[Samba] Samba4 binding LDAP Server

Rowland Penny rowlandpenny at googlemail.com
Sun Jun 1 14:43:34 MDT 2014 

On 01/06/14 20:29, Marc Muehlfeld wrote:
> Am 01.06.2014 18:11, schrieb Danilo Mussolini:
>> * Samba Version?
>> 4.1.7
>>
>> * Self compiled / Package (from where) / ...?
>> Self compiled
>>
>> * Do you use Winbind or how you get the domain users from your LDAP server?
>> I don't use winbindd. Here are the LDAP settings:
>>      passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
>>      ldap suffix = dc=o2pos,dc=com
>>      ldap user suffix = ou=people
>>      ldap group suffix = ou=groups
>>      ldap machine suffix = ou=Computers
>>      ldap idmap suffix = ou=Idmap
>>      ldap admin dn = cn=admin,dc=o2pos,dc=com
>>      ldap ssl = no
>>      name resolve order = lmhosts host wins bcast
>>      security = user
>>
>> * Please show the ACLs on the folder.
>> I don't use ACL because the filesystem (ZFS) still doesn't support that on
>> Linux.
>> Here is an example of the shared folder permissions:
>>      drwxrwsr-x 4 o2pos o2pos 6 May 29 20:08 Publicidade
>>
>> * Your complete smb.conf would be helpful to.
>> There you go:
>>
>> [global]
>>>   server string = Samba Server Version %v
>>>
>>>   netbios name = o2pos
>>>
>>>   log file = /var/log/samba/log.%m
>>>
>>> max log size = 50
>>>
>>>   log level = 5
>>>
>>>   load printers = no
>>>
>>> cups options = raw
>>>
>>>
>>>
>>>         passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
>>>
>>>         ldap suffix = dc=o2pos,dc=com
>>>
>>>         ldap user suffix = ou=people
>>>
>>>         ldap group suffix = ou=groups
>>>
>>>         ldap machine suffix = ou=Computers
>>>
>>>         ldap idmap suffix = ou=Idmap
>>>
>>>         ldap admin dn = cn=admin,dc=o2pos,dc=com
>>>
>>>         ldap ssl = no
>>>
>>>         name resolve order = lmhosts host wins bcast
>>>
>>>         security = user
>>>
>>>
>>> [Publicidade]
>>>
>>>          comment = Publicidade
>>>
>>>          path = /Storage/Publicidade
>>>
>>> read only = no
>>>
>>>
>>> [Test]
>>>
>>> comment = test
>>>
>>> path = /u01
>>>
>>> read only = no
>>>
>>>
>> I have a mixed environment involving MacOS, Windows and Linux clients. So I
>> don't need to administer the permissions from Windows. The important to me
>> is the group owner, so the users in this group will have permissions to
>> write in this share, and this will be so in the subfolders and files. There
>> is no need to custom or change permissions in the share.
>
> Could it be possible that this is a standalone server or a PDC and not a
> Member Server (the config doesn't look like a Member Server).
I agree this is not a member server, it also not a PDC, no domain lines! 
it can only be a standalone server.
The OP probably calls it a member server, but it isn't, well not in my 
opinion.

Rowland

>
> I sadly have no PDC with openLDAP backend in my test environment here
> and run a standalone with LDAP backend. So I can't give your config a
> short try. Sorry.
>
>
> The following is a working share configuration from my production
> (4.1.7, AD Member Server, that uses only Linux ACLs):
> [packages]
>          path = /srv/samba/Packages
>          browsable = no
>          force create mode = 0664
>          force directory mode = 2775
>          guest ok = no
>          valid users = +MUC\packages
>          invalid users =
>          wide links = yes
>
>
>
>
>
> Regards,
> Marc

More information about the samba mailing list