Solved

OpenIndiana SAMBA LDAP solution

Posted on 2013-05-18
10
748 Views
Last Modified: 2013-05-21
I'm looking for some input on the best way to get SAMBA with OpenLDAP backend set up and using an OpenIndiana/Nappit box for all storage. I already have my ZFS pool set up and running fine.

I am running 2 Proxmox nodes with Ubuntu server vm's on them for various processing applications. My end users run Windows, OSX and Ubuntu workstations. They shell in to the vm's to run their apps and generally save the output in their home folders. They also need their home folder mappings on their workstations.

So it looks like I need a SAMBA server for them to have home folders and permissions to work accordingly across all platforms. SMB seems to be the best protocol for accomodating such a heterogenous environment. And then to have SAMBA use OpenLDAP for authentication. Does this amount to a SAMBA PDC scenario?

I want to have all data land on the ZFS box first and foremost. So it looks like I will end up having all the vm's mounting shares via cifsmount. I really want to avoid NFS altogether because i see permissions getting tangled up. Plus I want LDAP involved on any data access.
0
Comment
Question by:ronfishtamu
  • 5
  • 5
10 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 39178669
The process of setting up LDAP/Samba is covered nicely in the Samba docs.

From the description of the environment I think you will be creating/using a Samba PDC. Since LDAP can be used directly for authentication on Linux and OS X and since doing that will mean unique UID's and uniform GID's across the domain, NFS file permissions problems will be non-existent. Allowing Linux and OS X clients to use NFS, which will be more efficient than CIFS. The windows clients will of course be using CIFS, but since LDAP will be mapping windows SID's to linux UID's there won't be permissions issues there.
0
 

Author Comment

by:ronfishtamu
ID: 39178680
thank you for replying! i have found what seems to be straightforward documentation on setting up the ldap server and samba on the solaris zfs box itself. have you seen this done with any issues before?

thanks again.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39178735
While I haven't done this on a Solaris box. I have a number of environments that are very similar. Each has a Linux server with OpenLDAP/Samba providing authentication & file storage to a network containing Linux, Windows, & OS X clients. In a few cases there are additional Linux pure file servers to meet the data flow requirements. Once properly set up I've had no issues.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Closing Comment

by:ronfishtamu
ID: 39178928
great response!
0
 

Author Comment

by:ronfishtamu
ID: 39185948
Haha, spoke too soon. Solaris fell into Oracle's hands, I think they prefer it having a Solaris LDAP server as well.

Gonna throw LDAP and Samba on a vm and shoot the data thru iscsi to the Solaris box. Bottleneck or not I need it done. Maybe I can IOMMU the NIC on the vm.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186000
OpenLDAP + smbldap-tools will result in a Linux/Unix/Windows integrated environment. I don't know how that combination will play with the native Solaris LDAP system.
0
 

Author Comment

by:ronfishtamu
ID: 39186016
i just grabbed the openldap vm and the pdc drop in vm from Turnkey. Gonna tie them together with the tools and see if I get lucky.

Do you use the phpldapadmin or similar to manage the LDAP users?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186043
I mostly manage these networks from the command line, but I do install phpldapadmin and use it occasionally.
0
 

Author Comment

by:ronfishtamu
ID: 39186054
thank you for your time I know you're busy. One last thing and i will pull my bootstraps up and go forth.

The first order of business for me when this is in production is to migrate my users off NIS and on to LDAP. Since it is obvious I look for shortcuts, do you know of a script or tool of some sort that would automate this? There are around 50 users on this network.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186102
What you need to do depends on the client OS. The configuration for Ubuntu will be different than that for CentOS/Redhat/Unix and different for OS X or windows. For a given OS you might be able to use a script, once you know exactly what changes are needed.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
The question appears often enough, how do I transfer my data from my old server to the new server while preserving file shares, share permissions, and NTFS permisions.  Here are my tips for handling such a transfer.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to moveā€¦
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question