Index > Help Tutorials > Samba with OpenLDAP Authentication Ubuntu 12.04 LTSWith the assumption that Ubuntu 12.04 LTS Server is already installed, it should work with any other version with some changes if any. No assurance that it will work for your setup, worked for me so I am sharing it
I am assuming that ldap is already installed and configured correctly, see this guide if you need to install and configure ldap up
My domain/tree is dc=testlab,dc=dev and administrator account is cn=admin,dc=testlab,dc=dev and administrator password is test please change it if to yours
file is pretty big and self explanatory, so go through it and answer/modify carefully, or just copy the example file came with samba package and modify it to your needs
[global]
workgroup = TESTLAB
netbios name = %h server (Samba, Ubuntu)
deadtime = 10
log level = 1
log file = /var/log/samba/log.%m
max log size = 5000
debug pid = yes
debug uid = yes
syslog = 0
utmp = yes
security = user
domain logons = yes
os level = 64
logon path =
logon home =
logon drive =
logon script =
passdb backend = ldapsam:"ldap://127.0.0.1/"
ldap ssl = no
ldap admin dn = cn=admin,dc=testlab,dc=dev
ldap delete dn = no
## Sync UNIX password with Samba password
## Method 1:
ldap password sync = yes
## Method 2:
;ldap password sync = no
;unix password sync = yes
;passwd program = /usr/sbin/smbldap-passwd -u '%u'
;passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
ldap suffix = dc=testlab,dc=dev
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m '%u' -t 1
rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
delete user script = /usr/sbin/smbldap-userdel '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
add machine script = /usr/sbin/smbldap-useradd -w '%u' -t 1
[NETLOGON]
path = /netlogon
browseable = no
share modes = no
[PROFILES]
path = /profiles
browseable = no
writeable = yes
create mask = 0611
directory mask = 0700
profile acls = yes
csc policy = disable
map system = yes
map hidden = yes
Restart both ldap and samba
service slapd restart
service smbd restart
service nmbd restart
Inform samba about the ldap administrator by setting samba password for ldap administrator, my password is test, change yours
sudo smbpasswd -w test
Now let populate samba users and groups to ldap database, optionally export the population to ldif first for review, you will also know if there is/are any error(s), it will just create ldif file and will not add anything to database
sudo smbldap-populate -e samba.ldif
Now populate in real
sudo smbldap-populate -u 30000 -g 30000
You might get one error about perl, if that is the only error then it can be ignored
You can try following to suppress that error, it might or might not work for your but worked for me
nano /usr/share/perl5/smbldap_tools.pm
and fine following, line number should be told in error message, mine was 1423
qw(ALRM INT HUP QUIT TERM TSTP TTIN TTOU)
and replace with
(qw(ALRM INT HUP QUIT TERM TSTP TTIN TTOU))
Lets add profiles and netlogon directories
mkdir /profiles /netlogon
Now lets create a test user
sudo smbldap-useradd -a -m -N 'Ryaz' -S 'Khan' rkhan
Set password for Ryaz Khan
sudo smbldap-passwd rkhan
Lets make rkhan domain administrator as well so he can join machines
sudo smbldap-groupmod -m 'rkhan' 'Domain Admins'
Restart all services or just reboot the system just to be on safe side
sudo reboot
Now go to xp or w7 machine and try joining them to your newly configured samba domain !
I was able to join w7 machine to domain at the point !
Lets login to the freshly joined workstation using Ryaz Khan's credentials