LDAP User and Group Configuration for Samba Shares

Status
Not open for further replies.

mwaldtha

Cadet
Joined
Aug 25, 2017
Messages
3
I've got LDAP authentication and group restricted Samba shares configured against both QNAP and Synology NAS devices, and I am trying to create the same configuration/access using FreeNAS, but I am having some trouble and I'm hoping someone can help me out.

In my LDAP server the user records are decorated with the sambaSamAccount object class and the various samba related attributes that are required for that. The gid for each user record points to their own group entry, which is not decorated with any samba object classes or attributes. Users are then members of one or more additional groups, and it is these group entries that I use to grant access to various directory shares.

The problem I've run into is that if the group entry that the users gid points to is not decorated as a sambaGroupMapping with a SID, I am unable to access any shares and I get a NT_STATUS_INTERNAL_DB_CORRUPTION response. If I do decorate that primary group then I can access shares. It seems that FreeNAS requires this primary group to be decorated with samba attributes even if it is not used to grant access to any shares. Is that correct or is there a way around this issue? I do not have to do this for the QNAP or Synology devices so I'm looking for a way to have FreeNAS behave in the same manner.
 

mwaldtha

Cadet
Joined
Aug 25, 2017
Messages
3
Thanks. I saw that note, but it didn't mention any specifics, and since the other two devices didn't require this I thought I should check to make sure I hadn't missed something else in my configuration. Do you know of any other specific samba attributes that are required, or anywhere they may be documented?
 

mwaldtha

Cadet
Joined
Aug 25, 2017
Messages
3
No, I didn't. However, I was able to get my configuration going by decorating the primary group of each user as I mentioned above. That seems to be sufficient, at least for what I'm doing, and allows me to authenticate against a single LDAP server for shares defined on QNAP, Synology, and FreeNAS devices.
 
Status
Not open for further replies.
Top