Using Samba with JumpCloud Authentication
It took me a while to figure out how to set this up, so I thought I'd make this wiki page to help others do the same.
Setting up JumpCloud
Log into JumpCloud as an administrator and create a new user to function as a service user to connect with. Then, on the left, go to 'Directories' and go to the JumpCloud LDAP directory. In the LDAP directory, click the checkbox that says 'Configure Samba Authentication', and set the domain to whatever you want to use as the domain name. Once you're done with that, make a new user group for users allowed to authenticate in Samba, and check 'Enable Samba Authentication' on that group. Add any users you want to be allowed to authenticate in Samba to this group.
Setting up Samba
Paste the below into your /etc/samba/smb.conf, changing values as necessary. I put the values you need to change in caps. You can find your organization's ID
[global] log file = /var/log/samba/%m log level = 1 workgroup = DOMAIN_SET_IN_JUMPCLOUD netbios name = DOMAIN_SET_IN_JUMPCLOUD server role = standalone server passdb backend = ldapsam:ldap://ldap.jumpcloud.com:389 ldap ssl = start tls ldap suffix = o=JUMPCLOUD_ORG_ID,dc=jumpcloud,dc=com ldap admin dn = uid=SERVICE_USER'S_USERNAME,ou=Users,o=JUMPCLOUD_ORG_ID,dc=jumpcloud,dc=com ldap user suffix = ou=Users ldap passwd sync = yes
Once you do that, run 'smbpasswd -W' a root and enter the password for your service user, then (re)start your Samba server. You should now be able to use smbclient -L
and authenticate using credentials for a user in the group you created earlier.
Note that, although I haven't tried it, I am pretty sure you cannot use Samba as a domain controller with this configuration