Solved

OpenIndiana SAMBA LDAP solution

Posted on 2013-05-18
10
742 Views
Last Modified: 2013-05-21
I'm looking for some input on the best way to get SAMBA with OpenLDAP backend set up and using an OpenIndiana/Nappit box for all storage. I already have my ZFS pool set up and running fine.

I am running 2 Proxmox nodes with Ubuntu server vm's on them for various processing applications. My end users run Windows, OSX and Ubuntu workstations. They shell in to the vm's to run their apps and generally save the output in their home folders. They also need their home folder mappings on their workstations.

So it looks like I need a SAMBA server for them to have home folders and permissions to work accordingly across all platforms. SMB seems to be the best protocol for accomodating such a heterogenous environment. And then to have SAMBA use OpenLDAP for authentication. Does this amount to a SAMBA PDC scenario?

I want to have all data land on the ZFS box first and foremost. So it looks like I will end up having all the vm's mounting shares via cifsmount. I really want to avoid NFS altogether because i see permissions getting tangled up. Plus I want LDAP involved on any data access.
0
Comment
Question by:ronfishtamu
  • 5
  • 5
10 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 39178669
The process of setting up LDAP/Samba is covered nicely in the Samba docs.

From the description of the environment I think you will be creating/using a Samba PDC. Since LDAP can be used directly for authentication on Linux and OS X and since doing that will mean unique UID's and uniform GID's across the domain, NFS file permissions problems will be non-existent. Allowing Linux and OS X clients to use NFS, which will be more efficient than CIFS. The windows clients will of course be using CIFS, but since LDAP will be mapping windows SID's to linux UID's there won't be permissions issues there.
0
 

Author Comment

by:ronfishtamu
ID: 39178680
thank you for replying! i have found what seems to be straightforward documentation on setting up the ldap server and samba on the solaris zfs box itself. have you seen this done with any issues before?

thanks again.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39178735
While I haven't done this on a Solaris box. I have a number of environments that are very similar. Each has a Linux server with OpenLDAP/Samba providing authentication & file storage to a network containing Linux, Windows, & OS X clients. In a few cases there are additional Linux pure file servers to meet the data flow requirements. Once properly set up I've had no issues.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Closing Comment

by:ronfishtamu
ID: 39178928
great response!
0
 

Author Comment

by:ronfishtamu
ID: 39185948
Haha, spoke too soon. Solaris fell into Oracle's hands, I think they prefer it having a Solaris LDAP server as well.

Gonna throw LDAP and Samba on a vm and shoot the data thru iscsi to the Solaris box. Bottleneck or not I need it done. Maybe I can IOMMU the NIC on the vm.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186000
OpenLDAP + smbldap-tools will result in a Linux/Unix/Windows integrated environment. I don't know how that combination will play with the native Solaris LDAP system.
0
 

Author Comment

by:ronfishtamu
ID: 39186016
i just grabbed the openldap vm and the pdc drop in vm from Turnkey. Gonna tie them together with the tools and see if I get lucky.

Do you use the phpldapadmin or similar to manage the LDAP users?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186043
I mostly manage these networks from the command line, but I do install phpldapadmin and use it occasionally.
0
 

Author Comment

by:ronfishtamu
ID: 39186054
thank you for your time I know you're busy. One last thing and i will pull my bootstraps up and go forth.

The first order of business for me when this is in production is to migrate my users off NIS and on to LDAP. Since it is obvious I look for shortcuts, do you know of a script or tool of some sort that would automate this? There are around 50 users on this network.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186102
What you need to do depends on the client OS. The configuration for Ubuntu will be different than that for CentOS/Redhat/Unix and different for OS X or windows. For a given OS you might be able to use a script, once you know exactly what changes are needed.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't create RAID on a HP Z220 CMT, preparation for VMWare. 6 103
(Open)LDAP V2.44  search proxy to AD (W2012R2) 37 140
centos linux 65 126
NetApp space reclaim 3 28
This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question