[Samba] Samba-3.0.2 PDC LDAP: Add computer to domain issuewithsmbldap-tools

RRuegner robert at ruegner.org
Thu Feb 26 13:57:11 GMT 2004 

Hi David,
the users groups accounts are in ldap no entry to passwd is needed , cause
the samba host machine will simply ask the local ldap for accounts
if you use the populate script from source ( dont forget to edit the conf to
your fits ) and do the right entries in nsswith.conf
i.e
passwd: ldap files
group:  ldap files
shadow: ldap files
you need to have nsslib

there may be other setups ( described in man samba ) but this is the quick
working way i had tested
with suse 9 and samba 3.0.2a

All basic needs will be created by
smbldap-populate.pl, edit smbldap_conf.pm to have the right entries
be sure that all files are in /usr/local/sbin/ ( this is coded in the files
so you have to use this or your are some genius in perl and can change it)
afterwards you will have users , groups, computers and Administrator,nobody
account in Ldap.
the group mapping should be right
i added first a root account like /usr/local/sbin/smbldap-useradd.pl -a  -P
root

/usr/local/sbin/smbldap-useradd.pl -help give you this
Usage: smbldap-useradd.pl [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]

The following single-character options are accepted:
        With arguments: -G -u -g -d -s -c -k -A -B -C -D -E -F -H -N -S
        Boolean (without arguments): -a -n -m -w -P -?

Options may be merged together.  -- stops processing of options.
Space is not required between options and their arguments.

For more details run
        perldoc -F /usr/local/sbin/smbldap-useradd.pl
  [Now continuing due to backward compatibility and excessive paranoia.
   See ``perldoc Getopt::Std'' about $Getopt::Std::STANDARD_HELP_VERSION.]
Usage: /usr/local/sbin/smbldap-useradd.pl [-awmugdsckGPABCDEFH?] username
  -a    is a Windows User (otherwise, Posix stuff only)
  -w    is a Windows Workstation (otherwise, Posix stuff only)
  -u    uid
  -g    gid
  -G    supplementary comma-separated groups
  -n    do not create a group
  -d    home
  -s    shell
  -c    gecos
  -m    creates home directory and copies /etc/skel
  -k    skeleton dir (with -m)
  -P    ends by invoking smbldap-passwd.pl
  -A    can change password ? 0 if no, 1 if yes
  -B    must change password ? 0 if no, 1 if yes
  -C    sambaHomePath (SMB home share, like '\\PDC-SRV\homes')
  -D    sambaHomeDrive (letter associated with home share, like 'H:')
  -E    sambaLogonScript (DOS script to execute on login)
  -F    sambaProfilePath (profile directory, like '\\PDC-SRV\profiles\foo')
  -H    sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')
  -N    canonical name
  -S    surname
  -?    show this help message

add this to your smb.conf

 add user script = /usr/local/sbin/smbldap-useradd.pl -a -m -P "%u"
   ldap delete dn = Yes
   delete user script = /usr/local/sbin/smbldap-userdel.pl -r "%u"
   add machine script = /usr/local/sbin/smbldap-useradd.pl -w "%u"
   add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"
   delete group script = /usr/local/sbin/smbldap-groupdel.pl "%g"
   add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m "%u"
"%g"
   delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x
"%u" "%g"
   set primary group script = /usr/local/sbin/smbldap-usermod.pl -g "%g"
"%u"

so everything should be ok with that.
if you have a runnig ldap try to create a ldif and make ldapadd to integrate
the samba schema attribs to your existing ldap accounts.

a nice freeware tool to check ldap from windows clients
 Softerra LDAP Browser 2.5.3
Hope this helps
consult this sides for further infos
http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
http://www.idealx.org/prj/samba/smbldap-tools.en.html#htoc14
Regards Robert

----- Original Message ----- 
From: "David Wilson" <dave at dcdata.co.za>
To: "RRuegner" <robert at ruegner.org>
Cc: <samba at lists.samba.org>
Sent: Thursday, February 26, 2004 2:30 PM
Subject: Re: [Samba] Samba-3.0.2 PDC LDAP: Add computer to domain
issuewithsmbldap-tools



> Hi Robert,
>
> Thank you kindly for your response.
> Before I run /usr/local/sbin/smbldap-useradd.pl -w "%u", do I need to
> have the computer account in /etc/passwd ? e.g.
> useradd -s /bin/false -g computers pc1$ ?
>
>
> Thank you for your assistance so far.
>
> -- 
>
> Many thanks and kind regards,
>
> David Wilson
> D c D a t a
> +27 33 3427003
> +27 82 4147413
> http://www.dcdata.co.za
> support at dcdata.co.za
> KZN's first and only pure Linux solution provider
> ____________________________________________________
> LinuxBox S.A.: Africa's shell provider.
> Powered by Linux and DcData - driven by passion !
> http://www.linuxbox.co.za
>

More information about the samba mailing list