B.1 Component Information

The Samba distribution included with OES consists of the RPMs and configuration files outlined in this section.

B.1.1 Samba RPM

OES includes a Novell customized version of the Samba package (novell-samba-3.0.…).

In compliance with Samba standards, we have added the switches -with-ldapsam and -with-ssl to provide secure LDAP authentication support for Samba users.

B.1.2 The smb.conf Configuration File

In compliance with Linux Standards Base (LSB) requirements, we have placed the Samba configuration file (smb.conf) in the /etc/samba directory on the OES server.

The Novell implementation of Samba modifies that the smb.conf file that ships with SLES 9 as explained in Table B-1.

Table B-1 Modified/Added Entries in the smb.conf File

Section

Entry Name

Description

Change or Default Setting Information

[global]

workgroup =

Specifies the Windows workgroup that the Samba server either joins (if it exists) or effectively creates (if the name is new).

This is modified from TUX-NET to workgroup

 

netbios name =

Sets the NetBIOS name that a Samba server is known and advertised as. If Samba is installed for the first time by OES, Novell appends -W to the hostname for this entry. This is necessary to prevent a conflict with NCP on Linux, which uses the hostname.

This entry is added.

Default: netbios name = %h-W

%h is the server’s host name.

 

passdb backend =

Specifies that Samba account information is stored in eDirectory LDAP database.

This entry is added.

Do not modify this line.

 

ldap admin dn =

Specifies the Distinguished Name (DN) that Samba uses for contacting the eDirectory LDAP server to retrieve user account information for users requesting access to Samba shares.

The password for the DN specified at install time is encrypted by the installation process and stored in the SecretStore (secrets.tdb) on the OES server.

If the DN name is changed in eDirectory, the name specified in this file must also be changed.

If the DN password is changed, the new password must be stored using the smbpasswd command. For more information, see Section A.4, The Samba Proxy User Password Must Be Managed Separately.

This entry is added.

Example: ldap admin dn = cn=admin,o=novell

 

ldap suffix =

Specifies the context that is used to search for the server and user objects in eDirectory.

A search from this context down through the tree must find both the server and Samba users.

You cannot correct problems with this context by simply modifying this field with a text editor. Instead you must follow the instructions in Section C.1, A sambaDomain Object Error Occurs.

This entry is added.

The default setting is specified during install time as the Base context for Samba users.

 

ldap idmap suffix =

Specifies the location of sambaldmapEntry objects.

This entry is added.

The default setting is the O parent container. For example, o=novell.

 

ldap machine suffix =

Specifies where machine trust accounts are stored.

This entry is added.

The default setting is the O parent container. For example, o=novell.

 

ldap passwd sync =

Specifies that password encoding support is on or off.

This entry is added.

Default: ldap password sync = on

 

security =

Specifies the security mode.

The value must be set to user.

For more information, see samba.org on the Web.

This entry is added.

Default (required): security = user

 

encrypt passwords =

Specifies that passwords received from Windows clients are encrypted.

This value must be set to yes.

For more information, see samba.org on the Web.

This entry is added.

Default (required): encrypt passwords = yes

A full explanation of the smb.conf file is well beyond the scope of this guide. Table B-2 briefly explains the purpose of other sections found in the file. For detailed explanations, search for smb.conf on the Web.

Table B-2 A Brief Summary of the Other Entries in the smb.conf File

Section

Description

[profiles]

This section sets up a network profiles service for playing media files through Samba.

[users]

This section sets up a share that displays all the home directories in /home.

[groups]

This section sets up a share that displays any directories contained in /home/groups.

[printers]

[print$]

These sections set up a share for Samba printing, which is not supported on OES Linux. iPrint is the OES printing solution.

B.1.3 The ldap.conf Configuration File

Samba on Linux uses the OpenLDAP client libraries libldap.so and libldap_r.so. ldap.conf is the configuration file for OpenLDAP.

In compliance with Linux Standards Base (LSB) requirements, we have placed the ldap.conf file in the /etc/openldap directory on the OES server.

If you install the OES server into an existing tree, you must specify a trusted root certificate during OES installation if you want to use SSL. The ldap.conf file on your OES server then has the following certificate-related entries:

  • TLS_CACERT /etc/ssl/certname.cert
  • TLS_REQCERT demand

If you are installing a new directory tree, the ldap.conf file has the following entry:

  • TLS_REQCERT allow

For more information on the ldap.conf file, see the ldap.conf man page.