B.1 Component Information

The Samba distribution included with Open Enterprise Server 11 SP3 (OES 11 SP3) consists of the RPMs and configuration files outlined in this section.

B.1.1 Samba RPM

OES includes a customized configuration package for the Samba software that is installed on every SLES 11 SP4 server. This package is named novell-samba-3.4.xxx.

In compliance with Samba standards, Novell has added the switches -with-ldapsam and -with-ssl to provide secure LDAP authentication support for Samba users.

B.1.2 The smb.conf Configuration File

In compliance with Linux Standards Base (LSB) requirements, the Samba configuration file (smb.conf) is placed in the /etc/samba directory on the OES server.

The Novell implementation of Samba modifies the smb.conf file that ships with SLES 11 as explained in Table B-1.

Table B-1 Modified/Added Entries in the smb.conf File

Section

Entry Name

Description

Change or Default Setting Information

[global]

workgroup =

Specifies the Windows workgroup that the Samba server either joins (if it exists) or creates (if the name is new).

This is modified from TUX-NET to WORKGROUP.

 

netbios name =

Sets the NetBIOS name that a Samba server is known and advertised as. If Samba is installed for the first time by OES, Novell appends -W to the hostname for this entry. This is necessary to prevent a conflict with NCP on Linux, which uses the hostname.

Extra steps must be taken if you need to change this setting. For more information, see Section A.7, NetBios Name for Samba Is Limited to 15 Characters in Length.

This entry is added.

Default: netbios name = %h-W

%h is the server’s DNS host name.

 

passdb backend =

Specifies that Samba account information is stored in eDirectory LDAP database.

This entry is added.

Do not modify this line.

 

ldap admin dn =

Specifies the Distinguished Name (DN) of the proxy user that Samba uses for contacting the eDirectory LDAP server to retrieve user account information for users requesting access to Samba shares.

For more information, see Section A.3, The Samba Proxy User.

This entry is added.

Example: ldap admin dn = cn=admin,o=novell

 

ldap suffix =

Specifies the context that is used to search for the Samba user objects in eDirectory. A search from this context down through the tree must find the Samba users.

You cannot correct problems with this context by simply modifying this field with a text editor. Instead you must follow the instructions in Section A.1, Setting the Base Context for Samba Users.

This entry is added.

The default setting is specified during install time as the Base context for Samba users.

 

ldap passwd sync =

Specifies that password encoding support is on or off.

This entry is added.

Default: ldap password sync = on

 

security =

Specifies the security mode.

The value must be set to user.

For more information, see samba.org on the Web.

This entry is added.

Default (required): security = user

 

encrypt passwords =

Specifies that passwords received from Windows clients are encrypted.

The value must be set to yes.

For more information, see samba.org on the Web.

This entry is added.

Default (required): encrypt passwords = yes

 

server string =

Specifies the string that is displayed for the Samba server in Windows Explorer, My Network Places, and for mapped drives.

The default (even when no value is specified) is “Samba %v” where %v is the Samba version.

When you set the value to a null string (server string = ““), no extra information is displayed for the Samba server.

This entry is not added, but is supported on OES Samba servers.

Default: no value specified

A full explanation of the smb.conf file is beyond the scope of this guide. Table B-2 briefly explains the purpose of other sections found in the file. For detailed explanations, search for smb.conf on the Web.

Table B-2 Brief Summary of the Other Entries in the smb.conf File

Section

Description

[profiles]

This section sets up a network profiles service for playing media files through Samba.

[users]

This section sets up a share that displays all the home directories in /home.

[groups]

This section sets up a share that displays any directories contained in /home/groups.

[printers]

[print$]

These sections set up a share for Samba printing, which is not supported on OES. Because iPrint is the OES printing solution, the OES installation comments out these sections in the smb.conf file.

B.1.3 The ldap.conf Configuration File

Samba on Linux uses the OpenLDAP client libraries libldap.so and libldap_r.so. ldap.conf is the configuration file for OpenLDAP.

In compliance with Linux Standards Base (LSB) requirements, we have placed the ldap.conf file in the /etc/openldap directory on the OES server.

If you install the OES server into an existing tree, you must specify a trusted root certificate during OES installation if you want to use SSL. The ldap.conf file on your OES server then has the following certificate-related entries:

  • TLS_CACERT /etc/ssl/certname.cert

  • TLS_REQCERT demand

If you are installing a new directory tree, the ldap.conf file has the following entry:

  • TLS_REQCERT allow

For more information on the ldap.conf file, see the ldap.conf man page.