Samba4/LDAP Backend/Samba 4 alpha 7 with Fedora DS


This page describes how to install Samba 4 alpha 7 with Fedora DS 1.2 on Fedora Core 10. Instruction for setting up Samba 4 replica is available here.

Building Samba


The following packages are needed to build and run Samba:

% yum install gcc git autoconf make python-devel perl-LDAP phpldapadmin

Getting the Source Code

Download the source code into a source directory (SRC_DIR).

% cd SRC_DIR
% git clone git://
% cd samba

To checkout the test branch:

% git checkout -b v4-0-test origin/v4-0-test

To checkout a specific release:

% git checkout -b devel release-4-0-0alpha7

Building Samba

Follow these steps to build Samba:

% cd SRC_DIR/samba/source4
% ./
% ./configure --enable-developer
% make
% make install

By default it will install Samba in /usr/local/samba (INSTALL_DIR).

Installing Fedora DS

% yum install fedora-ds

Configuring Samba

Create INSTALL_DIR/etc/smb.conf, for example:

        netbios name     = samba1
        workgroup        = EXAMPLE
        realm            = EXAMPLE.COM
        server role      = domain controller
        system:anonymous = yes

        path = INSTALL_DIR/var/locks/sysvol/
        read only = no

        path = INSTALL_DIR/var/locks/sysvol
        read only = no

Provisioning Fedora DS

Fix the schema problem as described below.

Execute the following command:

% cd SRC_DIR/samba/source4
% setup/provision-backend \
--realm=EXAMPLE.COM \
--domain=EXAMPLE \
--server-role='domain controller' \
--ldap-admin-pass=Secret123 \

Edit INSTALL_DIR/private/ldap/fedorads.inf:

FullMachineName         =
SuiteSpotUserID         = nobody
SuiteSpotGroup          = nobody
ServerRoot              = INSTALL_DIR/private/ldap

ConfigDirectoryLdapURL  = ldap://
ConfigDirectoryAdminID  = admin
ConfigDirectoryAdminPwd = Secret123

AdminDomain             =

ServerPort              = 390
ServerIdentifier        = samba4
Suffix                  = DC=example,DC=com

RootDN                  = cn=Directory Manager
RootDNPwd               = Secret123

ldapifilepath           = INSTALL_DIR/private/ldap/ldapi

start_server            = 0
install_full_schema     = 0

SchemaFile              = INSTALL_DIR/private/ldap/99_ad.ldif
ConfigFile              = INSTALL_DIR/private/ldap/fedorads-partitions.ldif

inst_dir                = INSTALL_DIR/private/ldap/slapd-samba4
config_dir              = INSTALL_DIR/private/ldap/slapd-samba4
schema_dir              = INSTALL_DIR/private/ldap/slapd-samba4/schema
lock_dir                = INSTALL_DIR/private/ldap/slapd-samba4/lock
log_dir                 = INSTALL_DIR/private/ldap/slapd-samba4/logs
run_dir                 = INSTALL_DIR/private/ldap/slapd-samba4/logs
db_dir                  = INSTALL_DIR/private/ldap/slapd-samba4/db
bak_dir                 = INSTALL_DIR/private/ldap/slapd-samba4/bak
tmp_dir                 = INSTALL_DIR/private/ldap/slapd-samba4/tmp
ldif_dir                = INSTALL_DIR/private/ldap/slapd-samba4/ldif
cert_dir                = INSTALL_DIR/private/ldap/slapd-samba4

Execute the following command:

% cd INSTALL_DIR/private/ldap
% /usr/sbin/ --file=fedorads.inf

Currently the script doesn't read all of the above parameters properly so you have to re-enter it.

Starting Fedora DS

% cd INSTALL_DIR/private/ldap
% slapd-samba4/start-slapd

Provisioning Samba

% cd SRC_DIR/samba/source4
% setup/provision \
--realm=EXAMPLE.COM \
--domain=EXAMPLE \
--server-role='domain controller' \
--simple-bind-dn='cn=Directory Manager' \
--password=Secret123 \
--ldap-backend-type=fedora-ds \
--adminpass=Secret123 \
--ldap-backend=ldapi \
'--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK'
Server Role:    domain controller
Hostname:       samba1
DNS Domain:
DOMAIN SID:     S-1-5-21-3267683637-1467708756-1094392362
Admin password: Secret123

Starting Samba

% cd INSTALL_DIR/sbin
% ./samba -i -M single -d 3

Configuring DNS

DNS needs to be configured before joining a client or a replica. See this page.


Unsupported Attribute Syntaxes

The following attribute syntaxes are used by Samba but they are not supported by Fedora DS:

  • Printable String
  • UTC Time
  • DN with String
  • Presentation Address

To fix this, they must be mapped into different syntaxes that are supported by Fedora DS. This can be done by adding the following lines into samba/source4/setup/schema-map-fedora-ds-1.0:

#Printable String as IA5 String
#UTC Time as Generalized Time
#DN with String as Directory String
#Presentation Address as Directory String