[Samba] Samba & LDAP, with XP and Linux clients

Quinn Fissler qfissler at gmail.com
Fri Jun 19 12:07:04 GMT 2009

As you probably realilse, the two separate areas are what samba requires in
ldap and what Linux requires - it's likely that you've only populated the
samba required stuff.

Think of ldap like a /etc/passwd file with many more columns. You only have
the columns for samba but most of the Linix/POSIX columns are missing.

There are many ways to deal with this! Too many :-/

but they're all fun :-)

ldapmodify is one to look at - you can adjust various items.

you could export the whole ldap db using slapcat and then tidy the whole
thing before importing it back...

I think that both require some extra steps and as soon as you look at them,
you'll see which approach suits you.

2009/6/19 Dave Beach <drbeach at rogers.com>

> Hello list! I believe I may not have a Samba problem, but rather an LDAP
> directory problem. I'm hoping to be redirected towards a more appropriate
> mailing list to which I can post.
> I have a Slackware server running Samba and OpenLDAP, and my WinXP clients
> authenticate just fine. I migrated from an smbpasswd backend to OpenLDAP
> with a BD backend some time ago, using the migration tools provided with
> smbldap-tools. Everything has been working fine.
> I now want to bring a Ubuntu workstation online, and authenticate to the
> same LDAP database. I've understood that my previous approach was wrong
> (trying to somehow get the Ubuntu box to join the domain), and that I
> instead need to use nss and pam to point directly to the LDAP database on
> the Slackware server. So far, so good. Ubuntu packages sourced and
> installed.
> Executing "getent group" on the Ubuntu client produces the expected
> results.
> Executing "getent passwd" does not; it only shows me a subset of the user
> accounts (notably, not my own account which was created prior to
> migration).
> Fiddling about with a couple of Windows-based ldap query clients, I can see
> that there seem to be some differences between accounts that were created
> pre-migration and those created post-migration. As an example, accounts
> created post-migration seem to have different "objectClass" attributes and
> values associated with them than do accounts created pre-migration - and
> the
> post-migration accounts are all visible with "getent passwd" on the Ubuntu
> client. Also, the pre-migration accounts have the "account" objectClass
> associated with them, while the post-migration accounts have the "person"
> objectClass associated with them. The post-migration accounts also seem to
> have the "posixAccount" object class associated with them. There are other
> differences, but these strike me (in my ignorance) as possibly being the
> source of the problem.
> In case it isn't obvious, I have zero LDAP experience other than this
> futzing around I'm doing. It seems fairly obvious that I need to somehow
> alter the pre-migration accounts in some way to make them more like the
> post-migration accounts, such that I can then log onto the Ubuntu client
> with the same user ID with which I log onto the WinXp clients. I'm
> reluctant
> to do much so far, in fear that I'll manage to irreparably damage the
> pre-migration accounts (somehow lose the SID, etc) such that they'll need
> to
> be re-created, with all the pain that entails on the WinXP clients (I use
> local profiles only on the WinXP boxes).
> So, as I said, probably not a Samba problem per se. Would someone be so
> kind
> as to suggest the proper list in which I can post this problem?
> Thanks very much in advance.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list