Wednesday, April 01, 2009

How to connect LDAP and SAMBA using smbldap-tools

Download related software
First you have to download latest samba server, BDB, Perl and Open LDAP server, in next step you can install them just compiling the source code (./configure, make, make install, enable package support according to your requrement, ex: ./configure --enable-ssl). else you can do 'yum' (for redhat/fedora/centos) or 'apt-get' (for Ubuntu/Debian).
ex:
yum install samba
apt-get install samba

Configure OpenLDAP
  • Copy samba.schema to /etc/ldap/schema
  • Add "include /etc/ldap/schema/samba.schema" into /etc/ldap/slapd.conf under "# Schema and objectClass definitions"
  • Change the suffix "dc=nodomain" , this depend on your domain name, let say if you use ldap.google.com, then suffix is "dc=ldap,dc=google,dc=com"
  • Add "index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq" and "index cn,mail,surname,givenname eq,subinitial" to /etc/ldap/slapd.conf, this is using while searching the entities.
  • Here I have linked my slapd.conf for your reference.
  • Change ldap.conf by adding HOST and BASE, HOST should be your LDAP server IP address and BASE is your LDAP BASE DN suffix.
  • Here I have linked my ldap.conf file. This is using by ldap clients.
  • run slapd to start the Open LDAP server
Configure smbldap-tools
  • Get SID using "net getlocalsid" command and add the SID to /etc/opt/IDEALX/smbldap-tools/smbldap.conf (This path may depend on your installation)
  • Change Master and Slave LDAP server infomations in smbldap.conf
  • Change ldapSSL and ldapTLS to '0', else you have to set security certificates as well other wise smbldap tools will not connect with your ldap server.
  • Here I have attached my smbldap.conf.
  • Add your slave and master DNs and thier passwords to /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf (This path may depend on your installation)
  • Here I have attached my smbldap_bind.conf (This ise usful to bind with ldap server, bcz this authentication details of admin DN).
  • Finaly you can use smbldap-populate command which is comes with smbldap-tools to add initial records to your ldap server.
Configure Samba
  • Here I linked my smb.conf, it has all the ldap related parameters.
  • restart the samba server and type following command to bind samba with LDAP serevr. Secret is your ldap root DN password.
    smbpasswd -w secret
After installing all the stuff in correct way, you can use smbldap-useradd to add users.
I can recommend to use phpldapadmin and JXplorer tools for manage your ldap server.