[Samba] Samba, LDAP, PDC and udding users

Diego Rivera lrivera at racsa.co.cr
Sun Nov 24 06:51:01 GMT 2002


Hi all!

I've had a lot of success setting up Samba PDC's using the LDAP-SAM
backend, and got password sync working between Unix (LDAP) passwords and
Samba passwords.

I can also have other Linux boxes use Winbind to auth vrs. the PDC and
thus achieve the same password sync functionality (i.e., Samba changes
both PAM and Samba passwords, as well as checking them).  Naturally,
this also works for Windows machines (i.e., user changes his windows
password and his Unix password is likewise synched).

This all works fine, but I have a couple of questions regarding stuff
I've seen around here, but have not seen in "stable" versions yet:

1) I remember seeing something like "add machine script" similar to the
"add user script" - or a mention to it - to allow separate mechanics for
Machine account adding and User account adding.  How hard does anybody
think it would be to add this config file parameter and the
corresponding implementation?  Would it be worth it seeing as this is
likely to be included in 3.0?

2) Is it currently possible to have Samba check for machine accounts
under a different LDAP branch than user accounts?  This would ease admin
and maintenance of the machine account set, for obvious reasons.  Is
this planned for 3.0?  How hard does anybody think it would be to add
two config parameters: "ldap user suffix" and "ldap machine suffix" to
allow Samba to do this?  Again - is this worth it seeing as this could
be postponed to 3.0?

3) Are there any plans for calculating the user/machine SID based on the
Unix uid?  i.e., so that when Winbind gets the user list from a PDC, it
can use PDC-provided Userid's (eliminating the first-come first-served
UID assignment currently being used)?

I'd like to contribute to these - but I need a couple of pointers:

1) Where do I find the implementation of the call to "add user script"
and the corresponding reading of the config value?

2) Where do I find the implementation of the LDAP code which uses "ldap
suffix", and the code which finds user/machine accounts in LDAP?

3) Any additional advice/tips?

Best

Diego




More information about the samba mailing list