Dear Zhang,
  I got this error messages, Notice: samba extensions not detected. CIFS authentication to LDAP disabled.
so the next step is to install samba extensions on iredmail server?

Thanks
Napoleon

Dear Zhang,

   I thought you have said it is very easy, I found out it need to do many things on ldap, like adding the schema using ldapadd, ldapmodify command, and it will end up in no sufficient right.
  I am thinking if we got it right and smooth, it could be great help for iredmail community, because i believe some else will use iredadmin as their smb server ldap server presently and future, and this guide will help them most.

Thanks
Napoleon

I'm not sure why Samba schema is required by FreeNAS, i wonder is it possible to disable Samba schema requirement in FreeNAS web admin panel?

1. below is i used ldap admin, clear seen it have samba schema now.
2. i have checked the uses samba schema. the connection seem success

I hope anybody with the experiences of using freenas as file server which used iredmail user thru ldap connection can give me some guide.

right now is that I could not populate the ldap with samba schema as I don't know how

Yes.

Would you mind sharing what attributes/values you need to add? Maybe i have better idea for customization without breaking iRedAdmin(-Pro) upgrading process.

Zhang,

  This is my research and finding on how to have freenas work with iredmail ldap
1    yum update
2    yum install openssh openssh-client openssh-server
3    yum install vim
4    yum install bzip2
5    systemctl start sshd
6    systemctl enable sshd
7    Install firewall and config
7.1    Yum install firewalld
7.2    firewall-cmd --get-active-zone
7.3    firewall-cmd --zone=iredmail --list-all
7.4    firewall-cmd --add-service={ldap,ldaps} --permanent
7.5    firewall-mcd --reload
8    install iredmail server
8.1    download the latest iRedmail package
8.2    unpack using tar -xvf iRedMail-0.9.8.tar.bz2
8.3    cd iRedMail-0.9.8
8.4    bash iRedMail.sh
9    install iRedAdmin-Pro
9.1    download the latest iRedAdmin-Pro package
9.2    tar xvf iRedAdmin-Pro-LDAP-3.1.tar.bz2
9.3    cd iRedAdmin-Pro-LDAP-3.1
9.4    bash upgrade_iredadmin.sh
10    install samba
10.1    yum install smbldap-tools
10.2    yum install samba*
11    config the server to import samba scheme
11.1    vim /etc/openldap/slapd.conf
11.2    add this on the appropriate line “include /etc/openldap/schema/samba.schema”
11.3    add this on nearly last line
11.4    index sambaSID                eq
11.5    index sambaPrimaryGroupSID    eq
11.6    index sambaDomainName         eq
11.7    index sambaGroupType eq
11.8    index sambaSIDList eq
11.9    to make things simple, you can used plain password for Manager by adding rootpw secret (secret is your password) you can also used the ssha one provided all your connection is using the ssha. I used plain password for more clarity in explanation.
12    the iredmail should have samba schema, you can check using ldap admin (ldap free windows software) but this is a view only software, we need to have one that can edit as the iredadmin did not add the necessary attributes need for freesamba so we install ldapvi
13    install ldapvi
13.1    yum install ldapvi
14    manipulate the ldap using ldapvi
14.1    ldapvi --discover --host ct-mailfree -D, --user cn=Manager,dc=mydomain,dc=com -w, --password secret
14.2    upon enter the ldap that look like vi add the following to every user to make accessible from freenas
14.2.1    objectClass: inetOrgPerson
14.2.2    objectClass: sambaSamAccount
14.2.3    objectClass: posixAccount
14.2.4    objectClass: top
                sambaSID: S-1-5-21-1045372319-2979546414-3360713982-3008
                uidNumber: 1004
14.2.5    gidnumber: 505
14.2.6    memberuid: (please change this to iredmail uid like napoleon.lam)
14.2.7    sambaLMPassword: 722AC01404A7515648116059303999A (this is generatel when I enter password from phpldapadmin. It can also enter as plain text)
14.2.8    sambaNTPassword: AAF696F5A0CC601A636A0364D5BF882
14.2.9    sambaPwdCanChange: 0
14.2.10    sambaPwdLastSet: 1537512632 (this is date set and should be date before you used this account. Use this converter https://www.epochconverter.com/)
14.2.11    sambaPwdMustChange: 1569048632 (this is the date set and should be set farther than this user can used)
14.2.12    gidNumber: 505
14.3    Also, please set the group first just as below
14.3.1    Use the word “add” in front to add
                      Add dn: cn=IT,sambaDomainName=WORKGROUP,dc=mydomain,dc=com
                      cn: IT
                      displayName: IT
                      gidNumber: 505
                      memberUid: napoleon.lam
                      memberUid: mario.li
                      objectClass: posixGroup
                      objectClass: sambaGroupMapping
                      objectClass: top
                      sambaGroupType: 2
                      sambaSID: S-1-5-21-1045372319-2979546414-3360713982-2010 <this is autogenerate and I just changes any of it>

14.4    type :wq! (just like vi for write and quit) then type y to confirm, if some error, press e to edit and correct.
14.5    The command to use ldapvi http://www.lichteblau.com/ldapvi/manual/
15    Check the entry again to verify if the entry is successfully added by ldapvi --discover --host ct-mailfree -D, --user cn=Manager,dc=mydomain,dc=com -w, --password secret
16    systemctl restart slapd (to restart the slapd)
17    ----------------------------------------------on part of freenas------------------------------------------------------------------
18    Download the freenas iso FreeNAS-11.1-U5.iso from websites and upload to pve
19    Should allocate another freespace for freenas data, I used add harddisk with give more, also install to choose bios
20    Create volume and some dataset (first used the default one)
21    Configure the ldap by:
21.1    Choose Directoy->LDAP
21.2    Hostname: <ip of iredmail server>:389
21.3    Base DN: dc=mydomain,dc=com
21.4    Bind DN: cn=Manager,dc=mydomain,dc=com
21.5    Bind password: <use the password found on slapd.conf>
22    Press “Advanced Mode” and check the Samba Schema
23    Press save. (It need around 10 seconds and will display “ldap update successfully” other it will said failed and you should find out why and resolve it.
24    Press the “Rebuild Directory Service Cache” for immediate effect of ldap retrieval from iredmail
25    Please check the success on ldap access from iredmail by
25.1    Using the give permission on dataset
25.1.1    Choose view volumes->share and click “change permission”.
25.1.2    Click the drop down box beside Owner (user) you should see the iredmail user you have process (I means add the samba attributes using ldapvi)
25.1.3    To check the group, click the group drop down box and you should see the group you create using ldapvi, the group is needed for freenas.
25.2    Or using command to check by
25.2.1    click the Shell on freenas gui
25.2.2    type getent passed
25.2.3    it will display the iredmail user.
26    Using this 2 kind of checking. It prove you know how to configure the ldap on iredmail correctly and freenas ldap configuration.
27    -----------------------------------------------configure folder right------------------------------------------------------
28    Create the superuser for folder rights assigned on iredmail (I used postmaster and add its samba attributes)
29    After the necessary users and group have been created in ldap of iredmail.
30    Go to view volumes ->change permission and on user, select the superuser you have created, on group, select the necessary group assign to this folder (group make it more simple on right management)
31    Click on Sharing -> Windows (SMB) and create every share on every dataset, on each share:
31.1    uncheck the Apply Default Permissions, browsable to Network Clients.
31.2    uncheck the Allow Guest Access.
31.3    check the Access Based Share Enumeration and click OK
31.4    Create another top share for top folder which this time
31.4.1    Check the “Apply Default Permissions”
31.4.2    Check the “Browsable to Network Clients”
31.4.3    Uncheck the “Access Based Shared Enumeration” and click OK
32    On windows client, try to access the freenas by type \\<IP address>
33    When it prompt for user and password type <IP address>\superuser (superuser is one you create on step 28 and 30 assigned right on view volume)
34    Click in the top share you created on 31.4 and on every folder you can seen, right click and click “Property”->security->edit remove “everyone” entry and click Apply.
35    After you done, try to login as ordinary user and you can only see folder you have priviledge of.

Hope this can help you

Hi Zhang,
  I now working on the iredldif.py this is a phython script, (i will try) what is the best IDE software to test its syntax?

Thanks
Napoleon

For uidNumber and gidNumber, it's easy to get by Python code. but you need to figure out how to generate others. Especially sambaSID.