sambaAccount LDIF construction
shanu at exocore.com
Mon Jan 28 04:37:10 GMT 2002
I am in the process of building a web based LDAP management tool which
handles both POSIX accounts and Samba Accounts. Could anyone comment on
whether my "assumptions" are correct for the various sambaAccount
All time related attributes are in seconds after the UNIX epoch.
rid = UID + 1000
pwdLastSet = Epoch
logonTime = ? ("0" disables it)
logoffTime = ? ("0" disables it)
kickoffTime = ? ("0" disables it)
pwdCanChange = pwdLastSet + time in secs ("0" disables it)
pwdMustChange = pwdLastSet + time in secs ("0" disables it)
acctFlags = Must be 13 chars long. See lib/smbpasswd.c for Flags
displayName = The name as you want it to appear in "user manager"
smbHome = "logon home"
homeDrive = "logon drive"
scriptPath = "logon script"
profilePath = "logon path"
userWorkstations = <list of machines the user is allowed domain
primaryGroupID = (GID * 2) + 1001
- In the case of a machine account, the pwdMustChange value is
mandatory and defaults to epoch + 1814400 secs.
- The initial machine account passwords are generated from lowercase
machine name (without the $ prefix).
- Is there anything else different in the case of machine accounts
- Anything extra reqd for Win2k/XP machine accounts?
- Do I need to maintain primaryGroupID for user and machine accounts?
- What are the values expected for logonTime, logoffTime and
It would be great if the Samba-LDAP HOWTO were updated with the above
Thank you for your time.
More information about the samba-technical