Samba Modules
Introduction
Penrose includes two modules to support integration with Samba. This modules are installed to watch Samba users and groups in Penrose. If the users or groups are missing Samba attributes like UID and GID, the modules will check the Samba server, create the account there if needed, and add the LDAP attributes automatically.
Module Configuration
Configure Samba modules as follows:
<modules> <module name="Samba User"> <module-class>org.safehaus.penrose.samba.SambaUserModule</module-class> </module> <module name="Samba Group"> <module-class>org.safehaus.penrose.samba.SambaGroupModule</module-class> </module> </modules>
If your Samba server is located on a different machine, you must configure SSH to let Penrose connect to Samba server and execute some commands. Add the following parameters to each module:
| Name | Description | Example |
|---|---|---|
| ssh.client | SSH client | /usr/bin/ssh or C:/Program Files/PuTTY/plink.exe |
| samba.server | Samba server | linux.example.com |
| samba.admin | Admin username of Samba server | root |
For example:
<module name="Samba User">
<module-class>org.safehaus.penrose.samba.SambaUserModule</module-class>
<parameter>
<param-name>ssh.client</param-name>
<param-value>C:/Program Files/PuTTY/plink.exe</param-value>
</parameter>
<parameter>
<param-name>samba.admin</param-name>
<param-value>root</param-value>
</parameter>
<parameter>
<param-name>samba.server</param-name>
<param-value>linux.example.com</param-value>
</parameter>
</module>
Then map the modules to the appropriate LDAP tree.
<modules>
<module-mapping>
<module-name>Samba User</module-name>
<base-dn>ou=Users,dc=Samba,dc=Example,dc=com</base-dn>
<filter>(objectClass=*)</filter>
<scope>ONELEVEL</scope>
</module-mapping>
<module-mapping>
<module-name>Samba Group</module-name>
<base-dn>ou=Groups,dc=Samba,dc=Example,dc=com</base-dn>
<filter>(objectClass=*)</filter>
<scope>ONELEVEL</scope>
</module-mapping>
</modules>