[Samba] editpostfix setup

Gunnar Thielebein gunnar_thielebein at gmx.net
Wed Dec 19 19:10:44 GMT 2007


i've setup the samba environment like described in the wiki:

I can now easily add windows user / machines when using the policies for

I have also setup unix account session auth via libpam_ldap, libnss_ldap
like described here:


Some things i dont understand:

1. How is the unix password set for the windows users?
When i su <winusername> it is not accepting the win password.
I also tried editing the unix password via ldap-account-manager but also
with no luck.

Is a unix password set in general when creating new accounts?

With my unixuseraccounts migrated to ldap via migrationsscipt (the ones
used in the gentoo article) it is possible to su <username>.

2. How do I make a sambadomain user out of such a migrated unix user?

3. When creating accounts the user homes per default points to
/home/domainname/user. How can I change that?

Thanks for any reply/feedback for my configs


my smb.conf:
netbios name = TIGGER
workgroup = th-domain
domain logons = yes

logon home = \\%N\%U
logon path = \\%N\%U\.winprofile

encrypt passwords = true
passdb backend = ldapsam

ldap suffix = dc=th-domain,dc=lan
ldapsam:trusted = yes
ldapsam:editposix = yes
ldap admin dn = cn=admin,dc=th-domain,dc=lan
ldap delete dn = yes
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=peoples
ldap idmap suffix = ou=idmap

idmap domains = th-domain
idmap config th-domain:backend = ldap
idmap config th-domain:readonly = no
idmap config th-domain:default = yes
idmap config th-domain:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
idmap config th-domain:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
idmap config th-domain:ldap_url = ldap://localhost
idmap config th-domain:range = 50000-500000
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
idmap alloc config:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
idmap alloc config:ldap_url = ldap://localhost
idmap alloc config:range = 50000-500000

log level = 1
my nsswitch/pam /etc/ldap.conf
ssl off
suffix "dc=th-domain,dc=lan"
uri ldap://localhost
pam_password exop

rootbinddn "cn=root,dc=th-domain,dc=lan"

ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=peoples,dc=th-domain,dc=lan
nss_base_shadow ou=peoples,dc=th-domain,dc=lan
nss_base_group  ou=groups,dc=th-domain,dc=lan
nss_base_hosts  ou=hosts,dc=th-domain,dc=lan

scope one

More information about the samba mailing list