[Samba] Samba and LDAP troubles

Andrew Bartlett abartlet at samba.org
Sat Nov 15 23:58:27 GMT 2003


On Sun, 2003-11-16 at 09:52, SEFEROVIC Edvin wrote:
> Hello.
> 
>  
> 
> I have a LDAP database with user data. For that I use  posixAccout   schema.
> Now I installed Samba 3, and want to use it as a file server ( and wins
> server for network browsing of course ). after I added samba.schema to my
> LDAP database, LDAP wont start anymore.. then I saw that Samba needs SID in
> its schema. My question now is - what number should I enter for SID?? I
> don't use Samba as PDC. Should SID be unique for every user, or equal for
> all of them?

Setup the posix users as you always have, then run 'smbpasswd -a' to add
the Samba part of the users.  That way, you will see how samba likes it
setup.

Then when you start to see the pattern, you can manage them with your
own scripts, if you so desire.  The 'rid' portion (the last bit of the
SID) is uid*2 + 1000, by convention.  It must always be unique.

> Does Samba uses attribute homeDirectory from posixAccount? And will the
> homes be created when users signs on? Are there any scripts for it?

If you have 'obey pam restrictions = yes' set in your smb.conf, you can
use pam_mkhomedir.so for that.

> I have plaintext passwords in my LDAP database, and I read that Samba
> doesn't work with them? Does Samba take the value of passwd for
> authentication? Should I encrypt passwords in LDAP for Samba or leave them
> in plain text?

Please file a bug in bugzilla about the fact that we do not use that
password.  But in the meantime, they need to be encrypted.  There is a
perl module Crypt::SmbHash that does a nice job of this, if you are
using perl ldap scripts.  Otherwise, mkntpwd.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031116/f4378522/attachment.bin


More information about the samba mailing list