• Open iManager and log in as the admin user.
• Under eDirectory Maintenance click on "Import Convert Export Wizard".
• Ensure "Import data from file on disk" is selected
• Select "Run in verbose mode"
• Click Next
• Choose "Schema File" in the File Type list
• Click Browse and select the file /usr/lib/nds-schema/rfc2307-usergroup.sch
• Deselect "Exit on error"
• Select "Run in verbose mode"
• Deselect "Add records without change type"

• Click Next
• Enter the IP address of your eDirectory server
• Change the port to 636
• Select the file /etc/opt/novell/SSCert.der in the "DER file" field
• Select "Authenticated Login" and enter your admin details
• Deselect "Use BLURP"
• Select "Allow Forward References"

• Click Next
  You should then see a screen such as

• Click Finish
  After a few seconds you should get a confirmation screen like this

• Under eDirectory Maintenance click on "Import Convert Export Wizard".
• Ensure "Import data from file on disk" is selected
• Select "Run in verbose mode"
• Click Next
• Choose "LDIF File" in the File Type list
• Click Browse and select the file /usr/share/doc/packages/samba/examples/LDAP/samba-nds.schema
• Deselect "Exit on error"
• Select "Run in verbose mode"
• Deselect "Add records without change type"

• Click Next
• Enter the IP address of your eDirectory server
• Change the port to 636
• Select the file /etc/opt/novell/SSCert.der in the "DER file" field
• Select "Authenticated Login" and enter your admin details
• Deselect "Use BLURP"
• Select "Allow Forward References"
• (See previous screenshot)
• Click Next
• Click Finish
• eDirectory is now capable of handling Samba account data.

• Create an OU in your tree called Users
• Within this OU create a group call eDirectoryUsers (or whatever you like) within the OU

• Under the Schema section click "Object Extensions"
• Select the group you created above and click OK
• Click Add, select posixGroup and click OK
• In the window that pops up enter a group number that's not in use on the Linux server

• and click OK, and OK again
  
  You should now see posixGroup listed as an extension

• Create a user in the OU you created earlier. (Tip: don't use spaces in the username)
• Set a password, but you don't need to enter a simple password
• Click OK to save the user
• Click on "Object Extensions"
• Choose the user you have just created
• Add the posixAccount extension
• Enter /home/username in the homeDirectory field
• Enter the group number you used above in gidNumber
• Enter a unique user ID number in the uidNumber field

• Click OK, and OK again
  You should now see posixAccount listed as an extension
  We will create the home folder later.

• Open YaST2, choose Network Services and click on LDAP Client
• Select "Use LDAP"
• Enter the OU you created earlier in the "LDAP Base DN"
• Enter the IP address of your eDirectory server in the "Address" field
• Select "LDAP TLS/SSL"

• Click Advanced Configuration
• Ensure "File Server" and "Enable LDAP Users to Log In" are selected
• Enter your admin user in "Administrator DN"
  (Tip: Always use commas not fullstops(periods) for LDAP fields)

• Click Next
• Click Finish
• As root edit the file /etc/ldap.conf/
• Check the host and base statements match your eDirectory server
• Uncomment the rootbinddn section and change the username to your administrator (remember commas)
• Save the file and quit
• Create a file called /etc/ldap.secret and put your admin password in it (plain text, yes really!)
• Change the permissions of the file to root read only, chmod 600 /etc/ldap.secret
  (If you don't like having the admin password stored in a file then you could create another user and assign the relevant rights to the parts of the tree we're using...)
  
  SLES should now authenticate to eDirectory...

Edit the file /etc/samba/smb.conf and change/add the following lines:
(Adjust the values to match your server :-)

ldap admin dn = cn=admin,o=sbs
ldap suffix = ou=users,o=sbs
passdb backend = ldapsam:ldaps://192.168.0.100:636 smbpasswd
encrypt passwords = yes
security = user

Make sure that there is a [homes] section such as
[homes]
     comment = Home Directories
     valid users = %S
     browseable = No
     read only = No
     guest ok = No

First we need to give Samba the admin password. This is accomplished with smbpasswd -w somethingverysecret where somethingverysecret is the password for the account you set in smb.conf. (Tip: if you put a space at the start of the command line then the command won't be saved in you shell history)

You should see a line that says "Setting stored password for 'cn=admin,o=sbs' in secrets.tdb" That will give Samba access via LDAP, so we should now be able to add user accounts.

Try smbpasswd -a markrobinson and enter the password twice when prompted

You should see a line that says "Added user markrobinson". If you get error messages complaining about ldapsam_search_one_group you can safely ignore them!

You can use a windows machine here if you like, but it's easier to test thing on Linux first. The command smbclient allows you to test samba without leaving the command line!

Try smbclient //192.168.0.100/markrobinson -u markrobinson and enter your password when prompted. You should get a prompt like smb: >

Try typing ls and you should see the contents of the user's home directory. You can type mkdir mynewfolder and a new folder should be created.

Type exit to leave the smb client, and change to /home/markrobinson and check that ls shows the new folder with the appropriate owner: drwxr-xr-x 2 markrobinson eDirectoryUsers 48 Feb 16 16:56 mynewfolder

Remember the kettle? Well, now is the time if you haven't had a coffee already. You should now be able to create more users and modify them for Samba/Linux authentication. You could add shared areas for a group by creating a new group in the users OU, creating folders on the Linux filesystem and changing the group ownership to the new group. Create a share for this folder in smb.conf and add users to the group and off you go...