[Samba] LDAP with posix account (userPassword only)
Soohoon Lee
soohoon at gmail.com
Wed Jul 16 17:50:02 GMT 2008
I've setup samba to use LDAP passdb backend and it works fine.
LDAP has sambaNTPassword and more samba entities.
But I wonder if I can make samba work with userPassword only.
I think somebody is doing it and I look at their config but couldn't find
anything special.
Thanks.
[global]
workgroup = NT
netbios name = SAMBASERVER
server string = NT Master
passdb backend = tdbsam
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins lmhosts bcast hosts
add user script = smbldap-useradd -m '%u'
delete user script = smbldap-userdel '%u'
add group script = smbldap-groupadd '%g'
delete group script = smbldap-groupdel '%g'
add user to group script = smbldap-groupmod -m '%u' '%g'
delete user from group script = smbldap-groupmod -x '%u' '%g'
set primary group script = smbldap-usermod -g '%g' '%u'
add machine script = smbldap-useradd -w '%u'
logon script = login.bat
logon path =
logon drive = X:
logon home =
os level = 65
wins support = Yes
ldap admin dn = cn=Manager,dc=my-domain,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap suffix = dc=my-domain,dc=com
ldap ssl = no
ldap timeout = 20
ldap user suffix = ou=People
idmap backend = ldapsam:ldap://localhost
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
ea support = Yes
map acl inherit = Yes
cups options = raw
[homes]
comment = Home Directories
valid users = MYDOMAIN\%S
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
guest ok = Yes
share modes = No
[Profiles]
path = /var/lib/samba/profiles
guest ok = Yes
browseable = No
[public]
comment = Public Stuff
path = /home/share
write list = +staff
read only = No
guest ok = Yes
slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to dn.base=""
by self write
by * auth
access to attrs=userPassword
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
by anonymous auth
idletimeout 30
database bdb
suffix dc=nt,dc=com
rootdn cn=Manager,dc=nt,dc=com
rootpw secret
replica host=nt.com:389
suffix="dc=nt,dc=com"
binddn="cn=updateuser,dc=nt,dc=com"
bindmethod=simple credentials=secret
access to attrs=sambaLMPassword,sambaNTPassword
by dn="cn=sambaadmin,dc=nt,dc=com" write
by * none
replogfile /var/lib/ldap/replogfile
directory /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
indes sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
indes person eq
index default sub
index sambaSIDList eq,pres
More information about the samba
mailing list