Make Samba work with iRedMail's OpenLDAP database backend

First you should follow the steps in this howto to use iRedMail's OpenLDAP database for Unix user authentication!

Generate SambaSID

Create sidgenerateor.sh file

Create the sidgenerator.sh file with the following content:

#!/bin/sh

sambaSID=
for num in 1 2 3 ;do
  randNum=$(od -vAn -N4 -tu4 < /dev/urandom | sed -e 's/ //g')
  if [ -z "$sambaSID" ]; then
    sambaSID="S-1-5-21-$randNum"
  else
    sambaSID="${sambaSID}-${randNum}"
  fi
done
echo $sambaSID

exit 0

This script is created by naterator

Make it executable

chmod +x sidgenerator.sh

Generate sid

bash ./sidgenerator.sh

Set up Samba

Install samba

apt-get install samba smbldap-tools -y

Edit `/etc/samba/smb.conf`

We use root dn because we want to allow samba to create the sambaDomainName=SERVERNAME entry.

[global]
 ...
   netbios name = SERVERNAME
 ...
   passdb backend = ldapsam:ldap://127.0.0.1
   ldap ssl = no
   ldap admin dn = cn=Manager,dc=domain,dc=com
   ldap suffix = dc=domain,dc=com
 ...

Set LDAP password for Samba

Enter the password of ldap admin dn

smbpasswd -w *************SECRETPASSWORD*************

Restart Samba

service smbd restart

Set up OpenLDAP

Add the needed Samba settings to the domain group

{ou=Groups,domainName=domain.com,o=domains,dc=domain,dc=com}

objectClass->(new entry)->sambaGroupMapping

sambagrouptype=2
sambaSID=YOU-NEED-GENERATE-WITH-SCRIPT

Valid numbers for `sambagrouptype` entry

SID_NAME_USE_NONE=0,
SID_NAME_USER=1,
SID_NAME_DOM_GRP=2,
SID_NAME_DOMAIN=3,
SID_NAME_ALIAS=4,
SID_NAME_WKN_GRP=5,
SID_NAME_DELETED=6,
SID_NAME_INVALID=7,
SID_NAME_UNKNOWN=8,
SID_NAME_COMPUTER=9

Set up user

{ou=Users,domainName=domain.com,o=domains,dc=domain,dc=com}

objectClass->(new entry)->sambaSamAccount

Create the following entries under the user

(new attribute)->sambaGroupMapping

sambaSID=SID-OF-THE-SAMBA-SERVER-3000 # Increment the 3000 part
sambaAcctFlags=[U]
sambaLMPassword=*****************SAMBAPASSWORD*****************
sambaNTPassword=*****************SAMBAPASSWORD*****************
sambaPrimaryGroupSID=SID-OF-THE-CREATED-GROUP-  # Add '-' character to the end of the group sid
sambaPwdLastSet=-1

Make Samba work with iRedMail's OpenLDAP database backend

Generate SambaSID

Create sidgenerateor.sh file

Make it executable

Generate sid

Set up Samba

Install samba

Edit `/etc/samba/smb.conf`

Set LDAP password for Samba

Restart Samba

Set up OpenLDAP

Add the needed Samba settings to the domain group

Valid numbers for `sambagrouptype` entry

Set up user

Create the following entries under the user

Troubleshoot

Samba

OpenLDAP

No Comments

Make Samba work with iRedMail's OpenLDAP database backend

Generate SambaSID

Create sidgenerateor.sh file

Make it executable

Generate sid

Set up Samba

Install samba

Edit /etc/samba/smb.conf

Set LDAP password for Samba

Restart Samba

Set up OpenLDAP

Add the needed Samba settings to the domain group

Valid numbers for sambagrouptype entry

Set up user

Create the following entries under the user

Troubleshoot

Samba

OpenLDAP

No Comments

Edit `/etc/samba/smb.conf`

Valid numbers for `sambagrouptype` entry