samba with openldap provisioning

Martin Simons martin at webhuis.nl
Thu Aug 1 05:32:57 MDT 2013 

Dear Nadya,

This is the bad news that I have been waiting for ever since I attended the
Samba4 presentation at Fosdem.

I am afraid and AFAIK this is by design. The Samba project seems to have
elected build a Microsoft Active Directory compliant file serving system. At
Fosdem it became obvious that the project no longer support a standardized
LDAP, when questions about the subject were raised. You can still find the
presentation in the Fosdem documentation.

After the presentation I explicitly asked about openldap support in the near
future. The answer was that the projectwould not let us down, but now it looks
like this promise still has to come true.

What I am destilling from the conversations in this list is that the project
is making a great effort to implement all sorts of functionality in some kind
of a monlith solution. I really makes me sad that one of the corner stones in
open source solutions now seems to have eroded.

I advocate to reconsider the decissions made and build Samba around open
standard solutions, openldap among others, that optionally feed Microsoft
solutions.

Best regards,
Martin.

> Hi Andrew,
> I've been trying to provision samba to use openldap backend, but have been
> unsuccessful so far, and as there are no error messages, I am not sure if I
> am doing something wrong or it is a bug introduced after development was
> discontinued. The howto has been removed from the wiki. I have a working
> installation of OpenLDAP - installed but not running (running or not, it
> seems to make no difference). I was unable to find if some special openldap
> configuration was needed, so I only have one database configured for my
> domain.
>
> This is my command line:
>
> /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --realm=
> nadya.com --domain=testdomain --host-name=drizzit --host-ip=127.0.0.1
> --adminpass=Secret123 --root=root --server-role="domain controller"
> --ldapadminpass=secret --ldap-backend-type=openldap -d 7
>
> And the output is:
>
> INFO: Current debug levels:
>   all: 7
>   tdb: 7
>   printdrivers: 7
>   lanman: 7
>   smb: 7
>   rpc_parse: 7
>   rpc_srv: 7
>   rpc_cli: 7
>   passdb: 7
>   sam: 7
>   auth: 7
>   winbind: 7
>   vfs: 7
>   idmap: 7
>   quota: 7
>   acls: 7
>   locking: 7
>   msdfs: 7
>   dmapi: 7
>   registry: 7
>   scavenger: 7
>   dns: 7
>   ldb: 7
> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> pm_process() returned Yes
> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.confo
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> pm_process() returned Yes
> No IPv4 address will be assigned
> Looking up IPv6 addresses
> added interface wlan0 ip=192.168.11.146 bcast=192.168.11.255
> netmask=255.255.255.0
> No IPv6 address will be assigned
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = TESTDOMAIN
> doing parameter realm = nadya.com
> doing parameter netbios name = DRIZZIT
> doing parameter server role = active directory domain controller
> doing parameter log level = 7
> INFO: Current debug levels:
>   all: 7
>   tdb: 7
>   printdrivers: 7
>   lanman: 7
>   smb: 7
>   rpc_parse: 7
>   rpc_srv: 7
>   rpc_cli: 7
>   passdb: 7
>   sam: 7
>   auth: 7
>   winbind: 7
>   vfs: 7
>   idmap: 7
>   quota: 7
>   acls: 7
>   locking: 7
>   msdfs: 7
>   dmapi: 7
>   registry: 7
>   scavenger: 7
>   dns: 7
>   ldb: 7
> doing parameter dns forwarder = 127.0.1.1
> Processing section "[netlogon]"
> doing parameter path = /usr/local/samba/var/locks/sysvol/nadya.com/scripts
> doing parameter read only = No
> Processing section "[sysvol]"
> doing parameter path = /usr/local/samba/var/locks/sysvol
> doing parameter read only = No
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> Initialising default vfs hooks
> Successfully added vfs backend 'posixacl'
> Successfully added vfs backend '/[Default VFS]/'
> Successfully added vfs backend 'dfs_samba4'
> Initialising custom vfs hooks from [/[Default VFS]/]
> Successfully loaded vfs module [/[Default VFS]/] with the new modules system
> Initialising custom vfs hooks from [acl_xattr]
> vfs module [acl_xattr] not loaded - trying to load...
> Loading module 'acl_xattr'
> Loading module 'acl_xattr': Trying to load from
> /usr/local/samba/lib/vfs/acl_xattr.so
> Module 'acl_xattr' loaded
> Successfully added vfs backend 'acl_xattr'
> Successfully loaded vfs module [acl_xattr] with the new modules system
> Initialising custom vfs hooks from [dfs_samba4]
> Successfully loaded vfs module [dfs_samba4] with the new modules system
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and
> 'force unknown acl user = true' for service Unknown Service (snum == -1)
> Initialising default vfs hooks
> Initialising   vfs hooks from [/[Default VFS]/]
> Successfully loaded vfs module [/[Default VFS]/] with the new modules system
> Initialising custom vfs hooks from [acl_xattr]
> Successfully loaded vfs module [acl_xattr] with the new modules system
> Initialising custom vfs hooks from [dfs_samba4]
> Successfully loaded vfs module [dfs_samba4] with the new modules system
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and
> 'force unknown acl user = true' for service Unknown Service (snum == -1)
>
>
> The same command works fine without the openldap options.
>
> Any ideas?
>
>
> Regards,
> Nadya
>


Met vriendelijke groet,
Martin.

+31651567029

<html><body><a href="http://nl.linkedin.com/pub/martin-simons/1/b78/966"
style="text-decoration:none;"><span style="font: 80% Arial,sans-serif;
color:#0783B6;"><img
src="http://www.linkedin.com/img/webpromo/btn_in_20x15.png" width="20"
height="15" alt="View Martin Simons's LinkedIn profile"
style="vertical-align:middle" border="0">View Martin Simons's
profile</span></a></body></html>

More information about the samba-technical mailing list