[Fwd: Re: [Samba] posixAccount for Machines in LDAP?]
kent at www.warehamportal.mec.edu
kent at www.warehamportal.mec.edu
Tue Jul 13 20:55:16 GMT 2004
---------------------------- Original Message ----------------------------
Subject: Re: [Samba] posixAccount for Machines in LDAP?
From: kent at www.warehamportal.mec.edu
Date: Tue, July 13, 2004 4:54 pm
To: "Paul Gienger" <pgienger at ae-solutions.com>
--------------------------------------------------------------------------
Thanks for getting back to me, Paul.
Here's the domain controllers smb.conf
[global]
workgroup = WarehamPS
encrypt passwords = Yes
time server = Yes
socket options = TCP_NODELAY
security = user
logon script = whs1.bat
writable = Yes
dns proxy = no
directory mask = 02770
preferred master = yes
netbios name = WHS1
server string = RedHat 8.0 LDAP Server
passdb backend = ldapsam
ldap passwd sync = Yes
machine password timeout = 604800
passwd program = /usr/local/samba/bin/smbpasswd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba.%m
debug level = 2
max log size = 50
add user script = /usr/local/sbin/smbldap-useradd.pl %u
delete user script = /usr/local/sbin/smbldap-useradd.pl %u add
group script = /usr/local/sbin/smbldap-groupadd.pl
delete group script = /usr/local/sbin/smbldap-groupdel.pl
add machine script = /usr/sbin/useradd -c "Computer" -d /dev/null
-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m
%u
logon script = whs1.bat
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = Yes
admin users = @domain_admins
wins support = Yes
name resolve order = wins hosts bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no
[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
hide files = /.*/
[netlogon]
comment = Netlogon share
root preexec = /usr/local/samba/sbin/prelogon.pl %U
path = /usr/local/samba/netlogon
locking = no
browseable = no
read only = yes
hide files = /*.dll/*.rap/*.kix/*.bat/
[staff]
comment = Staff Directory
path = /accounts/common
browseable = no
create mode = 0660
valid users = @whsstaff
write list = @whsstaff
force group = whsstaff
[programs]
comment = Programs
path = /accounts/programs
valid users = @whsstaff
browseable = no
[adm-pgms$]
comment = Admin Programs
path = /accounts/adm_pgms
browseable = no
valid users = @techstaff
write list = @techstaff
force group = techstaff
create mode = 0660
[images$]
comment = Ghost image files
path = /accounts/images
browseable = no
force group = techstaff
create mode = 0660
valid users = @techstaff
write list = @techstaff
[cafeteria]
path = /accounts/cafeteria/data
browseable = no
valid users = @whs-cafe
force group = whs-cafe
create mode = 0660
directory mode = 0770
[printers]
comment = All Printers
path = /var/spool/samba
valid users = @whsstaff, @techstaff
read only = Yes
printable = Yes
browseable = No
[hp8100]
path = /tmp
comment = HP8100 Laser
browseable = yes
writable = no
printable = yes
printer name = hp8100
[tricker]
path = /accounts/whsart/tricker
comment = WHS Art students
browseable = No
valid users = +tricker
write list = +tricker
force group = tricker
create mode = 0660
directory mode = 0770
[gunnels]
path = /accounts/whsart/gunnels
comment = WHS Art students
browseable = No
valid users = +gunnels
write list = +gunnels
force group = gunnels
create mode = 0660
directory mode = 0770
[einstein]
path = /accounts/whsart/einstein
comment = WHS Art students
browseable = No
valid users = +einstein
write list = +einstein
force group = einstein
create mode = 0660
[PCA]
comment = PC Analyzer files
path = /usr/local/samba/PCAnalyser
browseable = no
force group = techstaff
directory mode = 0770
create mode = 0770
Kent
Wareham Public Schools
> kent at www.warehamportal.mec.edu wrote:
>
>>Hello,
>>I have a question about machine accounts.
>>I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
RedHat machines.
>>I also have 3 slave/BDC's and 1 master/PDC
>>
>>Right now all of my users and groups exist entirely in the LDAP
>> directory.
>>I have a few accounts in addition to the normal system accounts that are
used for emergency access. All authention and group enumeration uses
PAM_LDAP with NSS_LDAP.
>>
>>My question is that when I have a machine join the domain, in the LDAP
directory an objectclass Account and sambaSAMAccount are created. I
still need to create a machine account in /etc/passwd for this to
happen. Is there anyone out there that is first creating a posixAccount
with appropriate attributes in LDAP then using the Samba/Windows to
generate the sambaSAMAccount object and attributes in LDAP also?
>>
>>
> You shouldn't need anything in /etc/passwd. Perhaps by posting an
smb.conf you could be pointed in the right direction.
>
>>I was so happy to get all of the user/group stuff consolidated into the
directory. Now I see that this is a possibility also but I haven't tried
it.
>>
>>Kent N
>>Wareham Public Schools
>>
>>
>>
>
> --
> Paul Gienger Office: 701-281-1884
> Applied Engineering Inc. Cell: 701-306-6254
> Information Systems Consultant Fax: 701-281-1322
> URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
>
>
>
More information about the samba
mailing list