[Samba] What is Samba_dsdb???

Rowland Penny rowlandpenny at googlemail.com
Sat Oct 25 16:44:46 MDT 2014


On 25/10/14 23:32, Greg Zartman wrote:
> On Sat, Oct 25, 2014 at 3:26 PM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
>     Hi Greg, it has been some time since I tried out SME, but if I
>     remember correctly it is based on Centos, if this is correct, then
>     things got a bit easier for you. Forget using Samba as an AD DC,
>     you cannot at this time setup a DC on Centos, just migrate your
>     samba 3.6 setup to whatever version of samba comes with whatever
>     version of Centos you are basing SME on, this will allow you to
>     use openldap as before.
>
>
> Yep, your memory is correct.  The CORE distro is Centos.  Right now 
> Samba 3.6 is working fine for legacy type domains (NT4), simple 
> shares, domain membership; and we have a good implementation of an 
> OpenLDAP auth backend.
>
> What I'm doing is looking forward to True Samba 4 AD and working to 
> build a deployment for an alpha type release of SME Server.  I've 
> rebuild the Sernet Samba 4 packages for SME Server (Centos) and they 
> work just fine for providing the Samba AD tools.
>
> I'm just having a hard time wrapping my brain around around the AD 
> auth in Samba 4 versus our older OpenLDAP auth.   Is it true that many 
> of the LDAP parameters in the smb.conf man pages really don't apply to 
> Samba 4 AD DC config?
>
> Thanks!
>
> Greg
Yes, you can probably forget most if not all of the LDAP parameters, 
samba4 in AD Mode just doesn't work like samba3.6 + openldap.
You probably have something like this in smb.conf:

# Global parameters
[global]
         workgroup = EXAMPLE
         realm = example.com
         netbios name = DC1
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbind, ntp_signd, kcc, dnsupdate
         idmap_ldb:use rfc2307 = yes

[netlogon]
         path = /var/lib/samba/sysvol/example.com/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

As you can see, there are no ldap lines!

What you have to understand is that you need to connect to samba4 AD 
just like you would connect to windows AD and will need to use different 
commands i.e samba-tool and/or ldb-tools for instance.

You can extend the schema fairly easily, autofs, sudo etc are being used 
fairly extensively.

Rowland


More information about the samba mailing list