[Samba] samba4 + LDAP

Daniel Müller mueller at tropenklinik.de
Wed Oct 23 00:41:40 MDT 2013

As far as I know openldap will not work anymore. You need to do it with
samba 4 c-ldap.
Just migrate your users to samba 4, classic upgrade!
To make  your linux box know about ads users my way is to use samba 4
winbind Ex.: for my CentOs 6.4:
Be sure winbind is running:
 ldconfig -v | grep winbind
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
        libnss_winbind.so -> libnss_winbind.so.2

[root at s4master lib]# wbinfo -u

You need to change /etc/nsswitch.conf:
passwd:     files winbind
shadow:     files
group:      files winbind

ln -s  /usr/local/samba/lib/libnss_winbind.so.2  /lib64/libnss_winbind.so
ln  -s /lib64/libnss_winbind.so  /lib64/libnss_winbind.so.2


[root at s4master ~]# ldconfig -v | grep winbind
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.14.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
        libnss_winbind.so -> libnss_winbind.so.2
        libnss_winbind.so -> libnss_winbind.so.2

And getent passwd
TPLK\Administrator:*:0:100:Daniel Müller:/home/TPLK/Administrator:/bin/false

Getent group

TPLK\Enterprise Read-Only Domain Controllers:*:3000016:
TPLK\Domain Admins:*:3000008:
TPLK\Domain Users:*:100:
TPLK\Domain Guests:*:3000012:
TPLK\Domain Computers:*:3000017:
TPLK\Domain Controllers:*:3000018:
TPLK\Schema Admins:*:3000007:
TPLK\Enterprise Admins:*:3000006:
TPLK\Group Policy Creator Owners:*:3000004:
TPLK\Read-Only Domain Controllers:*:3000019:

Good Luck

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von François Dagorn
Gesendet: Mittwoch, 23. Oktober 2013 07:46
An: samba at lists.samba.org
Betreff: [Samba] samba4 + LDAP

Hello all,

we are currently running several samba 3 services to give CIFS access to
shares (mostly homedirs).
Well, access to the shares are controlled by our LDAP service (not AD,
OpenLDAP). Our servers are using sssd + pam to check wether or not a user is
allowed to mount the share (on some old servers we also use the pam_ldap
module for pam).

Now, we just want to run samba 4 as simply as possible, i.e. just install
samba 4 without any change on the sssd + pam side. Hum, seems difficult,
samba does not query LDAP at all !

I've looked at
strange, seems to need a special account in our LDAP service, IS THIS TRUE ?
or is there a way to continue with SSSD + PAM without changing anything in
our LDAP service ?

Any help would be appreciated !

Université de Rennes
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list