[Samba] Samba PDC+LDAP on FreeBSD

jpulz at frm2.tu-muenchen.de jpulz at frm2.tu-muenchen.de
Wed Jan 22 13:29:01 GMT 2003

Hash: SHA1

On Wed, 22 Jan 2003, Ronan Waide wrote:

> On January 22, jpulz at frm2.tu-muenchen.de said:
> > i made some minor changes to the migrationtools to work properly. (some
> > atrribute types are spelled wrong)
> What changes? Seems like it might be worthwhile telling the people on
> this list, if not the people at padl, about the errors.

if you set EXTENDED_SCHEMA=1 in migrate_common.ph
you will get some attribute conflicts and some missed attributes..

okay, here is a short diff of the affected file:

- -->
- --- MigrationTools-44/migrate_passwd.pl Sat Jul  6 23:06:45 2002
+++ MigrationTools-44_mod/migrate_passwd.pl     Tue Dec 17 17:47:12 2002
@@ -122,19 +122,20 @@
                if ($DEFAULT_MAIL_HOST) {
                        print $HANDLE "mailRoutingAddress:
                        print $HANDLE "mailHost: $DEFAULT_MAIL_HOST\n";
- -                       print $HANDLE "objectClass: mailRecipient\n";
+#                      print $HANDLE "objectClass: mailRecipient\n";
                print $HANDLE "objectClass: person\n";
                print $HANDLE "objectClass: organizationalPerson\n";
                print $HANDLE "objectClass: inetOrgPerson\n";

- -       print $HANDLE "objectClass: account\n";
+#      print $HANDLE "objectClass: account\n";
+       print $HANDLE "objectClass: inetLocalMailRecipient\n";
        print $HANDLE "objectClass: posixAccount\n";
        print $HANDLE "objectClass: top\n";

        if ($DEFAULT_REALM) {
- -               print $HANDLE "objectClass: kerberosSecurityObject\n";
+               print $HANDLE "objectClass: krb5Principal\n";

        if ($shadowUsers{$user} ne "") {
@@ -144,7 +145,7 @@

        if ($DEFAULT_REALM) {
- -               print $HANDLE "krbName: $user\@$DEFAULT_REALM\n";
+               print $HANDLE "krb5PrincipalName:

        if ($shell) {

this works perfect for me, but i think it is only necessary if you want to
use EXTENDED_SCHEMA=1 (for integrating mail and kerberos information in
yous ldap-tree)

i will try to explain shortly whats wrong in the original.
hope i will remeber right..

1. you need 'objectClass: inetLocalMailRecipient' to use 'mailHost: ' and
'mailRoutingAddress: ' but this conflicts with 'objectClass: account' so
you must disable/comment out this line.

2. i searched the whole net for a schema file with 'objectClass:
kerberosSecurityObject' and 'krb5PrincipalName: ' in it, but i've found
exactly nothing!!
so decided to replace it with the krb5 stuff from krb5-kdc.schema.
you can see it in the diff above.

here is an example user-account out of my ldap-tree:
- -->
dn: uid=tuser,ou=People,dc=xxx,dc=yy
cn: Test User
telephoneNumber: +22(22)222-22222
roomNumber: Test User Room
givenName: Test
sn: User
mail: tuser at xxx.yy
mailRoutingAddress: tuser at smtp.xxx.yy
mailHost: smtp.xxx.yy
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: inetLocalMailRecipient
objectClass: posixAccount
objectClass: top
objectClass: krb5Principal
objectClass: sambaAccount
userPassword: {crypt}XxXxXxXxXx
krb5PrincipalName: tuser at XXX.YY
loginShell: /bin/csh
uidNumber: 12345
gidNumber: 1234
homeDirectory: /home/tuser
gecos: Test User for LDAP
uid: tuser
pwdLastSet: 999999999
logonTime: 0
logoffTime: 999999999
kickoffTime: 999999999
pwdCanChange: 0
pwdMustChange: 999999999
rid: 12345
primaryGroupID: 1234
homeDrive: H:
smbHome: \\SAMBA_SERVER\tuser
profilePath: \\SAMBA_SERVER\profiles\tuser
scriptPath: logon.bat
description: Test User
displayName: Test User
acctFlags: [U          ]

hope that helps a litlle bit.


btw. i used the Migrationtools version 44. i don't know if there is a
later version wich is already corrected.
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the samba mailing list