Hi all,
Kindly excuse my long post.
Been doing a server installation with Samba as a primary PDC that uses an LDAP backend on CentOS 5. I have used 2 guides:-
Zimbra Collaboration Suite Open Source Edition On CentOS | HowtoForge - Linux Howtos and Tutorials
for installing Zimbra + OpenLDAP and
UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki
to extend the functionalities of Zimbra.
Greg's guide in the wiki is great and most of the things actualy do work. However it is done on ubuntu so I tried to follow it as much as I could.. Could not find a better guide on RHEL/CentOS/Fedora for the same.
The thing is that I cannot be able to get Samba and LDAP to talk as they should and now Im really stuck.
Below are my dumps for /etc/samba/smb.conf, ldap.conf (copied its contents to /etc/openldap/ldap.conf too), and smbldap.conf.
smb.conf
**********
[global]
workgroup = MYDOMAIN
netbios name = MYDOMAIN
server string = mydomain_office
passdb backend = ldapsam:ldap://server.example.org
passwd program = /usr/local/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 100
add user script = /usr/local/sbin/smbldap-useradd "%u" -n -g users
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-userdel "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
logon script = %m.bat
logon path = \\server.example.org\%U\profile
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=config
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap passwd sync = Yes
ldap suffix = dc=example,dc=org
ldap user suffix = ou=people
idmap uid = 1000-19999
idmap gid = 1000-19999
[homes]
comment = Home Directories
valid users = DOMAIN\%S
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
share modes = No
/etc/ldap.conf
**********************
host server.example.org
base dc=example,dc=org
binddn cn=config
bindpw 1w2345FJ
rootbinddn cn=zimbra,dc=example,dc=org
timelimit 120
bind_timelimit 120
bind_policy soft
idle_timelimit 3600
nss_base_passwd ou=people,dc=example,dc=org?one
nss_base_shadow ou=people,dc=example,dc=org?one
nss_base_group ou=groups,dc=example,dc=org?one
nss_base_hosts ou=machines,dc=example,dc=org?one
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman
uri ldap://server.example.org
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
smbldap.conf
************
sambaDomain="MYDOMAIN"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
suffix="dc=example,dc=org"
usersdn="ou=people,${suffix}"
computersdn="ou=machines,${suffix}"
groupsdn="ou=groups,${suffix}"
sambaUnixIdPooldn="sambaDomainName=MYDOMAIN,${suffix}"
scope="one"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome=""
userProfile=""
userScript="logon.bat"
mailDomain="example.org"
with_smbpasswd="0"
with_slappasswd="0"
smbldap.conf
************
sambaDomain="MYDOMAIN"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
suffix="dc=example,dc=org"
usersdn="ou=people,${suffix}"
computersdn="ou=machines,${suffix}"
groupsdn="ou=groups,${suffix}"
sambaUnixIdPooldn="sambaDomainName=MYDOMAIN,${suffix}"
scope="one"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome=""
userProfile=""
userScript="logon.bat"
mailDomain="example.org"
with_smbpasswd="0"
with_slappasswd="0"
smbldapbind.conf
****************
slaveDN="cn=config,dc=example,dc=org"
slavePw="1w2345FJ"
masterDN="cn=config,dc=example,dc=org"
masterPw="1w2345FJ"
The strange thing is that I can join a computer to the Domain, but only using the Samba+samba_root_passwd. I can even see the computer entry in the LDAP database when I run ldapsearch.
However, I cannot or log in to the domain with credentials in LDAP. Also I cannot add machines to domain using privileged accounts stored in LDAP.
Strangely though, Samba commands
getent group
and
getent passwd
work just fine (obtain info in ldap) when Im user zimbra, but not as root (yes user root); running these as root returns only system records in /etc/passwd & /smbpasswd.
I think that I have done everything correctly including running the command
smbpasswd -w 1w2345FJ
for samba to connect to LDAP and putting the same password in smbldap_bind.conf defined for "cn=config"
My diagnosis so far is that there is something not working in smbldap-tools
Please advice, will appreciate.
Bugzilla
Wiki
Source
ZCS 5.0.2 on centOS 5 
Linear Mode
