Configuration of pdb_nds in Samba server for NDS authentication

By: tukaram

August 28, 2008 3:13 pm





pdb_nds is a back-end LDAP authentication method for Samba server. This back-end module provides authentication to the users to the Novell eDirectory™ server (NDS).

The eDirectory server can be configured in /etc/samba/smb.conf as follows to allow Samba server to contact eDirectory for user authentication:

passdb backend = NDS_ldapsam:ldaps://

If you have configured users in multiple NDS servers, the configuration is as follows:

passdb backend = NDS_ldapsam:"ldaps:// ldaps:// ldaps://"

With this confguration the NDS users can access the file shares from the Samba server.

A typical /etc/samba/smb.conf file will look like:

#ident $Id: smb.conf,v 1.30 2005/02/21 01:14:03 lukeh Exp $
# Samba configuration file for Domain Services for Windows

        workgroup = TUKS
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        include = /etc/samba/dhcp.conf
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = Yes
        netbios name = DSFW-TUKS
        realm =
        auth methods = guest winbind
        server string = Novell Open Enterprise Server
        security = ads
        encrypt passwords = Yes
        socket options = TCP_NODELAY
        local master = Yes
        os level = 64
        domain master = Yes
        preferred master = Yes
        domain logons = Yes
        idmap uid = 1-4294967295
        idmap gid = 1-4294967295
        pid directory = /var/run/samba
        use kerberos keytab = Yes
        winbind use default domain = Yes
        winbind nss info = rfc2307
        dce funnel directory = /var/opt/novell/xad/rpc
        nt acl support = No
        load printers = No
        passdb backend = NDS_ldapsam:ldaps://
        wins support = No
Note: A new flag ldap_state_is_nds_ldap has been added to the source/include/smbldap.h file to check whether the NDS ldap method has been configured.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Tags: , , ,
Categories: SUSE Linux Enterprise Desktop, Technical Solutions

Disclaimer: As with everything else in the SUSE Blog, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.