Solved

OpenIndiana SAMBA LDAP solution

Posted on 2013-05-18
10
737 Views
Last Modified: 2013-05-21
I'm looking for some input on the best way to get SAMBA with OpenLDAP backend set up and using an OpenIndiana/Nappit box for all storage. I already have my ZFS pool set up and running fine.

I am running 2 Proxmox nodes with Ubuntu server vm's on them for various processing applications. My end users run Windows, OSX and Ubuntu workstations. They shell in to the vm's to run their apps and generally save the output in their home folders. They also need their home folder mappings on their workstations.

So it looks like I need a SAMBA server for them to have home folders and permissions to work accordingly across all platforms. SMB seems to be the best protocol for accomodating such a heterogenous environment. And then to have SAMBA use OpenLDAP for authentication. Does this amount to a SAMBA PDC scenario?

I want to have all data land on the ZFS box first and foremost. So it looks like I will end up having all the vm's mounting shares via cifsmount. I really want to avoid NFS altogether because i see permissions getting tangled up. Plus I want LDAP involved on any data access.
0
Comment
Question by:ronfishtamu
  • 5
  • 5
10 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 39178669
The process of setting up LDAP/Samba is covered nicely in the Samba docs.

From the description of the environment I think you will be creating/using a Samba PDC. Since LDAP can be used directly for authentication on Linux and OS X and since doing that will mean unique UID's and uniform GID's across the domain, NFS file permissions problems will be non-existent. Allowing Linux and OS X clients to use NFS, which will be more efficient than CIFS. The windows clients will of course be using CIFS, but since LDAP will be mapping windows SID's to linux UID's there won't be permissions issues there.
0
 

Author Comment

by:ronfishtamu
ID: 39178680
thank you for replying! i have found what seems to be straightforward documentation on setting up the ldap server and samba on the solaris zfs box itself. have you seen this done with any issues before?

thanks again.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39178735
While I haven't done this on a Solaris box. I have a number of environments that are very similar. Each has a Linux server with OpenLDAP/Samba providing authentication & file storage to a network containing Linux, Windows, & OS X clients. In a few cases there are additional Linux pure file servers to meet the data flow requirements. Once properly set up I've had no issues.
0
 

Author Closing Comment

by:ronfishtamu
ID: 39178928
great response!
0
 

Author Comment

by:ronfishtamu
ID: 39185948
Haha, spoke too soon. Solaris fell into Oracle's hands, I think they prefer it having a Solaris LDAP server as well.

Gonna throw LDAP and Samba on a vm and shoot the data thru iscsi to the Solaris box. Bottleneck or not I need it done. Maybe I can IOMMU the NIC on the vm.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 40

Expert Comment

by:jlevie
ID: 39186000
OpenLDAP + smbldap-tools will result in a Linux/Unix/Windows integrated environment. I don't know how that combination will play with the native Solaris LDAP system.
0
 

Author Comment

by:ronfishtamu
ID: 39186016
i just grabbed the openldap vm and the pdc drop in vm from Turnkey. Gonna tie them together with the tools and see if I get lucky.

Do you use the phpldapadmin or similar to manage the LDAP users?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186043
I mostly manage these networks from the command line, but I do install phpldapadmin and use it occasionally.
0
 

Author Comment

by:ronfishtamu
ID: 39186054
thank you for your time I know you're busy. One last thing and i will pull my bootstraps up and go forth.

The first order of business for me when this is in production is to migrate my users off NIS and on to LDAP. Since it is obvious I look for shortcuts, do you know of a script or tool of some sort that would automate this? There are around 50 users on this network.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 39186102
What you need to do depends on the client OS. The configuration for Ubuntu will be different than that for CentOS/Redhat/Unix and different for OS X or windows. For a given OS you might be able to use a script, once you know exactly what changes are needed.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Lets start to have a small explanation what is VAAI(vStorage API for Array Integration ) and what are the benefits using it. VAAI is an API framework in VMware that enable some Storage tasks. It first presented in ESXi 4.1, but only after 5.x sup…
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now