[Samba] Samba4 binding LDAP Server
Marc Muehlfeld
mmuehlfeld at samba.org
Sun Jun 1 13:29:32 MDT 2014
Am 01.06.2014 18:11, schrieb Danilo Mussolini:
> * Samba Version?
> 4.1.7
>
> * Self compiled / Package (from where) / ...?
> Self compiled
>
> * Do you use Winbind or how you get the domain users from your LDAP server?
> I don't use winbindd. Here are the LDAP settings:
> passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
> ldap suffix = dc=o2pos,dc=com
> ldap user suffix = ou=people
> ldap group suffix = ou=groups
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
> ldap admin dn = cn=admin,dc=o2pos,dc=com
> ldap ssl = no
> name resolve order = lmhosts host wins bcast
> security = user
>
> * Please show the ACLs on the folder.
> I don't use ACL because the filesystem (ZFS) still doesn't support that on
> Linux.
> Here is an example of the shared folder permissions:
> drwxrwsr-x 4 o2pos o2pos 6 May 29 20:08 Publicidade
>
> * Your complete smb.conf would be helpful to.
> There you go:
>
> [global]
>>
>> server string = Samba Server Version %v
>>
>> netbios name = o2pos
>>
>> log file = /var/log/samba/log.%m
>>
>> max log size = 50
>>
>> log level = 5
>>
>> load printers = no
>>
>> cups options = raw
>>
>>
>>
>> passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
>>
>> ldap suffix = dc=o2pos,dc=com
>>
>> ldap user suffix = ou=people
>>
>> ldap group suffix = ou=groups
>>
>> ldap machine suffix = ou=Computers
>>
>> ldap idmap suffix = ou=Idmap
>>
>> ldap admin dn = cn=admin,dc=o2pos,dc=com
>>
>> ldap ssl = no
>>
>> name resolve order = lmhosts host wins bcast
>>
>> security = user
>>
>>
>> [Publicidade]
>>
>> comment = Publicidade
>>
>> path = /Storage/Publicidade
>>
>> read only = no
>>
>>
>> [Test]
>>
>> comment = test
>>
>> path = /u01
>>
>> read only = no
>>
>>
>
> I have a mixed environment involving MacOS, Windows and Linux clients. So I
> don't need to administer the permissions from Windows. The important to me
> is the group owner, so the users in this group will have permissions to
> write in this share, and this will be so in the subfolders and files. There
> is no need to custom or change permissions in the share.
Could it be possible that this is a standalone server or a PDC and not a
Member Server (the config doesn't look like a Member Server).
I sadly have no PDC with openLDAP backend in my test environment here
and run a standalone with LDAP backend. So I can't give your config a
short try. Sorry.
The following is a working share configuration from my production
(4.1.7, AD Member Server, that uses only Linux ACLs):
[packages]
path = /srv/samba/Packages
browsable = no
force create mode = 0664
force directory mode = 2775
guest ok = no
valid users = +MUC\packages
invalid users =
wide links = yes
Regards,
Marc
More information about the samba
mailing list