[SoftNAS KB]: Samba LDAP Configuration


To configure your SoftNAS Instance as an LDAP Client,  allowing you to integrate LDAP Users, you can do so via the UI by navigating to and expanding Identity and Access Control, under Settings, in the Storage Administration pane. For those familiar with command line configuration, and/or pre-existing configurations they wish to apply quickly, LDAP client configurations can be added through Samba.


This article walks the client through LDAP Client configuration via SAMBA.


Samba LDAP schema

The following steps  must be performed on the LDAP server:

  • Create conversion file schema_convert.conf somewhere with content(make sure the paths exist):

       include /etc/openldap/schema/core.schema
       include /etc/openldap/schema/collective.schema
       include /etc/openldap/schema/corba.schema
       include /etc/openldap/schema/cosine.schema
       include /etc/openldap/schema/duaconf.schema
       include /etc/openldap/schema/dyngroup.schema
       include /etc/openldap/schema/inetorgperson.schema
       include /etc/openldap/schema/java.schema
       include /etc/openldap/schema/misc.schema
       include /etc/openldap/schema/nis.schema
       include /etc/openldap/schema/openldap.schema
       include /etc/openldap/schema/ppolicy.schema
       include /etc/openldap/schema/samba.schema

  • Create a temporary directory labeled /tmp/ldap_schemas and run conversion with said directory as the target:

       slaptest -f schema_convert.conf -F /tmp/ldap_schemas

  • Delete the following entries from the end of the file /tmp/ldap_schemas/cn=config/cn=schema/cn={12}samba.ldif (Values may be different):

       structuralObjectClass: olcSchemaConfig

                 entryUUID: 87d6a1f0-fafd-1034-8589-c5fa9a8202ed

        creatorsName: cn=config

        createTimestamp: 20150929135547Z

        entryCSN: 20150929135547.659326Z#000000#000#000000

        modifiersName: cn=config

        modifyTimestamp: 20150929135547Z

  • Edit /tmp/ldap_schemas/cn=config/cn=schema/cn={12}samba.ldif

                  Replace lines below:

                       dn: cn={12}samba
                       objectClass: olcSchemaConfig

                       cn: {12}samba

                   With these lines
                        dn: cn=samba,cn=schema,cn=config
                        objectClass: olcSchemaConfig
                        cn: samba

  • Apply the new LDAP schema:

        ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ldap_schemas/cn\=config/cn\=schema/cn\=\{12\}samba.ldif

SoftNAS host configuration

The following steps must be performed on the SoftNAS host:

  • In /etc/nslcd.conf replace these parameters with the actual values of your LDAP server:

             # uri of LDAP server

                                   uri ldap://ldap.example.com:389/

                              # search base

                base dc=example,dc=com

              # dn for search request if LDAP server doesn't allow anonymous search

                binddn cn=proxyuser,dc=example,dc=com

              # password for search dn

                bindpw secret

  • In /etc/nsswitch.conf add ldap at the end of passwdgroup and shadow options. It should look like this:

            passwd: compat winbind ldap

            group: compat winbind ldap


                            shadow: compat ldap

Samba configuration

The following steps must be performed on the SoftNAS host:

  • Replace the [global] section with the below data in /etc/samba/smb.conf and replace passdb backend, ldap suufix, ldap, user suffix, ldap group suffix, ldap admin dn with their respective actual values (ldap admin dn should have rights to edit users dn's):


            security = user

            passdb backend = ldapsam:ldap://ldap.example.com:389/
            ldap suffix = dc=example,dc=com

            ldap user suffix = ou=users

            ldap group suffix = ou=groups

            ldap admin dn = cn=Manager,dc=example,dc=com

            ldap ssl = no

            ldap passwd sync = yes

            ldap delete dn = no
  • Save password for cn=Manager,dc=example,dc=com in Samba

            root@softnas# smbpasswd -W

  • Restart Samba:

            root@softnas# /etc/init.d/sernet-samba-smbd restart

            root@softnas# /etc/init.d/sernet-samba-nmbd restart

  • Now you can enable LDAP users to be used by samba:

            root@softnas# smbpasswd -a username

Additional Information

CIFS/SAMBA configuration via the UI can be found here:

SoftNAS Reference Guide: Configuring CIFS Shares