[Samba] Samba - OpenLDAP User Mapping
fuzzy_4711 at gmx.de
Fri Aug 26 04:39:02 MDT 2011
-------- Original - Text --------
I have to say I run on OpenSUSE 11.4 and I hate it for doing things not
transparent to the user like shown in the config file below.
> Did you getent passwd and getent group.
> And all ldap users and groups are shown up?
I can confirm this.
> Did you do at least install an ldap-client and ldapauth on your linux box?
Yes for the ldap-client and no for ldapauth - haven't even heard of it
so far. I am able to log in using a ldap user which is not locally
defined at the samba box, if this answers the background of your question.
> Do you talk to ldap with winbind, ldapsam:editposix?
It is ldapsam, here is an extract of my smb.conf:
passdb backend = ldapsam:ldap://ldap.mytld.de
set primary group script = ldapsmb -m -u "%u" -gid "%g"
add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
ldap admin dn = cn=Manager,dc=mytld,dc=de
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=mytld,dc=de
ldap ssl = no #testing only
ldap user suffix = ou=People
Your answer opened my eyes and I started wondering about the "add
machine script" and the "set primary group script" entries in my config.
I even do not have the ldapsmb rpm installed on the file server, but it
is installed (automatically by YaST) at the ldap box. I never used it,
it must have been installed and configured by YaST automatically.
Also it is not clear to me, why one need the add machine scpript. I
digged into the code and saw that it will read my smb.conf, get the
password from secret.tdb, do a connection to my ldap server, add a user
and a machine below Computers in the DIT.
map<string,any> config_map = $[
"bind_pw" : passwd,
"bind_dn" : bind_dn,
"user_base" : ldap_machine_suffix+","+ldap_suffix,
"type" : "ldap",
"plugins": [ "UsersPluginLDAPAll", "UsersPluginSamba" ],
map<string,any> data_map = $[
"uid" : value,
"givenName" : "Machine",
"cn" : value,
"sn" : "Machine",
"userPassword" : "*",
"loginShell" : "/bin/false",
"homeDirectory" : "/var/lib/nobody",
"create_home" : false,
// add the user
y2milestone (YaPI::USERS::UserAdd (config_map, data_map) );
Please tell me what is going on in the background so that I am able to
understand what to do. As said before, connecting the ldap server and
gathering information from there seems to work since I am able to see it
in the smb logs.
Is there a maybe a sequence diagramm available about what is going on
when a share wants to be opened? I saw something for winbind with unix
UID to samba SID but I got confused. It is not clear to me, when using
winbind. Also your Question
"Do you talk to ldap with winbind, ldapsam:editposix? " in this context
is not clear to me. Does it mean either winbind or ldapsam should be
used or are they used together?
I guess I go and find me a serious job...
More information about the samba