Friday, August 19, 2011

samba+ldap setup

After working around 2 years on samba+ldap setup, i can say it is stable and most useful , where we need linux based authentication server to authenticate windows users. Users, computers and group account get stored in ldap(openldap) format in samba+ldap setup, same as in windows Active Directory . My ideal setup that is functioning properly from last 2 years without any issues is as follows .


My smb.conf files content is as follows
--------------------------------------------
[global]

workgroup = test server string = test1 netbios name = test1

ldap passwd sync = yes security = user passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=test,dc=com

ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap admin dn= "uid=root,ou=People,dc=test,dc=com"

domain master = yes domain logons = yes

logon path = add user script = /usr/sbin/smbldap-useradd "%u" add group script = /usr/sbin/smbldap-groupadd "%g" add machine script = /usr/sbin/smbldap-useradd -w "%u" delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g"

local master = yes os level = 254 preferred master = yes wins support = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no

------------------------------------------------------

My ldap server configuration is as follows

(content of slapd.conf file)

------------------------------------------------------

include /etc/openldap/schema/core.schema

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/samba.schema

include /etc/openldap/schema/inetorgperson.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid

argsfile /var/run/openldap/slapd.args

access to *

by self write

by users read

by anonymous read

database bdb

suffix "dc=test,dc=com"

rootdn="cn=Manager,dc=test,dc=com"

rootpw {SSHA}oifg.ytugjhkk

directory /var/lib/ldap/test.com

index uidNumber,gidNumber

------------------------------------------------------

Note: Ensure that samba.schema file

present is /etc/openldap/schema directory.

If not present, search samba.schema file on system

and copy that file in /etc/openldap/schema

Download & install smbldap tool from following link.

http://tinyurl.com/344ypzg