[Samba] LDAP group objects?
Rowland Penny
rpenny at samba.org
Thu Dec 21 20:17:44 UTC 2017
On Thu, 21 Dec 2017 13:45:14 -0600
Daniel Turner <daniel.turner at eliciotech.com> wrote:
> re: "Depending on how you have Samba set up, you may need different
> objectclasse, but the main ones for a group are 'posixGroup' and
> 'sambaGroupMapping'
>
> What configuration changes would affect which objectClass type is
> used? I'm not able to find any information about this on the wiki.
>
> My smb.conf:
>
> [global]
> log level = 12
> workgroup = WORKGROUP
> server string = MySAN %v
> security = user
> dns proxy = no
>
> #passdb backend = tdbsam
>
> passdb backend = ldapsam:ldaps://ldap.jumpcloud.com:636
> ldap admin dn = "uid=daniel.turner,ou=Users,o=
> 5a21683914f827970a385d7b,dc=$
> ldap ssl = off
> ldap suffix = o=5a21683914f827970a385d7b,dc=jumpcloud,dc=com
>
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
>
> [LocalStorage]
> path = /mnt/localhd
> valid users = daniel.turner,tucker.dragoo,daniel
> directory mask = 0771
> write list = daniel.turner,tucker.dragoo,daniel
> create mask = 0660
> writeable = yes
> force group = users
> browsable = yes
>
You are running Samba as a standalone server with an ldap backend and
isn't used much (this may not be true, it just isn't asked about on the
mailing list.)
There are problems with doing this with the authentication in the
cloud, you still need the same users and groups on the client machines.
Try reading these webpages:
https://help.ubuntu.com/lts/serverguide/samba-ldap.html
https://spredzy.wordpress.com/2013/08/30/samba-standalone-openldap/
They should show you the basis of what you need.
You basically seem to be running a 'workgroup' with one of the machines
in the cloud.
Are you allowed to create your own machine in this cloud, if so you
will probably be better off setting up a DC and then use this for
authentication, this way you wouldn't need the same users stored
locally.
Rowland
More information about the samba
mailing list