[Samba] Samba+LDAP PDC - A few questions.
NSC - NetworkServiceCenter
nsc at fh-stpoelten.ac.at
Tue Jun 3 08:57:43 GMT 2003
hi kevin,
> 1). How do I/Can I script the installation of a generic password into
> these accounts? I'm looking to put some common password in for all
> users and then allow the users to change it once they log into the new
> server/domain. I don't see a method of doing so with
> 'smbldap-passwd.pl'.
write your own shellscript that uses smbldap-useradd.pl, add the features
you need and use this script to create user!
> 2). I used the following command to add all of my users to the LDAP
> Directory:
>
> 'smbldap-useradd.pl -a -m -A 1 -G <group1>,<group2> >username<'
>
> This successfully created the users, their home folders and placed them
> in their groups, but it did not change the value for "pwdCanChange" in
> the LDAP directory, as shown by 'smbldap-usershow.pl'. I want the users
> to be able to change their own passwords - at any time - is there
> something I did wrong when creating the user account?
sorry, but i don't know smbldap-useradd.pl - i wrote my own admintools!
> 3). I want every user's password to expire on a 90-cycle. I think I
> see a slot in the LDAP directory for such an option - pwdMustChange,
> but by default is set to a huge number - 2147483647. First, what
> number does that represent? Seconds? Minutes? Days? Months? I've
> watched it for the past week and it hasn't changed. Which leads me to
> my next question, will changing this number to "O" actually cause the
> respective password to expire? Will setting this number to "90" (or
> what ever representation needed) allow a 90 day cycle? If not, what
> must I do to have this 90 day cycle?
this number is a unix timestamp - the seconds since 1.1.1970!
the solution is: enable passwordsync and as program use a shellscript that
creates the timestamp (90 days are 7776000 seconds) and insert this with
ldapmodify into the attr pwdMustChange of the user!
-> let DAYINFUTURE=$(/bin/date +%s)+7776000
> 4). By default, there are fields in the directory for "displayName" and
> "description" that are both set to "System User". Can I change
> either/both (at least "description") to what ever I want while creating
> the user account? I couldn't find a switch in 'smbldap-useradd.pl' to
> allow that. I guess I could script it using 'smbldap-usermod.pl', but
> would prefer it to be done as one step.
sorry, but once again: i don't know smbldap-useradd.pl - i wrote my own
admintools and they do what i want ;-)
i hope it was a little help
greetings
thomas reisenbichler
More information about the samba
mailing list