Symptoms
To configure your SoftNAS Instance as an LDAP Client, allowing you to integrate LDAP Users, you can do so via the UI by navigating to and expanding Identity and Access Control, under Settings, in the Storage Administration pane. For those familiar with command line configuration, and/or pre-existing configurations they wish to apply quickly, LDAP client configurations can be added through Samba.
Purpose
This article walks the client through LDAP Client configuration via SAMBA.
Resolution
Samba LDAP schema
The following steps must be performed on the LDAP server:
- Create conversion file schema_convert.conf somewhere with content(make sure the paths exist):
include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/collective.schemainclude /etc/openldap/schema/corba.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/duaconf.schemainclude /etc/openldap/schema/dyngroup.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/java.schemainclude /etc/openldap/schema/misc.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/openldap.schemainclude /etc/openldap/schema/ppolicy.schemainclude /etc/openldap/schema/samba.schema
- Create conversion file schema_convert.conf somewhere with content(make sure the paths exist):
- Create a temporary directory labeled
/tmp/ldap_schemasand run conversion with said directory as the target:
...
slaptest -f schema_convert.conf -F /tmp/ldap_schemas- Delete the following entries from the end of the file
/tmp/ldap_schemas/cn=config/cn=schema/cn={12}samba.ldif(Values may be different):
...
structuralObjectClass: olcSchemaConfig
...
entryUUID: 87d6a1f0-fafd-1034-8589-c5fa9a8202ed
...
creatorsName: cn=config
...
createTimestamp: 20150929135547Z
...
entryCSN: 20150929135547.659326Z#000000#000#000000
...
modifiersName: cn=config
...
modifyTimestamp: 20150929135547Z- Edit /tmp/ldap_schemas/cn=config/cn=schema/cn={12}samba.ldif
Replace lines below:
...
dn: cn={12}samba
...
- objectClass: olcSchemaConfig
...
cn: {12}samba
With these lines
dn: cn=samba,cn=schema,cn=config
objectClass: olcSchemaConfig
...
cn: samba
- Apply the new LDAP schema:
...
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ldap_schemas/cn\=config/cn\=schema/cn\=\{12\}samba.ldif
SoftNAS host configuration
The following steps must be performed on the SoftNAS host:
- In
/etc/nslcd.confreplace these parameters with the actual values of your LDAP server:
...
# uri of LDAP server
...
# search base base dc=example,dc=com # dn for search request if LDAP server doesn't allow anonymous search binddn cn=proxyuser,dc=example,dc=com # password for search dn bindpw secret
- In
/etc/nsswitch.confadd ldap at the end of passwd, group and shadow options. It should look like this:passwd: compat winbind ldapgroup: compat winbind ldap
shadow: compat ldap
Samba configuration
The following steps must be performed on the SoftNAS host:
- Replace the
[global]section with the below data in/etc/samba/smb.confand replace passdb backend, ldap suufix, ldap, user suffix, ldap group suffix, ldap admin dn with their respective actual values (ldap admin dn should have rights to edit users dn's):[global]security = userpassdb backend = ldapsam:ldap://ldap.example.com:389/
ldap suffix = dc=example,dc=comldap user suffix = ou=usersldap group suffix = ou=groupsldap admin dn = cn=Manager,dc=example,dc=comldap ssl = noldap passwd sync = yesldap delete dn = no - Save password for
cn=Manager,dc=example,dc=comin Sambaroot@softnas# smbpasswd -W - Restart Samba:
root@softnas# /etc/init.d/sernet-samba-smbd restartroot@softnas# /etc/init.d/sernet-samba-nmbd restart - Now you can enable LDAP users to be used by samba:
root@softnas# smbpasswd -a username
Additional Information
CIFS/SAMBA configuration via the UI can be found here:
SoftNAS Reference Guide: Configuring CIFS Shares