Samba4/LDAP Backend/Samba 4 alpha 7 with Fedora DS

Overview

This page describes how to install Samba 4 alpha 7 with Fedora DS 1.2 on Fedora Core 10. Instruction for setting up Samba 4 replica is available here.

Building Samba

Prerequisites

The following packages are needed to build and run Samba:

% yum install gcc git autoconf make python-devel perl-LDAP phpldapadmin

Getting the Source Code

Download the source code into a source directory (SRC_DIR).

% cd SRC_DIR
% git clone git://git.samba.org/samba.git
% cd samba

To checkout the test branch:

% git checkout -b v4-0-test origin/v4-0-test

To checkout a specific release:

% git checkout -b devel release-4-0-0alpha7

Building Samba

Follow these steps to build Samba:

% cd SRC_DIR/samba/source4
% ./autogen.sh
% ./configure --enable-developer
% make
% make install

By default it will install Samba in /usr/local/samba (INSTALL_DIR).

Installing Fedora DS

% yum install fedora-ds

Configuring Samba

Create INSTALL_DIR/etc/smb.conf, for example:

[globals]
        netbios name     = samba1
        workgroup        = EXAMPLE
        realm            = EXAMPLE.COM
        server role      = domain controller
        system:anonymous = yes


[netlogon]
        path = INSTALL_DIR/var/locks/sysvol/example.com/scripts
        read only = no

[sysvol]
        path = INSTALL_DIR/var/locks/sysvol
        read only = no

Provisioning Fedora DS

Fix the schema problem as described below.

Execute the following command:

% cd SRC_DIR/samba/source4
% setup/provision-backend \
--realm=EXAMPLE.COM \
--domain=EXAMPLE \
--server-role='domain controller' \
--ldap-admin-pass=Secret123 \
--ldap-backend-type=fedora-ds

Edit INSTALL_DIR/private/ldap/fedorads.inf:

[General]
FullMachineName         = samba1.example.com
SuiteSpotUserID         = nobody
SuiteSpotGroup          = nobody
ServerRoot              = INSTALL_DIR/private/ldap

ConfigDirectoryLdapURL  = ldap://samba1.example.com
ConfigDirectoryAdminID  = admin
ConfigDirectoryAdminPwd = Secret123

AdminDomain             = example.com

[slapd]
ServerPort              = 390
ServerIdentifier        = samba4
Suffix                  = DC=example,DC=com

RootDN                  = cn=Directory Manager
RootDNPwd               = Secret123

ldapifilepath           = INSTALL_DIR/private/ldap/ldapi

start_server            = 0
install_full_schema     = 0

SchemaFile              = INSTALL_DIR/private/ldap/99_ad.ldif
ConfigFile              = INSTALL_DIR/private/ldap/fedorads-partitions.ldif

inst_dir                = INSTALL_DIR/private/ldap/slapd-samba4
config_dir              = INSTALL_DIR/private/ldap/slapd-samba4
schema_dir              = INSTALL_DIR/private/ldap/slapd-samba4/schema
lock_dir                = INSTALL_DIR/private/ldap/slapd-samba4/lock
log_dir                 = INSTALL_DIR/private/ldap/slapd-samba4/logs
run_dir                 = INSTALL_DIR/private/ldap/slapd-samba4/logs
db_dir                  = INSTALL_DIR/private/ldap/slapd-samba4/db
bak_dir                 = INSTALL_DIR/private/ldap/slapd-samba4/bak
tmp_dir                 = INSTALL_DIR/private/ldap/slapd-samba4/tmp
ldif_dir                = INSTALL_DIR/private/ldap/slapd-samba4/ldif
cert_dir                = INSTALL_DIR/private/ldap/slapd-samba4

Execute the following command:

% cd INSTALL_DIR/private/ldap
% /usr/sbin/setup-ds.pl --file=fedorads.inf

Currently the script doesn't read all of the above parameters properly so you have to re-enter it.

Starting Fedora DS

% cd INSTALL_DIR/private/ldap
% slapd-samba4/start-slapd

Provisioning Samba

% cd SRC_DIR/samba/source4
% setup/provision \
--realm=EXAMPLE.COM \
--domain=EXAMPLE \
--server-role='domain controller' \
--simple-bind-dn='cn=Directory Manager' \
--password=Secret123 \
--ldap-backend-type=fedora-ds \
--adminpass=Secret123 \
--ldap-backend=ldapi \
'--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK'
Server Role:    domain controller
Hostname:       samba1
NetBIOS Domain: EXAMPLE
DNS Domain:     example.com
DOMAIN SID:     S-1-5-21-3267683637-1467708756-1094392362
Admin password: Secret123

Starting Samba

% cd INSTALL_DIR/sbin
% ./samba -i -M single -d 3

Configuring DNS

DNS needs to be configured before joining a client or a replica. See this page.

Issues

Unsupported Attribute Syntaxes

The following attribute syntaxes are used by Samba but they are not supported by Fedora DS:

  • Printable String
  • UTC Time
  • DN with String
  • Presentation Address

To fix this, they must be mapped into different syntaxes that are supported by Fedora DS. This can be done by adding the following lines into samba/source4/setup/schema-map-fedora-ds-1.0:

#Printable String as IA5 String
1.3.6.1.4.1.1466.115.121.1.44:1.3.6.1.4.1.1466.115.121.1.26
#UTC Time as Generalized Time
1.3.6.1.4.1.1466.115.121.1.53:1.3.6.1.4.1.1466.115.121.1.24
#DN with String as Directory String
1.2.840.113556.1.4.904:1.3.6.1.4.1.1466.115.121.1.15
#Presentation Address as Directory String
1.3.6.1.4.1.1466.115.121.1.43:1.3.6.1.4.1.1466.115.121.1.15

Patches