[Samba] Samba3 & LDAP Can't join domain with Win2k Pro
Jean-Marc Pouchoulon
jean-marc.pouchoulon at ac-montpellier.fr
Tue Oct 21 21:57:35 GMT 2003
Bonsoir,
So when i create an user account with the script from IdealX
(smbldap-useradd.pl), i can log with this user on my Linux Box it's
normal,
but if i want to use this account on Samba Network i have to create the
same
account in /etc/passwd with useradd ?
use pdbedit -a username to add samba attribute to the user ( the user
must exist in the backend - ldap for me ).
So i have to create a root account too in my Ldap ? And an Administrator
Account in my /etc/passwd ?
Have a look at http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
"""
In the [SAMBA_3_0] and [HEAD] only a few basic entries are required:
nobody and administrator BUT an account with uidNumber=0 (root or
administrator) MUST be present if you need add XP/W2K ws. The reason:
an administrative account is demanded in the ws side in the join
process, and that account must have a uidNumber=0 in the unix world.
Remember that in the ldapsam backend the rid mapping is algorthmic
based: rid='2*uidNumber+1000' and primaryGroup='2*uidNumber+100+1', so a
root or any administrative account must have a rid of 1000, and a
sambaSID like:
sambaSID: S-1-5-21-298858960-1863792627-3661451959-1000
sambaPrimaryGroupSID: S-1-5-21-298858960-1863792627-3661451959-1001
The root/administrator (uidNumber=0) SHOULD be present in the NT's
Admins group (rid=512).
"""
Jean-Marc.
More information about the samba
mailing list