sambaAccount LDIF construction
Shanker Balan
shanu at exocore.com
Mon Jan 28 04:37:10 GMT 2002
Hello:
I am in the process of building a web based LDAP management tool which
handles both POSIX accounts and Samba Accounts. Could anyone comment on
whether my "assumptions" are correct for the various sambaAccount
attributes?
All time related attributes are in seconds after the UNIX epoch.
rid = UID + 1000
pwdLastSet = Epoch
logonTime = ? ("0" disables it)
logoffTime = ? ("0" disables it)
kickoffTime = ? ("0" disables it)
pwdCanChange = pwdLastSet + time in secs ("0" disables it)
pwdMustChange = pwdLastSet + time in secs ("0" disables it)
acctFlags = Must be 13 chars long. See lib/smbpasswd.c for Flags
displayName = The name as you want it to appear in "user manager"
smbHome = "logon home"
homeDrive = "logon drive"
scriptPath = "logon script"
profilePath = "logon path"
userWorkstations = <list of machines the user is allowed domain
logons>
primaryGroupID = (GID * 2) + 1001
- In the case of a machine account, the pwdMustChange value is
mandatory and defaults to epoch + 1814400 secs.
- The initial machine account passwords are generated from lowercase
machine name (without the $ prefix).
- Is there anything else different in the case of machine accounts
entries?
- Anything extra reqd for Win2k/XP machine accounts?
- Do I need to maintain primaryGroupID for user and machine accounts?
- What are the values expected for logonTime, logoffTime and
kickoffTime?
It would be great if the Samba-LDAP HOWTO were updated with the above
information too.
Thank you for your time.
-- Shanu
More information about the samba-technical
mailing list