Configuration of pdb_nds in Samba server for NDS authentication

pdb_nds is a back-end LDAP authentication method for Samba server. This back-end module provides authentication to the users to the Novell eDirectory™ server (NDS).

The eDirectory server can be configured in /etc/samba/smb.conf as follows to allow Samba server to contact eDirectory for user authentication:

passdb backend = NDS_ldapsam:ldaps://192.168.1.5:636

If you have configured users in multiple NDS servers, the configuration is as follows:

passdb backend = NDS_ldapsam:"ldaps://192.168.1.5:636 ldaps://192.168.1.6:636 ldaps://192.168.1.7:636"

With this confguration the NDS users can access the file shares from the Samba server.

A typical /etc/samba/smb.conf file will look like:

#ident $Id: smb.conf,v 1.30 2005/02/21 01:14:03 lukeh Exp $
#
# Samba configuration file for Domain Services for Windows
#

[global]
        workgroup = TUKS
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        include = /etc/samba/dhcp.conf
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = Yes
        netbios name = DSFW-TUKS
        realm = tuks.com
        auth methods = guest winbind
        server string = Novell Open Enterprise Server
        security = ads
        encrypt passwords = Yes
        socket options = TCP_NODELAY
        local master = Yes
        os level = 64
        domain master = Yes
        preferred master = Yes
        domain logons = Yes
        idmap uid = 1-4294967295
        idmap gid = 1-4294967295
        pid directory = /var/run/samba
        use kerberos keytab = Yes
        winbind use default domain = Yes
        winbind nss info = rfc2307
        dce funnel directory = /var/opt/novell/xad/rpc
        nt acl support = No
        load printers = No
        passdb backend = NDS_ldapsam:ldaps://192.168.1.5:636
        wins support = No