIF='ldapuser.ldif'
echo -n > $LDIF
for line in `grep "x:[5-9][0-9][0-9]:" /etc/passwd | sed -e "s/ /%/g"`
do
UID1=`echo $line | cut -d: -f1`
NAME=`echo $line | cut -d: -f5 | cut -d, -f1`
if [ ! "$NAME" ]
then
NAME=$UID1
else
NAME=`echo $NAME | sed -e "s/%/ /g"`
fi
SN=`echo $NAME | awk '{print $2}'`
if [ ! "$SN" ]
then
SN=$NAME
fi
GIVEN=`echo $NAME | awk '{print $1}'`
UID2=`echo $line | cut -d: -f3`
GID=`echo $line | cut -d: -f4`
PASS=`grep $UID1: /etc/shadow | cut -d: -f2`
SHELL=`echo $line | cut -d: -f7`
HOME=`echo $line | cut -d: -f6`
EXPIRE=`passwd -S $UID1 | awk '{print $7}'`
FLAG=`grep $UID1: /etc/shadow | cut -d: -f9`
if [ ! "$FLAG" ]
then
FLAG="0"
fi
WARN=`passwd -S $UID1 | awk '{print $6}'`
MIN=`passwd -S $UID1 | awk '{print $4}'`
MAX=`passwd -S $UID1 | awk '{print $5}'`
LAST=`grep $UID1: /etc/shadow | cut -d: -f3`
echo "dn: uid=$UID1,ou=people,$SUFFIX" >> $LDIF
echo "objectClass: inetOrgPerson" >> $LDIF
echo "objectClass: posixAccount" >> $LDIF
echo "objectClass: shadowAccount" >> $LDIF
echo "uid: $UID1" >> $LDIF
echo "sn: $SN" >> $LDIF
echo "givenName: $GIVEN" >> $LDIF
echo "cn: $NAME" >> $LDIF
echo "displayName: $NAME" >> $LDIF
echo "uidNumber: $UID2" >> $LDIF
echo "gidNumber: $GID" >> $LDIF
echo "userPassword: {crypt}$PASS" >> $LDIF
echo "gecos: $NAME" >> $LDIF
echo "loginShell: $SHELL" >> $LDIF
echo "homeDirectory: $HOME" >> $LDIF
echo "shadowExpire: $EXPIRE" >> $LDIF
echo "shadowFlag: $FLAG" >> $LDIF
echo "shadowWarning: $WARN" >> $LDIF
echo "shadowMin: $MIN" >> $LDIF
echo "shadowMax: $MAX" >> $LDIF
echo "shadowLastChange: $LAST" >> $LDIF
echo >> $LDIF
done
[root@svr1
setldap]# ldapadd -x -D cn=Manager,dc=tencongty,dc=com -W -f ldapuser.ldif[root@svr1
setldap]# sh ldapuser.sh
Enter LDAP Password:
[root@svr1
setldap]# vi ldapgroup.sh
# extract local groups who have 500-999 digit UID
# replace "SUFFIX=***" to your own suffix
# this is an example
#!/bin/bash
SUFFIX='dc=tencongty,dc=com'
LDIF='ldapgroup.ldif'
echo -n > $LDIF
for line in `grep "x:[5-9][0-9][0-9]:" /etc/group`
do
CN=`echo $line | cut -d: -f1`
GID=`echo $line | cut -d:
-f3`
echo "dn:
cn=$CN,ou=groups,$SUFFIX" >> $LDIF
echo "objectClass:
posixGroup" >> $LDIF
echo "cn: $CN"
>> $LDIF
echo "gidNumber:
$GID" >> $LDIF
users=`echo $line | cut -d:
-f4 | sed "s/,/ /g"`
for user in ${users} ; do
echo "memberUid:
${user}" >> $LDIF
done
echo >> $LDIF
done
[root@svr1 setldap]# sh ldapgroup.sh
[root@svr1
setldap]# ldapadd -x -D cn=Manager,dc=tencongty,dc=com -W -f ldapgroup.ldif
Enter LDAP Password:
II. Cài LDAP client
[root@svr1
Desktop]# yum -y install openldap-clients nss-pam-ldapd
[root@svr1
Desktop]# vi /etc/openldap/ldap.conf
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
BASE dc=tencongty,dc=com
URI ldap://10.0.0.2/
TLS_CACERTDIR
/etc/openldap/certs
[root@svr1 Desktop]# vi /etc/nslcd.conf
line131 uri ldap://10.0.0.2/
line132 base dc=tencongty,dc=com
ssl no
tls_cacertdir /etc/openldap/cacerts
[root@svr1
Desktop]# vi /etc/pam_ldap.conf
line 17 host 127.0.0.1
line 20 base
dc=tencongty,dc=com
add line last line:
uri
ldap://10.0.0.2/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
[root@svr1 Desktop]# vi /etc/pam.d/system-auth
#%PAM-1.0
# This
file is auto-generated.
# User
changes will be destroyed the next time authconfig is run.
auth
required pam_env.so
auth
sufficient pam_fprintd.so
auth
sufficient pam_unix.so nullok try_first_pass
auth
requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so
use_first_pass
auth
required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet
use_uid
session required pam_unix.so
session optional pam_ldap.so
# add if you need ( create home directory automatically if it’s
none )
session optional pam_mkhomedir.so skel=/etc/skel umask=077
Xanh là những dòng cộng thêm
# vi /etc/nsswitch.conf
Line 33: add:
passwd: files
ldap
shadow: files
ldap
group: files
ldap
57 netgroup: ldap
61 automount: files ldap
# vi /etc/sysconfig/authconfig
line 21
21 USELDAP=yes
# chkconfig nslcd on
# shutdown -r now
[root@svr1 Desktop]# chkconfig nslcd on
III. Cài SAMBA kết
hợp LDAP làm PDC
[root@svr1
Desktop]# mkdir /tmp/setsamba
[root@svr1
Desktop]# cd /tmp/setsamba
Chép
repo từ đây về
http://mirror.centos.org/centos/6.4/os/x86_64/Packages/
[root@svr1
setsamba]# rpm2cpio samba-3.6.9-151.el6.x86_64.rpm | cpio -id
36381 blocks
[root@svr1
setsamba]# cp ./etc/openldap/schema/samba.schema /etc/openldap/schema/
cp: overwrite
`/etc/openldap/schema/samba.schema'? y
[root@svr1
setsamba]# vi schema_convert.conf
Create new:
include /etc/openldap/schema/core.schema
include
/etc/openldap/schema/collective.schema
include
/etc/openldap/schema/corba.schema
include
/etc/openldap/schema/cosine.schema
include
/etc/openldap/schema/duaconf.schema
include
/etc/openldap/schema/dyngroup.schema
include
/etc/openldap/schema/inetorgperson.schema
include
/etc/openldap/schema/java.schema
include
/etc/openldap/schema/misc.schema
include
/etc/openldap/schema/nis.schema
include
/etc/openldap/schema/openldap.schema
include
/etc/openldap/schema/ppolicy.schema
include
/etc/openldap/schema/samba.schema
[root@svr1
setsamba]# mkdir /tmp/setsamba/ldif_output
[root@svr1
setsamba]# slapcat -f schema_convert.conf -F /tmp/setsamba/ldif_output -n0 -s
"cn={12}samba,cn=schema,cn=config" > ./cn=samba.ldif
[root@svr1
setsamba]# vim cn=samba.ldif
line 1-->3
remove {12}
dn:
cn=samba,cn=schema,cn=config
objectClass:
olcSchemaConfig
cn: samba
#remove line
218
structuralObjectClass: olcSchemaConfig
219 entryUUID:
9e8376fc-587b-1032-93a7-6de09d69b351
220
creatorsName: cn=config
221
createTimestamp: 20130524050747Z
222 entryCSN:
20130524050747.408358Z#000000#000#000000
223 modifiersName:
cn=config
224
modifyTimestamp: 20130524050747Z
[root@svr1
setsamba]# ldapadd -Y EXTERNAL -H ldapi:/// -f cn=samba.ldif
SASL/EXTERNAL
authentication started
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new
entry "cn=samba,cn=schema,cn=config"
[root@svr1 setsamba]# vi samba_indexes.ldif
create new:
dn:
olcDatabase={2}hdb,cn=config
changetype:
modify
add: olcDbIndex
olcDbIndex:
uidNumber eq
olcDbIndex:
gidNumber eq
olcDbIndex:
loginShell eq
olcDbIndex: uid
eq,pres,sub
olcDbIndex:
memberUid eq,pres,sub
olcDbIndex:
uniqueMember eq,pres
olcDbIndex:
sambaSID eq
olcDbIndex:
sambaPrimaryGroupSID eq
olcDbIndex:
sambaGroupType eq
olcDbIndex:
sambaSIDList eq
olcDbIndex:
sambaDomainName eq
olcDbIndex:
default sub
~
[root@svr1 setsamba]# ldapmodify -Y EXTERNAL -H ldapi:/// -f
samba_indexes.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config
trước khi chạy lệnh này phải
cài cái repo 6.8 trước
#yum --enablerepo=epel -y install smbldap-tools
[root@svr1
setsamba]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@svr1
setsamba]# cp /usr/share/doc/smbldap-tools-0.9.6/smb.conf /etc/samba/smb.conf
[root@svr1
setsamba]# vi /etc/samba/smb.conf
# Global parameters
[global]
workgroup = TENCONGTY.COM
netbios name = SRV-PDC
security = user
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = yes
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd -u “%u”
passwd chat = “Changing *\nNew password*” %n\n “*Retype new password*” %n\n”
log level = 0
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = CP932
Unix charset = UTF-8
logon script = logon.bat
logon drive = W:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
# passdb backend = ldapsam:”ldap://ldap1.company.com ldap://ldap2.company.com”
passdb backend = ldapsam:ldap://10.0.0.2/
ldap admin dn = cn=Manager,dc=tencongty,dc=com
#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
ldap suffix = dc=tencongty,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m “%u”
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel “%u”
add machine script = /usr/sbin/smbldap-useradd -t 0 -w “%u”
add group script = /usr/sbin/smbldap-groupadd -p “%g”
delete group script = /usr/sbin/smbldap-groupdel “%g”
add user to group script = /usr/sbin/smbldap-groupmod -m “%u” “%g”
delete user from group script = /usr/sbin/smbldap-groupmod -x “%u” “%g”
set primary group script = /usr/sbin/smbldap-usermod -g ‘%g’ ‘%u’
admin users = root
ldap ssl = no
# printers configuration
#printer admin = @”Print Operators”
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U “Domain Admins”
[printers]
comment = Network Printers
#printer admin = @”Print Operators”
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
# print command = /usr/bin/lpr -U%U@%M -P%p -r %s
# lpq command = /usr/bin/lpq -U%U@%M -P%p
# lprm command = /usr/bin/lprm -U%U@%M -P%p %j
# lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
# lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
# queuepause command = /usr/sbin/lpc -U%U@%M stop %p
# queueresume command = /usr/sbin/lpc -U%U@%M start %p
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @”Print Operators”
write list = @”Print Operators”
create mask = 0664
directory mask = 0775
[public]
path = /datasamba/public
guest ok = yes
browseable = Yes
writable = yes
force create mode = 0775
force directory mode = 0775
[private]
path = /datasamba/private
guest ok = yes
browseable = Yes
writable = yes
force create mode = 0770
force directory mode = 0770
[root@svr1
setsamba]# mkdir /datasamba
[root@svr1 setsamba]#
mkdir /datasamba/public ;chmod 777 /datasamba/public
[root@svr1 setsamba]#
mkdir /datasamba/private ;chmod 770 /datasamba/public
Shutting down SMB
services:
[FAILED]
Starting SMB services: [ OK ]
[root@svr1
setsamba]# service nmb restart
Shutting down NMB
services:
[FAILED]
Starting NMB services: [ OK ]
[root@svr1
setsamba]# chkconfig smb on
[root@svr1
setsamba]# chkconfig nmb on
[root@svr1
setsamba]# smbpasswd -W
Setting stored password for
"cn=Manager,dc=tencongty,dc=com" in secrets.tdb
New SMB password:
Retype new SMB password:
[root@svr1
setsamba]# perl
/usr/share/doc/smbldap-tools-*/configure.pl
Enter 5 lần
Tới đây:
logon home (press the "." character if
you don't want homeDirectory) [\\PDC-SRV\%U] > .
.
# nhập dấu chấm
. logon path: directory where roaming profiles are stored.
Ex:'\\PDC-SRV\profiles\%U'
logon path (press the "." character if you don't want roaming
profile) [\\PDC-SRV\profiles\%U] >.
.
# nhập dấu chấm
Tới lần 6 và 7 thì thêm dấu “.”
Và enter
Còn lại thì enter hết
[root@svr1
setsamba]# smbldap-populate
Populating LDAP directory for
domain tencongty.com (S-1-5-21-2348163517-1299168905-597205331)
(using builtin directory
structure)
entry dc=tencongty,dc=com
already exist.
adding new entry:
ou=Users,dc=tencongty,dc=com
adding new entry:
ou=Groups,dc=tencongty,dc=com
adding new entry:
ou=Computers,dc=tencongty,dc=com
adding new entry:
ou=Idmap,dc=tencongty,dc=com
adding new entry:
uid=root,ou=Users,dc=tencongty,dc=com
adding new entry:
uid=nobody,ou=Users,dc=tencongty,dc=com
adding new entry: cn=Domain
Admins,ou=Groups,dc=tencongty,dc=com
adding new entry: cn=Domain
Users,ou=Groups,dc=tencongty,dc=com
adding new entry: cn=Domain
Guests,ou=Groups,dc=tencongty,dc=com
adding new entry: cn=Domain
Computers,ou=Groups,dc=tencongty,dc=com
adding new entry:
cn=Administrators,ou=Groups,dc=tencongty,dc=com
adding new entry: cn=Account
Operators,ou=Groups,dc=tencongty,dc=com
adding new entry: cn=Print
Operators,ou=Groups,dc=tencongty,dc=com
adding new entry: cn=Backup
Operators,ou=Groups,dc=tencongty,dc=com
adding new entry:
cn=Replicators,ou=Groups,dc=tencongty,dc=com
entry
sambaDomainName=tencongty.com,dc=tencongty,dc=com already exist. Updating it...
Please provide a password for
the domain root:
Changing UNIX and samba
passwords for root
New password:
Retype new password: