Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Symptoms

To configure your SoftNAS Instance as an LDAP Client,  allowing you to integrate LDAP Users, you can do so via the UI by navigating to and expanding Identity and Access Control, under Settings, in the Storage Administration pane. For those familiar with command line configuration, and/or pre-existing configurations they wish to apply quickly, LDAP client configurations can be added through Samba.

Purpose

This article walks the client through LDAP Client configuration via SAMBA.

Resolution

Samba LDAP schema

The following steps  must be performed on the LDAP server:

  •   Create conversion file schema_convert.conf somewhere with content(make sure the paths exist):
    include
       include /etc/openldap/schema/core.schema
    include    include /etc/openldap/schema/collective.schema
    include    include /etc/openldap/schema/corba.schema
    include    include /etc/openldap/schema/cosine.schema
    include    include /etc/openldap/schema/duaconf.schema
    include    include /etc/openldap/schema/dyngroup.schema
    include    include /etc/openldap/schema/inetorgperson.schema
    include    include /etc/openldap/schema/java.schema
    include    include /etc/openldap/schema/misc.schema
    include    include /etc/openldap/schema/nis.schema
    include    include /etc/openldap/schema/openldap.schema
    include    include /etc/openldap/schema/ppolicy.schema
    include    include /etc/openldap/schema/samba.schema

  •  Create a temporary directory labeled /tmp/ldap_schemas and run conversion with said directory as the target:

             slaptest -f schema_convert.conf -F /tmp/ldap_schemas

  •  Delete the following entries from the end of the file /tmp/ldap_schemas/cn=config/cn=schema/cn={12}samba.ldif (Values may be different):

             structuralObjectClass: olcSchemaConfig

                 

...

entryUUID: 87d6a1f0-fafd-1034-8589-c5fa9a8202ed

       

...

creatorsName: cn=config

       

...

createTimestamp: 20150929135547Z

       

...

entryCSN: 20150929135547.659326Z#000000#000#000000

       

...

modifiersName: cn=config

       

...

modifyTimestamp: 20150929135547Z

  •  Edit /tmp/ldap_schemas/cn=config/cn=schema/cn={12}samba.ldif
                     

                  Replace lines below:

                       dn: cn={12}samba
                       objectClass: olcSchemaConfig       

                       cn: {12}samba

                          With  With these lines
                              dn: cn=samba,cn=schema,cn=config
                              objectClass: olcSchemaConfig
                               cncn: samba

  •  Apply the new LDAP schema:

             ldapadd ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ldap_schemas/cn\=config/cn\=schema/cn\=\{12\}samba.ldif

SoftNAS host configuration

The following steps must be performed on the SoftNAS host:

  •  In /etc/nslcd.conf replace these parameters with the actual values of your LDAP server:

             # uri of LDAP server

                                   

...

uri ldap://ldap.example.com:389/

                              # search base

                base dc=example,dc=com

              # dn for search request if LDAP server doesn't allow anonymous search

                binddn cn=proxyuser,dc=example,dc=com

              # password for search dn

                bindpw secret

  •  In /etc/nsswitch.conf add ldap at the end of passwdgroup and shadow options. It should look like this:

            passwd: compat winbind ldap

            group: compat winbind ldap

             

                            shadow: compat ldap

Samba configuration

The following steps must be performed on the SoftNAS host:

  •  Replace the [global] section with the below data in /etc/samba/smb.conf and replace passdb backend, ldap suufix, ldap, user suffix, ldap group suffix, ldap admin dn with their respective actual values (ldap admin dn should have rights to edit users dn's):

            [global]

            security = user

            passdb backend = ldapsam:ldap://ldap.example.com:389/
     
            ldap suffix = dc=example,dc=com

            ldap user suffix = ou=users

            ldap group suffix = ou=groups

            ldap admin dn = cn=Manager,dc=example,dc=com

            ldap ssl = no

            ldap passwd sync = yes

            ldap delete dn = no
  •  Save password for cn=Manager,dc=example,dc=com in Samba

            root@softnas# smbpasswd -W

  •  Restart Samba:

            root@softnas# /etc/init.d/sernet-samba-smbd restart

            root@softnas# /etc/init.d/sernet-samba-nmbd restart

  •  Now you can enable LDAP users to be used by samba:

            root@softnas# smbpasswd -a username


Additional Information

CIFS/SAMBA configuration via the UI can be found here:

SoftNAS Reference Guide: Configuring CIFS Shares

...