[Samba] How to configure passdb backend with LDAP

[Rowland Penny]

On 03/08/15 09:00, Juan Pardo wrote:
> Hello,
>
> First of all, thanks for all the answers.
>
> Our problem is similar to Bern's case. Is the same problem but we aren't upgrading from Samba 3 to Samba 4.
>
> In our case, we have an Identity Manager who have all the users and groups of our organization. IDM also loads this information in one Microsoft AD. We need to install one Samba server with one LDAP (in the same machine of samba server) with the same information contained in Active Directory but without being member of the Microsoft Domain.
>
> Really we have two problems, first of all, we need to validate user with LDAP instance in the same machine with the backend paramerter in the smb.conf (see attached file) and second, how can we load all the accounts info in this LDAP instance?
>
> As you can see in the image, in the samba's log we could connect to LDAP (smbldap_open_connection: connection opened) but samba couldn't find the user.
>
> In our smb.conf, we have this configuration related to LDAP:
>
>     passdb backend = ldapsam:ldap://localhost
>     ldap suffix = dc=dominio,dc=es
>     ldap user suffix = ou=People
>     ldap group suffix = ou=Groups
>     ldap machine suffix = ou=Computers
>     ldap idmap suffix = ou=Idmap
>     ldap admin dn = cn=admin,dc=dominio,dc=es
>     ldap passwd sync = yes
>
> Regards,
>
> Juan Pardo
>
>
>       El Viernes 31 de julio de 2015 9:08, Juan Pardo <jpardo1976 at yahoo.es> escribió:
>     
>
>   hello
>
> I want to know  if I can use Samba 4.1.6-ubuntu to authenticate against an LDAP (v.2.4). I need that  users can access to a shared folder only if samba find  the account in the LDAP. The parameter passdb backend does not work to me.
>
> Regard,
> Juan Pardo
>
>
>    

Hi, I wonder if using LDAP as a proxy would work for you, see here:

https://wiki.samba.org/index.php/Authenticating_other_services_against_AD#openLDAP_proxy_to_AD

Rowland