[Samba] Samba+LDAP PDC - A few questions.

Collins, Kevin KCollins at nesbittengineering.com
Mon Jun 2 15:43:46 GMT 2003


Ok, I've got a Samba/LDAP PDC built.  I've got my groups added and even have
users in those groups.  But now I have a few administrative questions.

If these questions have be simple answers, be gentle - I'm a newbie.

1). How do I/Can I script the installation of a generic password into these
accounts?  I'm looking to put some common password in for all users and then
allow the users to change it once they log into the new server/domain.  I
don't see a method of doing so with 'smbldap-passwd.pl'.

2). I used the following command to add all of my users to the LDAP
Directory:

'smbldap-useradd.pl -a -m -A 1 -G <group1>,<group2> >username<'

This successfully created the users, their home folders and placed them in
their groups, but it did not change the value for "pwdCanChange" in the LDAP
directory, as shown by 'smbldap-usershow.pl'. I want the users to be able to
change their own passwords - at any time - is there something I did wrong
when creating the user account?

3). I want every user's password to expire on a 90-cycle.  I think I see a
slot in the LDAP directory for such an option - pwdMustChange, but by
default is set to a huge number - 2147483647.  First, what number does that
represent?  Seconds? Minutes? Days? Months?  I've watched it for the past
week and it hasn't changed.  Which leads me to my next question, will
changing this number to "O" actually cause the respective password to
expire?  Will setting this number to "90" (or what ever representation
needed) allow a 90 day cycle?  If not, what must I do to have this 90 day
cycle?

4). By default, there are fields in the directory for "displayName" and
"description" that are both set to "System User".  Can I change either/both
(at least "description") to what ever I want while creating the user
account?  I couldn't find a switch in 'smbldap-useradd.pl' to allow that.  I
guess I could script it using 'smbldap-usermod.pl', but would prefer it to
be done as one step.


--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.



More information about the samba mailing list