After working around 2 years on samba+ldap setup, i can say it is stable and most useful , where we need linux based authentication server to authenticate windows users. Users, computers and group account get stored in ldap(openldap) format in samba+ldap setup, same as in windows Active Directory . My ideal setup that is functioning properly from last 2 years without any issues is as follows .
My smb.conf files content is as follows
--------------------------------------------
[global]
workgroup = test server string = test1 netbios name = test1
ldap passwd sync = yes security = user passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=test,dc=com
ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap admin dn= "uid=root,ou=People,dc=test,dc=com"
domain master = yes domain logons = yes
logon path = add user script = /usr/sbin/smbldap-useradd "%u" add group script = /usr/sbin/smbldap-groupadd "%g" add machine script = /usr/sbin/smbldap-useradd -w "%u" delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g"
local master = yes os level = 254 preferred master = yes wins support = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no
------------------------------------------------------
My ldap server configuration is as follows
(content of slapd.conf file)
------------------------------------------------------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/inetorgperson.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to *
by self write
by users read
by anonymous read
database bdb
suffix "dc=test,dc=com"
rootdn="cn=Manager,dc=test,dc=com"
rootpw {SSHA}oifg.ytugjhkk
directory /var/lib/ldap/test.com
index uidNumber,gidNumber
------------------------------------------------------
Note: Ensure that samba.schema file
present is /etc/openldap/schema directory.
If not present, search samba.schema file on system
and copy that file in /etc/openldap/schema
Download & install smbldap tool from following link.
http://tinyurl.com/344ypzg
My smb.conf files content is as follows
--------------------------------------------
[global]
workgroup = test server string = test1 netbios name = test1
ldap passwd sync = yes security = user passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=test,dc=com
ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap admin dn= "uid=root,ou=People,dc=test,dc=com"
domain master = yes domain logons = yes
logon path = add user script = /usr/sbin/smbldap-useradd "%u" add group script = /usr/sbin/smbldap-groupadd "%g" add machine script = /usr/sbin/smbldap-useradd -w "%u" delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g"
local master = yes os level = 254 preferred master = yes wins support = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no
------------------------------------------------------
My ldap server configuration is as follows
(content of slapd.conf file)
------------------------------------------------------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/inetorgperson.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to *
by self write
by users read
by anonymous read
database bdb
suffix "dc=test,dc=com"
rootdn="cn=Manager,dc=test,dc=com"
rootpw {SSHA}oifg.ytugjhkk
directory /var/lib/ldap/test.com
index uidNumber,gidNumber
------------------------------------------------------
Note: Ensure that samba.schema file
present is /etc/openldap/schema directory.
If not present, search samba.schema file on system
and copy that file in /etc/openldap/schema
Download & install smbldap tool from following link.
http://tinyurl.com/344ypzg
