[Samba] SMB+LDAP Question ...
bgmilne at cae.co.za
Wed Jan 15 17:06:01 GMT 2003
C.Lee Taylor wrote:
>> AFAIK, just sambaAccount and related items.
> Mmm, you see, if you have the /etc/passwd entery and do a smbpasswd
> -a -m with LDAP, it creates the sambaAccount stuff in LDAP, but if I
> delete the /etc/passwd without moving it into LDAP, the computer will
> not logon the PDC/Network.
So are you saying you have machines that are in LDAP, have no
posixAccount in LDAP, no entry in smbpasswd, but have an entry in passwd?
> So now I have a few machine accounts which I want to move into LDAP,
> so I would like to know what I need, at least from and LDAP point of
> view ...
>> In the end, in 2.2.x and non-NUA sam backends in 3.0alpha, you need the
>> following to work on any DC:
>> $ getent passwd <machine>$
>> So, on your DCs, you either need a unix account for the machine in
>> /etc/passwd, or an LDAP account with posixAccount and sambaAccount
> Okay, but what does Samba 2.2 need with posixAccount? I mean, it
> does not need a homedir for anything. It does not need the Unix
> password stuff. I currently use the gid, but if it's in LDAP, I don't
> think I need that either.
But gidNumber is an attribute of posixAccount, as is uid (and
uidNumber). getent passwd won't return (under normal circumstances) an
LDAP entry that doesn't have objectclass:posixAccount. AFAIK, samba
checks the equivalent c call (getpwent) unless using one of the NUA
>> BTW, see examples/LDAP/import_smbpasswd.pl in the samba docs if you
>> hanen't yet. Should work for importing machine accounts.
> But I would think that "import_smbpasswd.pl" is for importing
> smbpasswd, I need to bring in the passwd, that is why I am asking ...
Well, what you *realy* want is LDAP acounts for machines that exist in
smbpasswd but not in LDAP? Extract the entries from smbpasswd for those
machines, and then run the script ...
On Mandrake, that would be:
$ /usr/share/samba/scripts/import_smbpasswd.pl < /path/to/modified/smbpasswd
Anyway, we've had some issues migrating DCs ... am not entirely
convinced smbpasswd -S really works ... but it could be other issues. At
least when we are done, we will know that nothing more resides in files,
since the new machine does everything via LDAP.
|--------------Another happy Mandrake Club member--------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
More information about the samba