samba3.0.1rc3 with smbladp-tools and MS Usermanger

Hansjörg Maurer hansjoerg.maurer at
Sat Nov 15 17:20:28 GMT 2003


I have some minor problems, testing samba 3.0 with LDAP and MS 
Usermanger for Domains.
Most Parts work better than I have ever seen.

But when I add a new user  oder when I delete a user,
on the windows side (usermanager for domains)
there is an error about permission denied.
But the operation is performed.
A refresh in the usermaneger shows it.

I am not sure, if I have the right settings for the user scripts in smb.conf
eg, do I have to add a user with the -a optione in ??
Attached are my settings.

I am not sure about the point, if I need
ldap passwd sync = yes
unix password sync = Yes

Same with
ldap delete dn = yes
delete user script

I think using samba with ldap and smbldap is a very common setting.
This might be worth to write a subchapter in the Samba Howto Collection.

I also tried to include the well known MS Groups (with RID via net groupmap)
and the well known MS users (Domain Admin ...).
And I am not sure how to do it right.
For example the Domain Admin needs RID 500.
I added a user with this RID.
Is this a Problem with the RID UID mapping??
What UID do I have to assign to him...?

I only have ldap as backend and no user root in ldap.
With what username do I have to connect from the windows-side to have 
modify the userdatabase.
Do I have to add root to smbpasswd and add smbpasswd to the passwd backends?

If somebody can answer this questions,
and the authors thinks, it will be helpfull
I can submit a small subchapter to the howto collection in oder to
set up a Samba PDC with smbldap-tools and an initial contents of the 
in the right way.
Thank you

Hansjörg Maurer

ldap delete dn = yes
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = ou=Users,dc=itsd,dc=de
ldap passwd sync = yes
add user script = /usr/local/sbin/   "%u"
add user to group script =  /usr/local/sbin/ -m "%u" "%g"
delete user from group script =  /usr/local/sbin/ -x  
"%u" "%g"
set primary group script =  /usr/local/sbin/ -g "%g" "%u"
delete user script =  /usr/local/sbin/ "%u"
add group script =  /usr/local/sbin/  "%g"
delete group script =  /usr/local/sbin/ "%g"
add machine script = /usr/local/sbin/ -w  "%m"
passwd program = /usr/local/sbin/  "%u"
passwd chat = *ew*password* %n\n *new*password* %n\n *
unix password sync = Yes

Dr. Hansjörg Maurer
itsystems Deutschland AG
Linprunstr. 10
D-80335 München
Ph/Fax +49 89 52 04 68-41/-59

More information about the samba-technical mailing list