Samba integration with OpenLDAP

Truth be told, I just haven’t had the time to play around with this project as much as I wanted. Maybe with it being close to Christmas and stuff winding down at work (plus, just wanting to be in Alaska by now!), I just don’t have the energy on an evening to sit down and crack on.

But, Samba has been running quite happily for a week or so and integrated quite nicely with OpenLDAP. Running on two different severs, thus simulating what you’re likely to get in the network environment, has been a bit of a struggle. All the documentation with regards to running the two of them together are aimed at them being on the same physical machine. Taking out SSL makes this fairly easy and doesn’t cause problems, but most of the tutorials on enabling SSL make it harder. This has been the cause of most of my problems.

In the end, a combination of Samba-OpenLDAP howto from Idealx (a bible almost!) and the LDAP SAMBA PDC Howto from the Gentoo Wiki (always excellent resources!) have got things up + running. Moving between the two doucments is fairly easy, but for the SSL parts, stick with the Gentoo Wiki version – much easier.

Configuring the client machine has been fairly non-eventful in terms of authentication – a couple of simple changes to PAM and configuring of the OpenLDAP connection all that is required. Logging in works fine, correctly authenticating and determining group privileges. It’s getting the correct drives mapped across that’s a challenge at the moment, and this is what I just can’t be bothered to figure out right now!

Again, almost all the tutorials expect you to be running Windows clients, which make it dead easy to configure using the login.bat scripts. However, these don’t work for Linux clients, requiring your own logon scripts. I’ve pretty much got it handling the home directories and the associated shared network drives. I’ve had a quick play with How to Implement Login Scripts into a Pure Linux Environment from the Novell KB which seems to do the trick, but I’m not too happy with the method of grabbing the groups and writing them to disk before mounting them.

Overall, aside from my mistakes and ignorance in not fully understanding SSL connections between the servers, and the struggle in getting login scripts to handle network drives, it’s all been fairly easy, albeit slow going! Certainly the smbldap-tools from Idealx have given the power required to add new users, create these Samba groups for shared network drives, and adjusting the user + group permissions.

For me, one of the core features of a network system for end-users is to allow any information they need to be accessible from anywhere, no matter the machine or OS, hence the design around Samba to facilitate Windows machines, as opposed to going for NFS (a much easier method considering the bulk of the work + clients I’d use would be Linux). This basic setup shows this is possible, but fiddly when compared to the Microsoft AD and NTFS shares it’s designed to replace.

Once additional features such as the web caching + filtering get built-in along with e-mail (both on separate servers – more work!), the true power and benefits should become apparent since they’re all running from a single authentication point and directory from the word go, without the need to hack things together as is the case with current MS AD / Samba connectors.


Senior Content Development for Microsoft writing about Azure Kubernetes Service (AKS). Model train nerd. Occasionally I play video games.

Leave a Reply

Your email address will not be published. Required fields are marked *