smbldap-tools

[cdenley]

How do I configure smbldap-tools to work with zimbra's LDAP?

Code:

cdenley@zimbra:~$ /usr/sbin/smbldap-useradd -w "mycomp$"
Could not find base dn, to get next uidNumber at /usr/share/perl5/smbldap_tools.pm line 1073.

I suspect I have the incorrect value for sambaUnixIdPooldn.

[uxbod]

Welcome to the forums

What are you attempting to do ? Create a account directly into the ZCS LDAP ? If so why not use the zmprov command to provision the account ?

[dijichi2]

you need to setup smbtools-ldap config file to point to zimbra ldap.

[cdenley]

I was trying to setup a samba PDC, but I was having problems adding machine accounts automatically when joining a domain. Does samba update the LDAP server with machine accounts regardless of what you use for "add machine script"? If I use...

Code:

add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u

like in this tutorial, will the machine be added to /etc/passwd, ldap, or both?

you need to setup smbtools-ldap config file to point to zimbra ldap.

Of course. I tried that. As I said, I don't know what the correct value for sambaUnixIdPooldn would be.

[cdenley]

I would prefer a solution that stores the machine accounts in the ldap server without creating zimbra accounts and without creating local unix accounts.

[dijichi2]

Of course. I tried that. As I said, I don't know what the correct value for sambaUnixIdPooldn would be.

well what have you got for that config value then?

i've got the default:
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

works fine for me.

[dijichi2]

ldap entry contains this, if it helps:

dn: sambaDomainName=DOMAIN,dc=company,dc=com
sambaNextRid: 1010
uidNumber: 1091
sambaDomainName: DOMAIN
sambaSID: S-1-5-21-39121234593-1462477261-24026212345
sambaAlgorithmicRidBase: 1000
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
gidNumber: 1000

[cdenley]

Something else must be wrong in my configuration, then

Code:

cdenley@zimbra:~$ grep -v \# /etc/smbldap-tools/smbldap.conf|grep -v "^$"
SID="[my sid]"
sambaDomain="MYDOMAIN"
slaveLDAP="192.168.0.7"
slavePort="389"
masterLDAP="192.168.0.7"
masterPort="389"
ldapTLS="0"
verify="none"
cafile="/etc/smbldap-tools/ca.pem"
clientcert="/etc/smbldap-tools/smbldap-tools.pem"
clientkey="/etc/smbldap-tools/smbldap-tools.key"
suffix="dc=mycompany,dc=com"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\PDC-SRV\%U"
userProfile="\\PDC-SRV\profiles\%U"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="idealx.com"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

[dijichi2]

and does the dn exist with populated attributes?

[cdenley]

Samba seems to use ldap fine for authentication.
Here is part of my smb.conf

Code:

passdb backend = ldapsam:ldap://192.168.0.7/
ldap admin dn = "cn=config"
ldap suffix = dc=mycompany,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines

/etc/smbldap-tools/smbldap_bind.conf

Code:

slaveDN="cn=config,dc=mycompany,dc=com"
slavePw="mypass"
masterDN="cn=config,dc=mycompany,dc=com"
masterPw="mypass"

Code:

cdenley@zimbra:~$ grep -v \# /etc/ldap.conf|grep -v "^$"
base dc=mycompany,dc=com
uri ldap://192.168.0.7/
ldap_version 3
binddn cn=config
bindpw mypass
rootbinddn uid=zimbra,cn=admins,cn=zimbra
port 389
bind_policy soft
nss_reconnect_tries 2
nss_initgroups_ignoreusers backup,bin,daemon,dhcp,fetchmail,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,proxy,root,sshd,sync,sys,syslog,uucp,www-data