[Samba] Convert existing Samba DB to LDAP

Adam Williams awilliam at mdah.state.ms.us
Sat Jan 12 00:23:35 GMT 2008 

you'll need to config samba to use your LDAP backend.  in smb.conf 
you'll need:

  passdb backend = ldapsam:ldap://gomer.mdah.state.ms.us
  ldap suffix = dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
  ldap machine suffix = ou=People
  ldap user suffix = ou=People
  ldap group suffix = ou=Group
  ldap idmap suffix = ou=Idmap
  ldap admin dn = cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
  idmap backend = ldap:ldap://gomer.mdah.state.ms.us
  ldap passwd sync = yes
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   winbind separator = +
   template homedir = /home/winnt/%D/%U
   template shell = /bin/bash
   winbind use default domain = false
   winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes

and you can load your smbpasswd/tdbsam users with:

pdbedit --import=smbpasswd:/etc/samba/smbpasswd 
--export=ldapsam:ldap://gomer.mdah.state.ms.us

and because the ldap passwd sync = yes, when your users do ctrl alt del 
and click on change password, it should change it in LDAP for their unix 
shell acct and their samba password that is in their LDAP dn.


read chapter 5 of the Samba-3 By Example PDF, it kind of explains 
everything.

Eric Bouliane wrote:
> We currently have an OpenLDAP server with many nodes authenticating to 
> it for various things. We have an existing server that is now using 
> LDAP to authenticate, but would like to have Samba in turn 
> authenticate to it. We've configured the smb.conf file accordingly and 
> can get this working.
>
> Our dilemma is in adding the "Manage samba account parameters" plug-in 
> via the Yast User/Group modification. When doing this and attempting 
> to finish editing existing users, it errors out with "Change the 
> passwordto create the Samba account". We would like to prevent having 
> all of our LDAP users come to our desks to change the password 
> individually, is there a way to globally set this and use either 
> existing passwords within the samba/secrets.tdb file or those set 
> within LDAP already?
>
> Cheers.
>

More information about the samba mailing list