[Samba] samba3 and heimdal: both using ldap as backends
Gémes Géza
geza at kzsdabas.sulinet.hu
Mon Mar 20 11:25:56 GMT 2006
Andreas Hasenack i'rta:
> Em Dom 19 Mar 2006 02:58, Gémes Géza escreveu:
>
>>>> An example ldif:
>>>>
>>>> dn: uid=test,ou=users,dc=example,dc=net
>>>>
>>>> objectClass: person
>>>>
>>>> objectClass: organizationalPerson
>>>>
>>>> objectClass: inetOrgPerson
>>>>
>>>> objectClass: posixAccount
>>>>
>>>> objectClass: top
>>>>
>>>> objectClass: shadowAccount
>>>>
>>>> objectClass: sambaSamAccount
>>>>
>>>> objectClass: krb5Principal
>>>>
>>>> sn: Account
>>>>
>>>> userPassword: {SASL}test at EXAMPLE.NET
>>>>
>
> What is the user creation sequence you are using? First posixAccount and
> sambaSamAccount (for example, with smbldap-tools), then add the krb5Principal
> class and its attributes, set password to use {SASL} and then what? kadmin?
> kpasswd?
>
Usually dump an ldif to the ldap server with the premade (mkntpwd)
NTHash, and thats all.
The ldif is populated by a script which writes values like:
echo "dn: uid=$username,ou=users,dc=example,dc=net" >> the_created_ldif_file
...
echo "userPassword: {SASL}$username at EXAMPLE.NET" >> the_created_ldif_file
...
and then ldapadd -Y GSSAPI -f the_created_ldif_file
then rm -f the_created_ldif_file
that's all
Regards
Geza
More information about the samba
mailing list