On Fri, 3 Feb 2017 15:15:43 +0100
Michael JOIGNY via samba <samba at lists.samba.org> wrote:
> Hi everybody,
>
> I'm new to this mailing list, i need help about a configuration with
> Samba / Openldap.
>
> I have a samba server with shared folders, where users authenticate
> with a determined login/password.
>
> I would like to use my directory (openldap) to authenticate my users
> to access the shared folders.
>
> I do not want to use samba as a domain controller, just to
> authenticate the users with their login/password stored in my
> directory.
>
> I cannot find the good configuration, here is my configuration :
>
> I integrated the samba schema into the directory via this
> file .ldif : /usr/share/doc/samba/examples/LDAP/samba.ldif.gz
>
> I see well the following attributes via slapcat :
>
> #/ samba_server_name, my_domain.com
> dn: sambaDomainName=///samba_server_name,d/c=my_domain,dc=com//
> // sambaDomainName: ///samba_server_name///
> sambaSID: S-1-5-21-1471793353-708426617-xxxxxyyyyzzzz//
> // sambaAlgorithmicRidBase: 1000//
> // objectClass: sambaDomain//
> // sambaNextUserRid: 1000//
> // sambaMinPwdLength: 5//
> // sambaPwdHistoryLength: 0//
> // sambaLogonToChgPwd: 0//
> // sambaMaxPwdAge: -1//
> // sambaMinPwdAge: 0//
> // sambaLockoutDuration: 30//
> // sambaLockoutObservationWindow: 30//
> // sambaLockoutThreshold: 0//
> // sambaForceLogoff: -1//
> // sambaRefuseMachinePwdChange: 0/
>
> # samba's attributes (objectclass)
>
> / sambaSamAccountsambaconfig, sambagroupmapping, sambaidmapentry,
> etc ../
>
>
> # openldap directory tree
>
> * dc=my_domain, dc=com
>
> o ou=Groups
>
> + groupe a (user1, user2, etc ..)
> + groupe b (user3, user4, etc ..)
> + groupe c (user5, user6, etc ..)
> + etc ...
>
> o ou=Users
> + user1
> + user2
> + etc ..
>
> o ou=other_branch
> + user4
> + user5
> + etc ...
>
> # smb.conf
>
> passdb backend = ldapsam:ldap://my_url:port
> ldap suffix = dc=my_domain,dc=com
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> #ldap machine suffix = ou=Computers
> #ldap idmap suffix = ou=Idmap
> ldap admin dn = cn=superuser,dc=my_domain,dc=com
> ldap ssl = off
>
>
> # /etc/nsswitch.conf
>
> * passwd: compat ldap
> group: compat ldap
> shadow: compat ldap
>
> # /etc/libnss-ldap.conf et /etc/pam_ldap.conf
>
> base dc=mon_domaine,dc=com
> uri ldap://mon_url
> ldap_version 3
> binddn cn=reader,dc=mon_domaine,dc=com
> bindpw xxxyyyzzz
> rootbinddn cn=superuser,dc=mon_domaine,dc=com
> port xxx
>
> The "/getent passwd/" gives me informations but only from the
> "other_branch" (don't know why) while i would like to get
> informations only from the "Users" branch.
>
> So, i need help on :
>
> * get informations (login/password) from Users branch (ou)
>
> * known the minimum attributes from samba schema for a user
> (sambaSamaccount, gidNumber, sambaGroupType, etc..) and the
> associated values that i need for my configuration (samba
> standalone
> + openldap)
>
> * manage users's access for the shared folders
>
> Kind regards,
>
> Michael
>
No, sorry I cannot agree with you, you will probably be better off
setting up a Samba AD DC.
Rowland