[Samba] Samba 4.1.8 Importing automountmap ldif entries from existing OpenLDAP setup or ?

steve steve at steve-ss.com
Sat Jun 28 07:45:56 MDT 2014 

On Fri, 2014-06-27 at 15:29 -0700, Jefferson Davis wrote:
> Thanks for the quick reply...
> 
> I actually have 2 OpenLDAP dirs that I can pull from...  one with the
> default redhat rfc2307 and the other with rfc2307bis (an experiment I
> can sync and convert to)...
Hi
I mentioned the schemas because the ldifs you sent were neither nis nor
rfc2307bis. I can say for certain that both work with AD BUT the latter
requires an extension. If you are in production, I'd not risk that
unless you were down.
> 
> Took a look at the excellent guide you mentioned: I'm having a bit of
> difficulty getting my brain wrapped around a few things, trying to map
> my current setup to the guide.
If you possibly can, and having tested both, I'd go for the nis, simply
because it's already there in Samba4.
> 
> a) while each user currently has their own dn: in the auto_data ou,
> the examples appear to handle it differently, with autofs handling
> this from the kerberos ticket's user data and passes the cifs username
> to nfs and only needing a single nisMapEntry attribute for all users
> on the given share?  Am I even close?
Yes and no. the examples we used were our own examples where we use
wildcards to mount e.g. user home directories:

/home/users/steve
maps nicely to:
* -fstype=cifs,username=somebody,multiuser ://users/&

where //users points at /home/users and somebody is just a low privilege
user who gets the ticket for the mount.
With 600 users this is a godsend with a single map being good for all of
them. In fact it's easier with nfs because you can forget the cifs
multiuser stuff. 


> 
> b) our current setup maps users to 1 of two nfs shares.  The examples
> appear to me to only have an entry for each share as opposed to each
> user.  Am I tracking this correctly, or way, way off base?
> 
Without knowing exactly how your data is organised it's difficult to
advise although we can say from experience that kerberised nfs is no
problem with AD; indeed, that's how we started. We switched to cifs
throughout to solve file locking problems between our windows and Linux
clients.

> Sorry, it's been a VERY long time since I dealt with NFS via flat
> files, and I am still coming up to speed on AD and how it wants to do
> things differently than OpenLDAP.

It's pretty much the same except that we do all our work on a sort of
'dummy' db (sam.ldb) as an interim between us and AD. Working directly
with the dbs plays havoc. Once the maps are translated and in place you
can manipulate them with the tools you usually use except that samba
comes with a full set of ldb tools which you may wish to learn too.
Also, your client config is exactly the same as it was before, just that
the maps will be coming from AD rather than openldap.

As an aside, we use sssd to extract the autofs (and all the other
rfc2307) info. Recommended.

HTH and do let us know _when_ you get it going.
Steve

> 
> ______________________________________________________________________
> From: "steve" <steve at steve-ss.com>
> To: samba at lists.samba.org
> Sent: Friday, June 27, 2014 1:21:55 PM
> Subject: Re: [Samba] Samba 4.1.8 Importing automountmap ldif entries
> from existing OpenLDAP setup or ?
> 
> On Fri, 2014-06-27 at 10:34 -0700, Jefferson Davis wrote:
> > So, I have a test domain set up with rfc2307 = yes . 
> > 
> > Now I'm trying to figure out if a) my nfs automount data came over
> from OpenLDAP, and b) if not, how to get it into samba 4's ldap, or
> something else??? Do I need to rethink my approach? 
> > 
> > Mount locations are pretty consistent based on primary group/userid 
> > 
> > Needs to work on Linux. 
> > 
> > Existing entries look like this... 
> > 
> > # /u, auto.master, standard.k12.ca.us 
> > dn: cn=/u,ou=auto.master,dc=standard,dc=k12,dc=ca,dc=us 
> > objectClass: top 
> > objectClass: automount 
> > cn: /u 
> > automountInformation:
> ldap:ou=auto_data,dc=standard,dc=k12,dc=ca,dc=us 
> > description: use this if you want (useful for irix but thats another
> story) 
> > 
> > # /net, auto.master, standard.k12.ca.us 
> > dn: cn=/net,ou=auto.master,dc=standard,dc=k12,dc=ca,dc=us 
> > objectClass: top 
> > objectClass: automount 
> > cn: /net 
> > description: auto.master 
> > automountInformation: file:/etc/auto.net 
> > 
> > 
> > # jdavis, auto_data, standard.k12.ca.us 
> > dn: cn=jdavis,ou=auto_data,dc=standard,dc=k12,dc=ca,dc=us 
> > objectClass: automount 
> > cn: jdavis 
> > automountInformation:
> -fstype=nfs,hard,intr,nodev,nosuid,nolock,noatime,rsize= 
> > 32768,wsize=32768 scale.standard.k12.ca.us:/fs0/shares/Staff/jdavis 
> 
> Hi
> We cover the autofs possibilities for AD here:
> http://linuxcostablanca.blogspot.com.es/2013/09/samba4-autofs-with-rfc2307bis-schema.html
> 
> Whilst the method will be the same for extending the schema, the
> classes
> and attributes you need for your schema are different but listed in
> the
> same link. I'm guessing, but converting your ldifs into something
> either
> rfc2307bis or nis can understand should be easy enough. BTW, if you
> can
> convert to the nis schema, Samba4 already has that built in.
> Good luck,
> Steve
>   
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> 
> 
> -- 
> 
> 
> Jefferson K Davis 
> Technology and Information Systems Manager 
> Standard School District 
> 1200 North Chester Ave 
> Bakersfield, CA 93308 
> 661.392.2110 ext 120 (office) 
> http://district.standard.k12.ca.us 
> 
> District Users:  Click here to report technology issues
> 
> 
>

More information about the samba mailing list