[Samba] Re: last ldap question ;-)

jamrock news_jamrock at yahoo.com
Sat Jul 31 13:59:34 GMT 2004 

"Kiryl Hakhovich" <administrator at bsolution.net> wrote in message
news:4106CD38.3020201 at bsolution.net...
> Ok guys,
>
> i'm giving up. To clarify this whole thing for me please tell me:
>
> if you have ldap and samba configured together do you still need to have
> local accounts in /etc/passwd in order to use smbpasswd or pdbedit
> utility?  (_fact_: smbldap-useradd.pl using them anyway _fact_)
>
> Thank you.
>
> Sincerely,
> Kiryl.


I will tell you what I have found so far.  I still have some learning to do
on this.

Linux needs to recognize Samba users as Linux users.  They are Samba users,
but they are using resources on the Linux box.

If you use LDAP and /etc/passwd then Linux is happy.  If you transfer the
/etc/passwd (POSIX) info. to LDAP and tell Linux to use LDAP for
authentication, Linux is happy.

Both approaches allow Linux to see the Samba users as Linux users.  Note
that you will need to create the Linux and Samba accounts when you add
users.  The automatic creation of the Linux users can be done by using an
adduser script.

www.padl.com has tools for transferring   /etc/passwd and /etc/group
information into LDAP.

You can put an add user script in your smb.conf file which will tell Samba
to add the users to the Linux box when it creates the Samba account.  My add
user script adds the users to /etc/passwd.  I use the useradd command.

It is my understanding, (I haven't tried it yet), that the adduser script
from Idealx will add the user information to LDAP when Samba creates the
Samba users.  You should therefore use this adduser script if you want to
keep the Linux (POSIX) user information in LDAP.

I use the NT User Manager to add users from a Windows XP/2000 client.  It
creates the Samba account and the Linux account. I have not been able to
automatically add the Linux user accounts using the smbpasswd command.

>From what I have read there is an advantage to keeping your Linux account
information in LDAP.  If you want to use a Samba BDC, all the user
information will be transferred to the BDC when you replicate the LDAP
database to the BDC.

If you don't do this, you will have to synchronize the /etc/passwd files
from the PDC to the BDC.

I can recommend two books:

LDAP System Administration by Gerald Carter
Samba-3 By Example by John Terpstra

Both are members of the Samba development team.

More information about the samba mailing list