Samba shares with LDAP user authentication

Kernels & Hardware, configuring network, installing services

Samba shares with LDAP user authentication

Postby CharlesR » 2020-07-11 14:47

Hi all, unexperienced newbie here!

It is my goal to set up Samba shares and a LDAP server on Debian 10. To access the Samba shares from Windows machines, I want to be able to use the credentials of users in the LDAP directory for authentication. E.g. "Max" is a user in the LDAP directory and belongs to the "developers" group. He should be able to connect to the Samba share "development" using his username and password as specified in LDAP.

I followed this installation guide for OpenLDAP and the web interface phpLDAPadmin (I did not do the TLS encryption part). I had to manually download phpLDAPadmin, but everything seems to be working as intended, I can now create users and groups on the web interface.

Next I installed Samba and tested it by creating a new user on my Debian system, set smbpasswd for the new user and edited the smb.conf file accordingly. Also works. I can now connect a network drive on my Windows machine to a Samba share using the username and password of the new user. But obviously, that was not a user from the LDAP directory. I only did this for testing.

A quick Google search led me to this wiki page and I followed the steps in section "For Samba LDAP support" using the cn=config method because I don't have a slapd.conf file (not sure but afaik the slapd.conf is for older LDAP versions).

How do I go from here? I assume I have to edit smb.conf similar to how it is described here: Samba DC with LDAP backend, except that I don't need a domain controller for my Windows login, I just want to access the Samba shares from any local Windows account but using a LDAP user for authentication when connecting a network drive.

Any help would be greatly appreciated!

Posts: 1
Joined: 2020-07-11 11:19

Re: Samba shares with LDAP user authentication

Postby zenlord » 2020-07-15 15:42

Everything you have written is correct: you just need to set up Samba to use the openldap directory as a source for authentication. You don't need a domain controller, unless you want to switch to networked user accounts entirely (before you do, make sure you can debug issues, or you'll lock yourself out of your computer ;))

A preliminary thought could go towards the choice between rfc2307 and rfc2307bis (the latter is not a standard, but it is supported quite ok and the way GroupOfNames works, just feels more intuitive to me).

Posts: 77
Joined: 2009-06-17 15:23

Return to System configuration

Who is online

Users browsing this forum: No registered users and 11 guests