?
Solved

OpenIndiana SAMBA LDAP solution

Posted on 2013-05-18
10
Medium Priority
?
755 Views
Last Modified: 2013-05-21
I'm looking for some input on the best way to get SAMBA with OpenLDAP backend set up and using an OpenIndiana/Nappit box for all storage. I already have my ZFS pool set up and running fine.

I am running 2 Proxmox nodes with Ubuntu server vm's on them for various processing applications. My end users run Windows, OSX and Ubuntu workstations. They shell in to the vm's to run their apps and generally save the output in their home folders. They also need their home folder mappings on their workstations.

So it looks like I need a SAMBA server for them to have home folders and permissions to work accordingly across all platforms. SMB seems to be the best protocol for accomodating such a heterogenous environment. And then to have SAMBA use OpenLDAP for authentication. Does this amount to a SAMBA PDC scenario?

I want to have all data land on the ZFS box first and foremost. So it looks like I will end up having all the vm's mounting shares via cifsmount. I really want to avoid NFS altogether because i see permissions getting tangled up. Plus I want LDAP involved on any data access.
0
Comment
Question by:ronfishtamu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 2000 total points
ID: 39178669
The process of setting up LDAP/Samba is covered nicely in the Samba docs.

From the description of the environment I think you will be creating/using a Samba PDC. Since LDAP can be used directly for authentication on Linux and OS X and since doing that will mean unique UID's and uniform GID's across the domain, NFS file permissions problems will be non-existent. Allowing Linux and OS X clients to use NFS, which will be more efficient than CIFS. The windows clients will of course be using CIFS, but since LDAP will be mapping windows SID's to linux UID's there won't be permissions issues there.
0
 

Author Comment

by:ronfishtamu
ID: 39178680
thank you for replying! i have found what seems to be straightforward documentation on setting up the ldap server and samba on the solaris zfs box itself. have you seen this done with any issues before?

thanks again.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39178735
While I haven't done this on a Solaris box. I have a number of environments that are very similar. Each has a Linux server with OpenLDAP/Samba providing authentication & file storage to a network containing Linux, Windows, & OS X clients. In a few cases there are additional Linux pure file servers to meet the data flow requirements. Once properly set up I've had no issues.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Closing Comment

by:ronfishtamu
ID: 39178928
great response!
0
 

Author Comment

by:ronfishtamu
ID: 39185948
Haha, spoke too soon. Solaris fell into Oracle's hands, I think they prefer it having a Solaris LDAP server as well.

Gonna throw LDAP and Samba on a vm and shoot the data thru iscsi to the Solaris box. Bottleneck or not I need it done. Maybe I can IOMMU the NIC on the vm.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186000
OpenLDAP + smbldap-tools will result in a Linux/Unix/Windows integrated environment. I don't know how that combination will play with the native Solaris LDAP system.
0
 

Author Comment

by:ronfishtamu
ID: 39186016
i just grabbed the openldap vm and the pdc drop in vm from Turnkey. Gonna tie them together with the tools and see if I get lucky.

Do you use the phpldapadmin or similar to manage the LDAP users?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186043
I mostly manage these networks from the command line, but I do install phpldapadmin and use it occasionally.
0
 

Author Comment

by:ronfishtamu
ID: 39186054
thank you for your time I know you're busy. One last thing and i will pull my bootstraps up and go forth.

The first order of business for me when this is in production is to migrate my users off NIS and on to LDAP. Since it is obvious I look for shortcuts, do you know of a script or tool of some sort that would automate this? There are around 50 users on this network.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186102
What you need to do depends on the client OS. The configuration for Ubuntu will be different than that for CentOS/Redhat/Unix and different for OS X or windows. For a given OS you might be able to use a script, once you know exactly what changes are needed.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The question appears often enough, how do I transfer my data from my old server to the new server while preserving file shares, share permissions, and NTFS permisions.  Here are my tips for handling such a transfer.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question