Help answer threads with 0 replies.
Go Back > Blogs >
User Name


Rate this Entry

samba Account with LDAP in Centos 6

Posted 01-09-2012 at 09:07 AM by

Please Help I am using Centos 6. I wanted to configure samba to use ldap account as i am using LDAP for SVN .
Unnikrishnan P R

Thanks in Advance
Posted in Uncategorized
Views 5445 Comments 1
« Prev     Main     Next »
Total Comments 1


  1. Old Comment

    Can do

    install the smbldap-tools and all is good

    [root@dir ~]# cd tmp
    [root@dir tmp]# rpm2cpio ~/samba-3.5.4-68.el6.x86_64.rpm | cpio -id
    [root@dir tmp]# cp ./etc/openldap/schema/samba.schema /etc/openldap/schema/
    [root@dir tmp]# vi schema_convert.conf
    # create new
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/collective.schema
    include /etc/openldap/schema/corba.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/duaconf.schema
    include /etc/openldap/schema/dyngroup.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/java.schema
    include /etc/openldap/schema/misc.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/openldap.schema
    include /etc/openldap/schema/ppolicy.schema
    include /etc/openldap/schema/samba.schema
    [root@dir tmp]# mkdir ldif_output
    [root@dir tmp]# slapcat -f schema_convert.conf -F ./ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > ./cn=samba.ldif
    [root@dir tmp]# vi cn=samba.ldif
    # line 1,3: change ( remove "{12}" )
    dn: cn=samba,cn=schema,cn=config
    objectClass: olcSchemaConfig
    cn: samba
    # remove these lines below ( placed at the bottom )
    structuralObjectClass: olcSchemaConfig
    entryUUID: 761ed782-e76d-102f-94de-7784c8a781ec
    creatorsName: cn=config
    createTimestamp: 20110320184149Z
    entryCSN: 20110320184149.954974Z#000000#000#000000
    modifiersName: cn=config
    modifyTimestamp: 20110320184149Z
    [root@dir tmp]# ldapadd -Y EXTERNAL -H ldapi:/// -f cn=samba.ldif
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry "cn=samba,cn=schema,cn=config"
    [root@dir tmp]# vi samba_indexes.ldif
    # create new
    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    add: olcDbIndex
    olcDbIndex: uidNumber eq
    olcDbIndex: gidNumber eq
    olcDbIndex: loginShell eq
    olcDbIndex: uid eq,pres,sub
    olcDbIndex: memberUid eq,pres,sub
    olcDbIndex: uniqueMember eq,pres
    olcDbIndex: sambaSID eq
    olcDbIndex: sambaPrimaryGroupSID eq
    olcDbIndex: sambaGroupType eq
    olcDbIndex: sambaSIDList eq
    olcDbIndex: sambaDomainName eq
    olcDbIndex: default sub
    [root@dir tmp]# ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    modifying entry "olcDatabase={2}hdb,cn=config"
    [root@dir tmp]# cd
    [root@dir ~]# rm -rf tmp
    [root@dir ~]# /etc/rc.d/init.d/slapd restart
    Stopping slapd: [ OK ]
    Starting slapd: [ OK ]
    [2] Change Samba settings. This Samba PDC server need to be a LDAP Client.
    [root@lan ~]# yum --enablerepo=epel -y install smbldap-tools # install from EPEL
    [root@lan ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
    [root@lan ~]# cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf
    [root@lan ~]# vi /etc/samba/smb.conf
    # line 3: change workgroup name to any one
    workgroup = ServerWorld
    # line 12: make it comment
    #min passwd length = 3
    # line 22: change
    ldap passwd sync = yes
    # line 33,34: change
    Dos charset = CP932
    Unix charset = UTF-8
    # line 47: specify LDAP server
    passdb backend = ldapsam:ldap://
    # line 48: change LDAP admin DN (LDAP server's one)
    ldap admin dn = cn=admin,dc=server,dc=world
    # line 50: change LDAP suffix (LDAP server's one)
    ldap suffix = dc=server,dc=world
    ldap group suffix = ou=groups
    ldap user suffix = ou=people
    # line 60: uncomment
    delete group script = /usr/sbin/smbldap-groupdel "%g"
    # near line 64: add (specify admin user, no SSL)
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    admin users = domain-admin
    ldap ssl = no
    [root@lan ~]# mkdir /home/netlogon
    [root@lan ~]# /etc/rc.d/init.d/smb restart
    Shutting down SMB services: [ OK ]
    Starting SMB services: [ OK ]
    [root@lan ~]# /etc/rc.d/init.d/nmb restart
    Shutting down NMB services: [ OK ]
    Starting NMB services: [ OK ]
    [root@lan ~]# smbpasswd -W # add LDAP admin's password
    Setting stored password for "cn=admin,dc=server,dc=world" in secrets.tdb
    New SMB password:# LDAP admin password
    Retype new SMB password:

    Run to configure smbldap tools
    [root@lan ~]# perl /usr/share/doc/smbldap-tools-*/

    But it seems like a time waste.. instead any one can use the script that i created in
    Posted 01-17-2012 at 06:28 AM by is offline


All times are GMT -5. The time now is 12:25 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration