[Samba] samba4 + LDAP

Daniel Müller mueller at tropenklinik.de
Wed Oct 23 00:41:40 MDT 2013


As far as I know openldap will not work anymore. You need to do it with
samba 4 c-ldap.
Just migrate your users to samba 4, classic upgrade!
To make  your linux box know about ads users my way is to use samba 4
winbind Ex.: for my CentOs 6.4:
Be sure winbind is running:
 ldconfig -v | grep winbind
--
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
        libnss_winbind.so -> libnss_winbind.so.2

[root at s4master lib]# wbinfo -u
Administrator
Guest
krbtgt
dns-s4master

You need to change /etc/nsswitch.conf:
passwd:     files winbind
shadow:     files
group:      files winbind

AND:
ln -s  /usr/local/samba/lib/libnss_winbind.so.2  /lib64/libnss_winbind.so
ln  -s /lib64/libnss_winbind.so  /lib64/libnss_winbind.so.2

Now,

[root at s4master ~]# ldconfig -v | grep winbind
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.14.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
        libnss_winbind.so -> libnss_winbind.so.2
        libnss_winbind.so -> libnss_winbind.so.2

And getent passwd
....
TPLK\Administrator:*:0:100:Daniel Müller:/home/TPLK/Administrator:/bin/false
TPLK\Guest:*:3000011:3000012::/home/TPLK/Guest:/bin/false
TPLK\krbtgt:*:3000022:100::/home/TPLK/krbtgt:/bin/false
TPLK\dns-s4master:*:3000023:100::/home/TPLK/dns-s4master:/bin/false
TPLK\marstaller:*:3000028:100:XXXXXXXXXXXX:/home/TPLK/marstaller:/bin/false
TPLK\tester:*:3000029:100::/home/TPLK/tester:/bin/false


Getent group

...
TPLK\Enterprise Read-Only Domain Controllers:*:3000016:
TPLK\Domain Admins:*:3000008:
TPLK\Domain Users:*:100:
TPLK\Domain Guests:*:3000012:
TPLK\Domain Computers:*:3000017:
TPLK\Domain Controllers:*:3000018:
TPLK\Schema Admins:*:3000007:
TPLK\Enterprise Admins:*:3000006:
TPLK\Group Policy Creator Owners:*:3000004:
TPLK\Read-Only Domain Controllers:*:3000019:
TPLK\DnsUpdateProxy:*:3000020:

Good Luck
Daniel

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von François Dagorn
Gesendet: Mittwoch, 23. Oktober 2013 07:46
An: samba at lists.samba.org
Betreff: [Samba] samba4 + LDAP

Hello all,

we are currently running several samba 3 services to give CIFS access to
shares (mostly homedirs).
Well, access to the shares are controlled by our LDAP service (not AD,
OpenLDAP). Our servers are using sssd + pam to check wether or not a user is
allowed to mount the share (on some old servers we also use the pam_ldap
module for pam).

Now, we just want to run samba 4 as simply as possible, i.e. just install
samba 4 without any change on the sssd + pam side. Hum, seems difficult,
samba does not query LDAP at all !

I've looked at
http://wiki.samba.org/index.php/Local_user_management_and_authentication/sss
d
strange, seems to need a special account in our LDAP service, IS THIS TRUE ?
or is there a way to continue with SSSD + PAM without changing anything in
our LDAP service ?

Any help would be appreciated !
Cheers.

François
Université de Rennes
France
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list