[Samba] ldap smbpasswd

Steve Feehan sfeehan at sbb.uvm.edu
Tue Feb 1 15:27:50 GMT 2005


On Tue, Feb 01, 2005 at 09:26:42AM -0500, synrat wrote:
> what in that case do I do with an account that already exists in
> ldap but only needs samba attributes added to it ?

Actually, this works OK for me. I don't use the smbldap-tools 
for account management. I create the posixAccount by hand and
then use 'smbpasswd -a username' to add the sambaSamAccount
attributes.

Also, 'ldap admin dn' only has sufficient privilege to modify 
attributes of the sambaSamAccount objectClass:

access to attrs=sambaSamAccount
	by dn="cn=smbadmin,dc=xxxxxxxxxxx,dc=xxx" write
	by * read

So if the posixAccount doesn't already exist the operation
failes.

Note that I'm new to this too, so don't take anything I say
as gospel.

Steve

> 
> Alex Satrapa wrote:
> >On 1 Feb 2005, at 03:12, synrat wrote:
> >
> >>... when trying smpasswd -a to add samba attributes to ldap account. 
> >>it seems like smbpasswd is trying to
> >>add an entry ...
> >
> >
> >That is what the '-a' option does - tells smbpasswd to add the account, 
> >as documented in the man page.
> >
> >In my setup, if I add a user (using smbldap-tools collection) I can then 
> >set the passwd using "smbpasswd username".
> >
> >Alex
> >
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Steve Feehan


More information about the samba mailing list