LDAP and NT PDC

Kevin Myer kevin_myer at elanco.k12.pa.us
Wed May 26 13:57:22 GMT 1999 

Hi,

I am looking at overhauling our systems setup and replacing several
disparate database systems (/etc/passwd, NT login info, email, etc.) with
one centralized LDAP server system.  I have the CVS source and am running
Samba 2.1.0-prealpha with LDAP enabled.  I have gotten around needing
local user accounts and machine accounts in the /etc/passwd file by using
the nss_ldap module and populating my LDAP directory with a few entries.
However, I have run into a chicken and egg sort of scenario - I can't seem
to add accounts if I'm not administrator but I don't know what LDAP entry
to create for the administrator.

(Someone please point me to the right mailing list if this is off topic by
the way).

I do know that Samba is attempting to use my LDAP server for credentials.
However, I guess what I am asking is how do I initially populate the LDAP
directory with the proper information?

I have one entry for myself like so:

uid=myer,ou=People,dc=elanco,dc=k12,dc=pa,dc=us
uid=myer
cn=myer
krbname=myer at elanco.k12.pa.us
objectclass=person
objectclass=organizationalPerson
objectclass=inetOrgPerson
objectclass=account
objectclass=posixAccount
objectclass=SambaAccount
sn=myer
mail=myer at elanco.k12.pa.us
userpassword={crypt}RdsXfy1wRkCgg
loginshell=/bin/bash
uidnumber=500
gidnumber=101
homedirectory=/home/myer

This was generated by using the MigrationTools scripts to move stuff from
the typical UNIX flat file records (/etc/passwd, et al) to the LDAP
directory for use with the nss_ldap module.  I manually added the object
class sambaaccount later because smbpasswd complained about it not
exisiting.

With the above record, I get:

[root at gneiss bin]# ./smbpasswd myer
New SMB password:
Retype new SMB password:
Missing ntuid
Failed to find entry for user myer.
Failed to change password entry for myer

I could manually add an ntuid attribute but I suspect these should be
generated by the PDC, not manually by me.  So I guess I will focus my
quesiton even more and ask:  what LDAP entries will Samba generate (not
modify) and what LDAP entries and attributes do I need to have
pre-existing?

If there is a FAQ on LDAP and Samba, please point me to it if this is a
FAQ.  I have read the LDAP Support in Samba and it says I should be able
to use the normal smbpasswd to add accounts but as witnessed above, I'm
doing something wrong or missing some switch or LDAP attribute.

If anyone would be so kind as to point me to a resource that has a
detailed overview of LDAP and Samba, I'd greatly appreciate it (or if
you've implimented it yourself, and could spare a few minutes to explain
the setup, even better).

Thanks,

Kevin


-- 
     ~        Kevin M. Myer
    . .       Network/System Administrator
    /V\       ELANCO School District
   // \
  /(   )\
   ^`~'^

More information about the samba-ntdom mailing list