Volume Number: 24
Issue Number: 11
Column Tag: Network Administration

Integrating OS X With OpenLDAP/Samba, Part 1

Configuring Your Mac To Work With Linux Samba and LDAP Servers

by Noah Gift

OS X is an incredible machine, of course, if you are reading this magazine, I didn't need to tell you that. It has arguably, the finest User Interface ever known to man, yet it has a beautiful Unix engine purring under the hood. OS X Server also has a somewhat forward thinking User Interface for managing the raw power of true Unix, as it elegantly hides the real world complexity of dealing with things like Apache and Open LDAP.

While OS X Server is certainly a fine piece of engineering, it might interest many to know, that configuring OS X to talk to a Linux infrastructure is fairly straightforward. I still remember fondly, when parts of OS X had to be altered, in an undocumented way, just to get it to work perfectly with Linux and Unix systems, but many of those problems have disappeared over the years. Virtualization, Leopard, and the further enhancement of Linux, has created a very opportune moment for OS X/Linux relations.

In this article, we explore the basics of getting started with using Samba hosted on a Linux Virtual Machine. Future articles will get deeper into Open LDAP/Samba integration.

As I mentioned earlier, virtualization has eased the difficulty of working with Linux. One of the reasons is that, in some respects, the Linux Operating System has become like a document that you open and close. If someone writes a great template for an invoice or resume in Microsoft Word, or iWork Pages, then you simply open the file, and fill in the blanks.

With the current advances in virtualization a Linux operating system can be almost as easy to work with as Microsoft Word. For a recent book I wrote, we released a free, as in beer, Ubuntu 7.10 virtual machine that is pre-configured with OpenLDAP and Samba. You can download it here, start it with VMWare Fusion, and then just play it:

http://examples.oreilly.com/9780596515829/vm/

The username and password for everything on the virtual machine is py4sa, including the Samba service we will use in this article.

If you are on old Mac guy or gal, you may be more familiar with AFP, or Apple File Protocol, than with Samba. Briefly, Samba is Open Source/Free software that has been around since 1992, and it enables File and Print sharing over the SMB/CIFS protocol. SMB originated with Microsoft as a network sharing protocol for Windows.

Samba is pre-installed on OS X and you can easily create a samba share on your Mac by simply selecting File Sharing under Sharing in System Preferences, as seen in the screenshot:

Figure 1: Sharing

In our case, though, we are going to use virtualization to talk to a share we create inside of the virtual machine we downloaded, so instead of serving the share, our Mac will be the client.

If you downloaded the Virtual Machine you should perform the following steps to make sure you get up to speed to follow the rest of the article. If you have problems with the virtual machine networking, or don't want to download a 500MB file, don't worry, because in a later article we go into detail about how to configure this from scratch. Note, you will need to have a copy of VMWare fusion to follow along.

Step 1: Start the Virtual Machine

Step 2: Once running, log in with py4sa as the username and password

Step 3: Double check that samba started by typing at the shell:

sudo /etc/init.d/samba 

Step 4: Ensure Network Is Working by typing at shell

ifconfig

Here is a screenshot of what this looks like a successfully running virtual machine:

Figure 2: Verifying VM Is Working Properly

If you performed the previous steps and everything working, the rest is just as easy. We can simply edit the samba configuration file and add a share for us to connect to. To do this just edit this file: /etc/samba/smb.conf with vim, or your favorite text editor, and add these lines to the bottom:

[share]
path = /usr

Next, just restart the samba service so it rereads the config file by typing in:

sudo /etc/init.d/samba restart

Now simply browse to the share PY4SA, by creating a new Finder window, as shown in the figure below and authenticating. If you follow along with the steps below you will be able to obtain Read Only Access to the /usr directory on the virtual machine.

Figure 3: Logging in to a Samba share

Figure 4: Authenticating to the share

Figure 5: Read Only Access Trying To Create Directory In Share

Notice, as shown in Figure 5 above, that if you try to create a file onto the share you get an access privileges error. We only have Read Only access! This is because of the extremely basic configuration for [share] we set up. If you are brave, feel free to dig into the smb.conf and fix the problem. Otherwise, next month we go all out on creating a realistic permission structure for an Enterprise or a Home. For now, just getting a virtual server up and running, and then connecting to it is a good stride.

In this article, we began to think about how a virtualized Linux infrastructure might make sense for OS X clients. We created a one way, Read Only connection to an Ubuntu Linux virtual machine via a SMB share we created ourselves.

In the next article we dig in deep and configure LDAP and Samba to work together, create a realistic share permission structure, and authenticate our Mac's directory to a Linux LDAP server, as well as get familiar with managing LDAP through various native and foreign tools.

Noah Gift. "How To Build A Dirt Easy NAS with Samba". Red Hat Magazine, http://www.redhatmagazine.com/2007/06/26/.

Noah Gift. Getting Started With Open Directory. O'Reilly. http://www.macdevcenter.com/pub/a/mac/2007/06/01/discover-the-power-of-open-directory.html

Noah Gift and Jeremy Jones. Python For Unix and Linux Systems Administration. O'Reilly. ISBN: 0596515820

Noah Gift has been a Mac user since his family bought a Macintosh Performa 6300 in 1992, and started connected to BBS networks immediately and then eventually the World Wide Web in 1993 when it become open to the public. He is the co-author of Python For Unix and Linux System Administration by O'Reilly, and the upcoming Google App Engine In Action by Manning.

Noah has a couple of decades of experience in the television and film industry starting off as an editor for ABC Network News as a teenager. He contributed to the first feature animated film for Disney Feature Animation and Sony Imageworks. He also had stints at Turner Studios and Caltech, where he worked for the Nobel Prize winning President as a Mac expert. He has a Master's degree in CIS, and is LPI and ACSA certified. He also organizes PyAtl, the local Python programmers user group in Atlanta.

Currently Noah is consultant, writer and speaker, specializing in OS X/Unix, Linux, Python, and Web development for his company, GiftCS, www.giftcs.com. Many of his projects and writing are available at www.noahgift.com. He can be contacted at noah.gift@giftcs.com