[Samba] Samba4 binding LDAP Server

Marc Muehlfeld mmuehlfeld at samba.org
Sun Jun 1 13:29:32 MDT 2014 

Am 01.06.2014 18:11, schrieb Danilo Mussolini:
> * Samba Version?
> 4.1.7
> 
> * Self compiled / Package (from where) / ...?
> Self compiled
>
> * Do you use Winbind or how you get the domain users from your LDAP server?
> I don't use winbindd. Here are the LDAP settings:
>     passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
>     ldap suffix = dc=o2pos,dc=com
>     ldap user suffix = ou=people
>     ldap group suffix = ou=groups
>     ldap machine suffix = ou=Computers
>     ldap idmap suffix = ou=Idmap
>     ldap admin dn = cn=admin,dc=o2pos,dc=com
>     ldap ssl = no
>     name resolve order = lmhosts host wins bcast
>     security = user
> 
> * Please show the ACLs on the folder.
> I don't use ACL because the filesystem (ZFS) still doesn't support that on
> Linux.
> Here is an example of the shared folder permissions:
>     drwxrwsr-x 4 o2pos o2pos 6 May 29 20:08 Publicidade
> 
> * Your complete smb.conf would be helpful to.
> There you go:
> 
> [global]
>>
>>  server string = Samba Server Version %v
>>
>>  netbios name = o2pos
>>
>>  log file = /var/log/samba/log.%m
>>
>> max log size = 50
>>
>>  log level = 5
>>
>>  load printers = no
>>
>> cups options = raw
>>
>>
>>
>>        passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
>>
>>        ldap suffix = dc=o2pos,dc=com
>>
>>        ldap user suffix = ou=people
>>
>>        ldap group suffix = ou=groups
>>
>>        ldap machine suffix = ou=Computers
>>
>>        ldap idmap suffix = ou=Idmap
>>
>>        ldap admin dn = cn=admin,dc=o2pos,dc=com
>>
>>        ldap ssl = no
>>
>>        name resolve order = lmhosts host wins bcast
>>
>>        security = user
>>
>>
>> [Publicidade]
>>
>>         comment = Publicidade
>>
>>         path = /Storage/Publicidade
>>
>> read only = no
>>
>>
>> [Test]
>>
>> comment = test
>>
>> path = /u01
>>
>> read only = no
>>
>>
> 
> I have a mixed environment involving MacOS, Windows and Linux clients. So I
> don't need to administer the permissions from Windows. The important to me
> is the group owner, so the users in this group will have permissions to
> write in this share, and this will be so in the subfolders and files. There
> is no need to custom or change permissions in the share.


Could it be possible that this is a standalone server or a PDC and not a
Member Server (the config doesn't look like a Member Server).

I sadly have no PDC with openLDAP backend in my test environment here
and run a standalone with LDAP backend. So I can't give your config a
short try. Sorry.


The following is a working share configuration from my production
(4.1.7, AD Member Server, that uses only Linux ACLs):
[packages]
        path = /srv/samba/Packages
        browsable = no
        force create mode = 0664
        force directory mode = 2775
        guest ok = no
        valid users = +MUC\packages
        invalid users =
        wide links = yes





Regards,
Marc

More information about the samba mailing list