[Samba] LDAP integration

Craig White craigwhite at azapple.com
Sun Nov 13 14:08:24 GMT 2005 

On Sun, 2005-11-13 at 13:51 +0000, Antony Gelberg wrote:
> Antony Gelberg wrote:
> > (Craig, thanks for your response.  I'm cc'ing the list as we need to try
> > and resolve this today.  Hope you don't mind.)
> > 
> > Craig White wrote:
> >>----
> >>smbldap-tools should create both the posix user and smb user - the
> >>former being necessary for the latter
> >>----
> > 
> > 
> > I understand the words, but not the sentence.  Another samba/ldap box
> > that we have authenticates the users quite happily, where they have been
> > added to the LDAP directory via cpu.  I understand that with the
> > traditional passdb backend, there is a difference between the posix user
> > and the smb user, hence the need to use smbpasswd to create smb users.
> > 
> > However, I thought that with LDAP, everything is in one place, so I
> > don't quite understand the need for a posix and smb user.  Added to
> > which, it worked for us on another box, as I said above.  If somebody
> > could clarify, we would be grateful.
----
1 account in LDAP having both posixAccount and sambaSamAccount
attributes is exactly the issue and a proper setup of smbldap-tools is
capable of creating both at the same time. You don't need smbldap-tools
to create/edit LDAP accounts but it's a good thing to have in place and
configured properly.
----
> 
> Sorry.  On the box where it worked, I *did* run smbpasswd -a for each
> LDAP user.  I have tried it on the new box and it works.  What I think
> you are saying is that if we use smbldap-tools, it's one step rather
> than the two steps of cpu useradd and smbpasswd -a.
----
yes and it allows you to use Windows native tool usermgr.exe (User
Manager for Domains) to create/edit users if you so choose. Personally,
I don't use this but it is the documented methodology for samba.
----
> 
> Not for the first time, I reflect on how forgetting a little detail can
> waste hours.  Thanks for your help though.  It's much appreciated.
----
it's always the details

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list