[Samba] Samba4 binding LDAP Server
Rowland Penny
rowlandpenny at googlemail.com
Sun Jun 1 14:43:34 MDT 2014
On 01/06/14 20:29, Marc Muehlfeld wrote:
> Am 01.06.2014 18:11, schrieb Danilo Mussolini:
>> * Samba Version?
>> 4.1.7
>>
>> * Self compiled / Package (from where) / ...?
>> Self compiled
>>
>> * Do you use Winbind or how you get the domain users from your LDAP server?
>> I don't use winbindd. Here are the LDAP settings:
>> passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
>> ldap suffix = dc=o2pos,dc=com
>> ldap user suffix = ou=people
>> ldap group suffix = ou=groups
>> ldap machine suffix = ou=Computers
>> ldap idmap suffix = ou=Idmap
>> ldap admin dn = cn=admin,dc=o2pos,dc=com
>> ldap ssl = no
>> name resolve order = lmhosts host wins bcast
>> security = user
>>
>> * Please show the ACLs on the folder.
>> I don't use ACL because the filesystem (ZFS) still doesn't support that on
>> Linux.
>> Here is an example of the shared folder permissions:
>> drwxrwsr-x 4 o2pos o2pos 6 May 29 20:08 Publicidade
>>
>> * Your complete smb.conf would be helpful to.
>> There you go:
>>
>> [global]
>>> server string = Samba Server Version %v
>>>
>>> netbios name = o2pos
>>>
>>> log file = /var/log/samba/log.%m
>>>
>>> max log size = 50
>>>
>>> log level = 5
>>>
>>> load printers = no
>>>
>>> cups options = raw
>>>
>>>
>>>
>>> passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
>>>
>>> ldap suffix = dc=o2pos,dc=com
>>>
>>> ldap user suffix = ou=people
>>>
>>> ldap group suffix = ou=groups
>>>
>>> ldap machine suffix = ou=Computers
>>>
>>> ldap idmap suffix = ou=Idmap
>>>
>>> ldap admin dn = cn=admin,dc=o2pos,dc=com
>>>
>>> ldap ssl = no
>>>
>>> name resolve order = lmhosts host wins bcast
>>>
>>> security = user
>>>
>>>
>>> [Publicidade]
>>>
>>> comment = Publicidade
>>>
>>> path = /Storage/Publicidade
>>>
>>> read only = no
>>>
>>>
>>> [Test]
>>>
>>> comment = test
>>>
>>> path = /u01
>>>
>>> read only = no
>>>
>>>
>> I have a mixed environment involving MacOS, Windows and Linux clients. So I
>> don't need to administer the permissions from Windows. The important to me
>> is the group owner, so the users in this group will have permissions to
>> write in this share, and this will be so in the subfolders and files. There
>> is no need to custom or change permissions in the share.
>
> Could it be possible that this is a standalone server or a PDC and not a
> Member Server (the config doesn't look like a Member Server).
I agree this is not a member server, it also not a PDC, no domain lines!
it can only be a standalone server.
The OP probably calls it a member server, but it isn't, well not in my
opinion.
Rowland
>
> I sadly have no PDC with openLDAP backend in my test environment here
> and run a standalone with LDAP backend. So I can't give your config a
> short try. Sorry.
>
>
> The following is a working share configuration from my production
> (4.1.7, AD Member Server, that uses only Linux ACLs):
> [packages]
> path = /srv/samba/Packages
> browsable = no
> force create mode = 0664
> force directory mode = 2775
> guest ok = no
> valid users = +MUC\packages
> invalid users =
> wide links = yes
>
>
>
>
>
> Regards,
> Marc
More information about the samba
mailing list