[Samba] Samba standalone + openldap

Michael JOIGNY mjoigny at neteven.com
Fri Feb 3 14:15:43 UTC 2017


Hi everybody,

I'm new to this mailing list, i need help about a configuration with 
Samba / Openldap.

I have a samba server with shared folders, where users authenticate with 
a determined login/password.

I would like to use my directory (openldap) to authenticate my users to 
access the shared folders.

I do not want to use samba as a domain controller, just to authenticate 
the users with their login/password stored in my directory.

I cannot find the good configuration, here is my configuration :

I integrated the samba schema into the directory via this file .ldif : 
/usr/share/doc/samba/examples/LDAP/samba.ldif.gz

I see well the following attributes via slapcat :

#/  samba_server_name, my_domain.com
     dn: sambaDomainName=///samba_server_name,d/c=my_domain,dc=com//
//    sambaDomainName: ///samba_server_name///
     sambaSID: S-1-5-21-1471793353-708426617-xxxxxyyyyzzzz//
//    sambaAlgorithmicRidBase: 1000//
//    objectClass: sambaDomain//
//    sambaNextUserRid: 1000//
//    sambaMinPwdLength: 5//
//    sambaPwdHistoryLength: 0//
//    sambaLogonToChgPwd: 0//
//    sambaMaxPwdAge: -1//
//    sambaMinPwdAge: 0//
//    sambaLockoutDuration: 30//
//    sambaLockoutObservationWindow: 30//
//    sambaLockoutThreshold: 0//
//    sambaForceLogoff: -1//
//    sambaRefuseMachinePwdChange: 0/

# samba's attributes (objectclass)

/   sambaSamAccountsambaconfig, sambagroupmapping, sambaidmapentry, etc ../


# openldap directory tree

  * dc=my_domain, dc=com

      o ou=Groups

          + groupe a (user1, user2, etc ..)
          + groupe b (user3, user4, etc ..)
          + groupe c (user5, user6, etc ..)
          + etc ...

      o ou=Users
          + user1
          + user2
          + etc ..

      o ou=other_branch
          + user4
          + user5
          + etc ...

# smb.conf

         passdb backend = ldapsam:ldap://my_url:port
         ldap suffix = dc=my_domain,dc=com
         ldap user suffix = ou=Users
         ldap group suffix = ou=Groups
         #ldap machine suffix = ou=Computers
         #ldap idmap suffix = ou=Idmap
         ldap admin dn = cn=superuser,dc=my_domain,dc=com
         ldap ssl = off


# /etc/nsswitch.conf

  * passwd:         compat ldap
    group:            compat ldap
    shadow:         compat ldap

# /etc/libnss-ldap.conf et /etc/pam_ldap.conf

     base dc=mon_domaine,dc=com
     uri ldap://mon_url
     ldap_version 3
     binddn cn=reader,dc=mon_domaine,dc=com
     bindpw xxxyyyzzz
     rootbinddn cn=superuser,dc=mon_domaine,dc=com
     port xxx

The "/getent passwd/" gives me informations but only from the 
"other_branch"  (don't know why) while i would like to get informations 
only from the "Users" branch.

So, i need help on :

  * get informations (login/password) from Users branch (ou)

  * known the minimum attributes from samba schema for a user
    (sambaSamaccount, gidNumber, sambaGroupType, etc..) and the
    associated values that i need for my configuration (samba standalone
    + openldap)

  * manage users's access for the shared folders

Kind regards,

Michael



More information about the samba mailing list