Web lists-archives.com

[Samba] Samba standalone + openldap




Hi everybody,

I'm new to this mailing list, i need help about a configuration with Samba / Openldap.

I have a samba server with shared folders, where users authenticate with a determined login/password.

I would like to use my directory (openldap) to authenticate my users to access the shared folders.

I do not want to use samba as a domain controller, just to authenticate the users with their login/password stored in my directory.

I cannot find the good configuration, here is my configuration :

I integrated the samba schema into the directory via this file .ldif : /usr/share/doc/samba/examples/LDAP/samba.ldif.gz

I see well the following attributes via slapcat :

#/  samba_server_name, my_domain.com
    dn: sambaDomainName=///samba_server_name,d/c=my_domain,dc=com//
//    sambaDomainName: ///samba_server_name///
    sambaSID: S-1-5-21-1471793353-708426617-xxxxxyyyyzzzz//
//    sambaAlgorithmicRidBase: 1000//
//    objectClass: sambaDomain//
//    sambaNextUserRid: 1000//
//    sambaMinPwdLength: 5//
//    sambaPwdHistoryLength: 0//
//    sambaLogonToChgPwd: 0//
//    sambaMaxPwdAge: -1//
//    sambaMinPwdAge: 0//
//    sambaLockoutDuration: 30//
//    sambaLockoutObservationWindow: 30//
//    sambaLockoutThreshold: 0//
//    sambaForceLogoff: -1//
//    sambaRefuseMachinePwdChange: 0/

# samba's attributes (objectclass)

/   sambaSamAccountsambaconfig, sambagroupmapping, sambaidmapentry, etc ../


# openldap directory tree

 * dc=my_domain, dc=com

     o ou=Groups

         + groupe a (user1, user2, etc ..)
         + groupe b (user3, user4, etc ..)
         + groupe c (user5, user6, etc ..)
         + etc ...

     o ou=Users
         + user1
         + user2
         + etc ..

     o ou=other_branch
         + user4
         + user5
         + etc ...

# smb.conf

        passdb backend = ldapsam:ldap://my_url:port
        ldap suffix = dc=my_domain,dc=com
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        #ldap machine suffix = ou=Computers
        #ldap idmap suffix = ou=Idmap
        ldap admin dn = cn=superuser,dc=my_domain,dc=com
        ldap ssl = off


# /etc/nsswitch.conf

 * passwd:         compat ldap
   group:            compat ldap
   shadow:         compat ldap

# /etc/libnss-ldap.conf et /etc/pam_ldap.conf

    base dc=mon_domaine,dc=com
    uri ldap://mon_url
    ldap_version 3
    binddn cn=reader,dc=mon_domaine,dc=com
    bindpw xxxyyyzzz
    rootbinddn cn=superuser,dc=mon_domaine,dc=com
    port xxx

The "/getent passwd/" gives me informations but only from the "other_branch" (don't know why) while i would like to get informations only from the "Users" branch.

So, i need help on :

 * get informations (login/password) from Users branch (ou)

 * known the minimum attributes from samba schema for a user
   (sambaSamaccount, gidNumber, sambaGroupType, etc..) and the
   associated values that i need for my configuration (samba standalone
   + openldap)

 * manage users's access for the shared folders

Kind regards,

Michael

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba