samba3.0.1rc3 with smbladp-tools and MS Usermanger

[Hansjörg Maurer]

Hi,

I have some minor problems, testing samba 3.0 with LDAP and MS 
Usermanger for Domains.
Most Parts work better than I have ever seen.
great!!

But when I add a new user  oder when I delete a user,
on the windows side (usermanager for domains)
there is an error about permission denied.
But the operation is performed.
A refresh in the usermaneger shows it.

I am not sure, if I have the right settings for the user scripts in smb.conf
eg, do I have to add a user with the -a optione in smbldap-useradd.pl ??
Attached are my settings.

I am not sure about the point, if I need
ldap passwd sync = yes
and
unix password sync = Yes
together

Same with
ldap delete dn = yes
and
delete user script

I think using samba with ldap and smbldap is a very common setting.
This might be worth to write a subchapter in the Samba Howto Collection.

I also tried to include the well known MS Groups (with RID via net groupmap)
and the well known MS users (Domain Admin ...).
And I am not sure how to do it right.
For example the Domain Admin needs RID 500.
I added a user with this RID.
Is this a Problem with the RID UID mapping??
What UID do I have to assign to him...?

I only have ldap as backend and no user root in ldap.
With what username do I have to connect from the windows-side to have 
access
modify the userdatabase.
Do I have to add root to smbpasswd and add smbpasswd to the passwd backends?


If somebody can answer this questions,
and the authors thinks, it will be helpfull
I can submit a small subchapter to the howto collection in oder to
set up a Samba PDC with smbldap-tools and an initial contents of the 
directory
in the right way.
 
Thank you

Hansjörg Maurer






ldap delete dn = yes
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = ou=Users,dc=itsd,dc=de
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd.pl   "%u"
add user to group script =  /usr/local/sbin/smbldap-groupmod.pl -m "%u" "%g"
delete user from group script =  /usr/local/sbin/smbldap-groupmod.pl -x  
"%u" "%g"
set primary group script =  /usr/local/sbin/smbldap-usermod.pl -g "%g" "%u"
delete user script =  /usr/local/sbin/smbldap-userdel.pl "%u"
add group script =  /usr/local/sbin/smbldap-groupadd.pl  "%g"
delete group script =  /usr/local/sbin/smbldap-groupdel.pl "%g"
add machine script = /usr/local/sbin/smbldap-useradd.pl -w  "%m"
passwd program = /usr/local/sbin/smbldap-passwd.pl  "%u"
passwd chat = *ew*password* %n\n *new*password* %n\n *
unix password sync = Yes




-- 
Dr. Hansjörg Maurer
itsystems Deutschland AG
Linprunstr. 10
D-80335 München
Ph/Fax +49 89 52 04 68-41/-59