Introduction

Samba can be configured to store user account information in an LDAP server. With this configuration, however, to add a new user you have to use smbpasswd. This tool will create the appropriate account on Samba server and add a new entry with some Samba specific attributes to the LDAP server.

If you can't or don't want to use smbpasswd, you have to perform these operations manually. Some applications aren't very flexible either, they can only add entries to an LDAP server, but cannot create the corresponding server account.

Fortunately, Penrose can be configured to do all the above tasks seamlessly, removing the dependancy on smbpasswd.

Samba Schema

Make sure cosine, NIS, and Samba schemas are included in server.xml:

<server>

  <schema name="samba" path="schema/cosine.schema"/>
  <schema name="samba" path="schema/nis.schema"/>
  <schema name="samba" path="schema/samba.schema"/>

</server>

Samba Database

Prepare a database to store Samba user account information. See PENROSE_SERVER_HOME/samples/samba/sql.

Samba User Mapping

See Samba User Mapping.

Samba Group Mapping

See Samba Group Mapping.

Samba Modules

See Samba Modules.

Samba Configuration

Edit /etc/samba/smb.conf:

ldap admin dn = "uid=admin,ou=system"
ldap ssl = off
passdb backend = ldapsam:ldap://localhost:10389
ldap delete dn = no
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=Samba,dc=Example,dc=com
ldap filter = (uid=%u)

References

• The Official Samba-3 HOWTO and Reference Guide
• Samba (v.3) PDC LDAP howto