[Samba] re: editposix setup

Gunnar Thielebein gunnar at thielebein.net
Thu Dec 20 11:12:35 GMT 2007 

Oh dear,

I apologise for my typo in subject.
Obviously it should mean: EDITPOSIX SETUP.


> Hi,
> 
> i've setup the samba environment like described in the wiki:
> http://wiki.samba.org/index.php/Ldapsam_Editposix
> 
> I can now easily add windows user / machines when using the policies for
> "Administrator".
> 
> I have also setup unix account session auth via libpam_ldap, libnss_ldap
> like described here:
> 
> http://www.gentoo.org/doc/en/ldap-howto.xml
> 
> Some things i dont understand:
> 
> 1. How is the unix password set for the windows users?
> When i su <winusername> it is not accepting the win password.
> I also tried editing the unix password via ldap-account-manager but also
> with no luck.
> 
> Is a unix password set in general when creating new accounts?
> 
> With my unixuseraccounts migrated to ldap via migrationsscipt (the ones
> used in the gentoo article) it is possible to su <username>.
> 
> 2. How do I make a sambadomain user out of such a migrated unix user?
> 
> 3. When creating accounts the user homes per default points to
> /home/domainname/user. How can I change that?
> 
> Thanks for any reply/feedback for my configs
> 
> Gunnar
> 
> my smb.conf:
> ---
> [global]
> #pdc
> netbios name = TIGGER
> workgroup = th-domain
> domain logons = yes
> 
> #path
> logon home = \\%N\%U
> logon path = \\%N\%U\.winprofile
> 
> #password
> encrypt passwords = true
> passdb backend = ldapsam
> 
> #ldap
> ldap suffix = dc=th-domain,dc=lan
> ldapsam:trusted = yes
> ldapsam:editposix = yes
> ldap admin dn = cn=admin,dc=th-domain,dc=lan
> ldap delete dn = yes
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap user suffix = ou=peoples
> ldap idmap suffix = ou=idmap
> 
> #idmap
> idmap domains = th-domain
> idmap config th-domain:backend = ldap
> idmap config th-domain:readonly = no
> idmap config th-domain:default = yes
> idmap config th-domain:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
> idmap config th-domain:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
> idmap config th-domain:ldap_url = ldap://localhost
> idmap config th-domain:range = 50000-500000
> idmap alloc backend = ldap
> idmap alloc config:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
> idmap alloc config:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
> idmap alloc config:ldap_url = ldap://localhost
> idmap alloc config:range = 50000-500000
> 
> #logging
> log level = 1
> ---
> my nsswitch/pam /etc/ldap.conf
> ---
> ssl off
> suffix "dc=th-domain,dc=lan"
> uri ldap://localhost
> pam_password exop
> 
> rootbinddn "cn=root,dc=th-domain,dc=lan"
> 
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> pam_member_attribute memberuid
> nss_base_passwd ou=peoples,dc=th-domain,dc=lan
> nss_base_shadow ou=peoples,dc=th-domain,dc=lan
> nss_base_group  ou=groups,dc=th-domain,dc=lan
> nss_base_hosts  ou=hosts,dc=th-domain,dc=lan
> 
> scope one
> ----
> 
>

More information about the samba mailing list