AW: [Samba] Samba and LDAP troubles

SEFEROVIC Edvin edvin.seferovic at kolp.at
Sun Nov 16 00:39:34 GMT 2003 

Hello Andrew,

thx for ur help.. but...

when I add the schema to LDAP, it uses the UID from posixAccount schema and
the daemon wont start... and therefore I am not able to use smbpasswd -a..

any other ideas?

Sincerely,

Edvin SEFEROVIC

-----Ursprüngliche Nachricht-----
Von: Andrew Bartlett [mailto:abartlet at samba.org] 
Gesendet: Sonntag, 16. November 2003 00:58
An: SEFEROVIC Edvin
Cc: Samba Mailing List
Betreff: Re: [Samba] Samba and LDAP troubles

On Sun, 2003-11-16 at 09:52, SEFEROVIC Edvin wrote:
> Hello.
> 
>  
> 
> I have a LDAP database with user data. For that I use  posixAccout
schema.
> Now I installed Samba 3, and want to use it as a file server ( and wins
> server for network browsing of course ). after I added samba.schema to my
> LDAP database, LDAP wont start anymore.. then I saw that Samba needs SID
in
> its schema. My question now is - what number should I enter for SID?? I
> don't use Samba as PDC. Should SID be unique for every user, or equal for
> all of them?

Setup the posix users as you always have, then run 'smbpasswd -a' to add
the Samba part of the users.  That way, you will see how samba likes it
setup.

Then when you start to see the pattern, you can manage them with your
own scripts, if you so desire.  The 'rid' portion (the last bit of the
SID) is uid*2 + 1000, by convention.  It must always be unique.

> Does Samba uses attribute homeDirectory from posixAccount? And will the
> homes be created when users signs on? Are there any scripts for it?

If you have 'obey pam restrictions = yes' set in your smb.conf, you can
use pam_mkhomedir.so for that.

> I have plaintext passwords in my LDAP database, and I read that Samba
> doesn't work with them? Does Samba take the value of passwd for
> authentication? Should I encrypt passwords in LDAP for Samba or leave them
> in plain text?

Please file a bug in bugzilla about the fact that we do not use that
password.  But in the meantime, they need to be encrypted.  There is a
perl module Crypt::SmbHash that does a nice job of this, if you are
using perl ldap scripts.  Otherwise, mkntpwd.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list