OnWorks Linux and Windows Online WorkStations

Logo

Free Hosting Online for WorkStations

< Previous | Contents | Next >

2.2.3. Adding Samba LDAP objects


Next, configure the smbldap-tools package to match your environment. The package comes with a configuration helper script called smbldap-config. Before running it, though, you should decide on two important configuration settings in /etc/samba/smb.conf:

netbios name: how this server will be known. The default value is derived from the server's hostname, but truncated at 15 characters.


workgroup: the workgroup name for this server, or, if you later decide to make it a domain controller, this will be the domain.


It's important to make these choices now because smbldap-config will use them to generate the config that will be later stored in the LDAP directory. If you run smbldap-config now and later change these values in / etc/samba/smb.conf there will be an inconsistency.


Once you are happy with netbios name and workgroup, proceed to generat the smbldap-tools configuration by running the configuration script which will ask you some questions:


sudo smbldap-config


Some of the more important ones:

workgroup name: has to match what you will configure in /etc/samba/smb.conf later on.

ldap suffix: has to match the ldap suffix you chose when you configured the LDAP server.

• other ldap suffixes: they are all relative to ldap suffix above. For example, for ldap user suffix you should use ou=People.

ldap master bind dn and bind password: use the rootDN credentials.


The smbldap-populate script will then add the LDAP objects required for Samba. It is a good idea to first make a backup of your DIT using slapcat:


sudo slapcat -l backup.ldif


Once you have a backup proceed to populate your directory. It will ask you for a password for the "domain root" user, which is also the "root" user stored in LDAP:


sudo smbldap-populate -g 10000 -u 10000 -r 10000


The -g, -u and -r parameters tell smbldap-tools where to start the numeric uid and gid allocation for the LDAP users. You should pick a range start that does not overlap with your local /etc/passwd users.


You can create a LDIF file containing the new Samba objects by executing sudo smbldap-populate -e samba.ldif. This allows you to look over the changes making sure everything is correct. If it is, rerun the script without the '-e' switch. Alternatively, you can take the LDIF file and import its data per usual.


Your LDAP directory now has the necessary information to authenticate Samba users.


  

 

< Previous | Contents | Next >

  

Top OS Cloud Computing at OnWorks: