[Samba] LDAP integration

Craig White craigwhite at azapple.com
Sun Nov 13 14:08:24 GMT 2005

On Sun, 2005-11-13 at 13:51 +0000, Antony Gelberg wrote:
> Antony Gelberg wrote:
> > (Craig, thanks for your response.  I'm cc'ing the list as we need to try
> > and resolve this today.  Hope you don't mind.)
> > 
> > Craig White wrote:
> >>----
> >>smbldap-tools should create both the posix user and smb user - the
> >>former being necessary for the latter
> >>----
> > 
> > 
> > I understand the words, but not the sentence.  Another samba/ldap box
> > that we have authenticates the users quite happily, where they have been
> > added to the LDAP directory via cpu.  I understand that with the
> > traditional passdb backend, there is a difference between the posix user
> > and the smb user, hence the need to use smbpasswd to create smb users.
> > 
> > However, I thought that with LDAP, everything is in one place, so I
> > don't quite understand the need for a posix and smb user.  Added to
> > which, it worked for us on another box, as I said above.  If somebody
> > could clarify, we would be grateful.
1 account in LDAP having both posixAccount and sambaSamAccount
attributes is exactly the issue and a proper setup of smbldap-tools is
capable of creating both at the same time. You don't need smbldap-tools
to create/edit LDAP accounts but it's a good thing to have in place and
configured properly.
> Sorry.  On the box where it worked, I *did* run smbpasswd -a for each
> LDAP user.  I have tried it on the new box and it works.  What I think
> you are saying is that if we use smbldap-tools, it's one step rather
> than the two steps of cpu useradd and smbpasswd -a.
yes and it allows you to use Windows native tool usermgr.exe (User
Manager for Domains) to create/edit users if you so choose. Personally,
I don't use this but it is the documented methodology for samba.
> Not for the first time, I reflect on how forgetting a little detail can
> waste hours.  Thanks for your help though.  It's much appreciated.
it's always the details


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list