[Samba] Samba standalone + openldap
Michael JOIGNY
mjoigny at neteven.com
Fri Feb 3 14:15:43 UTC 2017
Hi everybody,
I'm new to this mailing list, i need help about a configuration with
Samba / Openldap.
I have a samba server with shared folders, where users authenticate with
a determined login/password.
I would like to use my directory (openldap) to authenticate my users to
access the shared folders.
I do not want to use samba as a domain controller, just to authenticate
the users with their login/password stored in my directory.
I cannot find the good configuration, here is my configuration :
I integrated the samba schema into the directory via this file .ldif :
/usr/share/doc/samba/examples/LDAP/samba.ldif.gz
I see well the following attributes via slapcat :
#/ samba_server_name, my_domain.com
dn: sambaDomainName=///samba_server_name,d/c=my_domain,dc=com//
// sambaDomainName: ///samba_server_name///
sambaSID: S-1-5-21-1471793353-708426617-xxxxxyyyyzzzz//
// sambaAlgorithmicRidBase: 1000//
// objectClass: sambaDomain//
// sambaNextUserRid: 1000//
// sambaMinPwdLength: 5//
// sambaPwdHistoryLength: 0//
// sambaLogonToChgPwd: 0//
// sambaMaxPwdAge: -1//
// sambaMinPwdAge: 0//
// sambaLockoutDuration: 30//
// sambaLockoutObservationWindow: 30//
// sambaLockoutThreshold: 0//
// sambaForceLogoff: -1//
// sambaRefuseMachinePwdChange: 0/
# samba's attributes (objectclass)
/ sambaSamAccountsambaconfig, sambagroupmapping, sambaidmapentry, etc ../
# openldap directory tree
* dc=my_domain, dc=com
o ou=Groups
+ groupe a (user1, user2, etc ..)
+ groupe b (user3, user4, etc ..)
+ groupe c (user5, user6, etc ..)
+ etc ...
o ou=Users
+ user1
+ user2
+ etc ..
o ou=other_branch
+ user4
+ user5
+ etc ...
# smb.conf
passdb backend = ldapsam:ldap://my_url:port
ldap suffix = dc=my_domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
#ldap machine suffix = ou=Computers
#ldap idmap suffix = ou=Idmap
ldap admin dn = cn=superuser,dc=my_domain,dc=com
ldap ssl = off
# /etc/nsswitch.conf
* passwd: compat ldap
group: compat ldap
shadow: compat ldap
# /etc/libnss-ldap.conf et /etc/pam_ldap.conf
base dc=mon_domaine,dc=com
uri ldap://mon_url
ldap_version 3
binddn cn=reader,dc=mon_domaine,dc=com
bindpw xxxyyyzzz
rootbinddn cn=superuser,dc=mon_domaine,dc=com
port xxx
The "/getent passwd/" gives me informations but only from the
"other_branch" (don't know why) while i would like to get informations
only from the "Users" branch.
So, i need help on :
* get informations (login/password) from Users branch (ou)
* known the minimum attributes from samba schema for a user
(sambaSamaccount, gidNumber, sambaGroupType, etc..) and the
associated values that i need for my configuration (samba standalone
+ openldap)
* manage users's access for the shared folders
Kind regards,
Michael
More information about the samba
mailing list