[Samba] Re: problem with sambaNextRid (WAS: updating samba/ldap: do
I need new attributes?)
Adam Williams
awilliam at mdah.state.ms.us
Tue Mar 24 23:59:11 GMT 2009
samba creates the RID when smbpasswd -a is used (or machine is joined to
the domain). smbldap-tools creates an entry in ldap to keep up with the
next available UID. i don't remember what it is. personally, I just
use a text file that contains my next available UID and GID in it and
increment when i add a user. i do everything by hand with .ldif files
though.
Thierry Lacoste wrote:
> Hello,
>
> I did the steps described below and I have a problem with machine RIDs.
>
> When I first join a machine, samba adds to my sambaDomainName ldap entry
> a sambaNextRid attribute with a value of 1000.
> Now samba uses this value (incremented each time) to give its RID
> to the machine.
>
> This is going to be a real problem as my current samba computes RDIs
> as 1000+2*UID.
>
> FWIW I'm using smbldap-tools to create user accounts and I have
> add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
> in my smb.conf though I don't think it is relevant because
> AFAIK this script is only called to create the posix machine account.
>
> What are my options?
> If at all possible, I'd rather stick to the 1000+2*UID algorithm.
>
> I googled about it and I know that others where caught too
> but I wasn't able to find a solution.
>
> Regards,
> Thierry.
>
> Quoting Adam Williams <awilliam at mdah.state.ms.us>:
>
>> your steps are fine. you don't need the samba LDAP entries you listed,
>> when ou do smbpasswd -a user, it will add the minimum required LDAP
>> entries for samba.
>>
>> lacoste at miage.univ-paris12.fr wrote:
>>> Hello,
>>>
>>> I plan to update my samba-3.0.22/openldap-2.3.24
>>> to samba-3.0.34/openldap-2.4.15 and I'm currently testing it.
>>> This is on FreeBSD.
>>>
>>> My idea is :
>>> 1) slapcat the openldap server and save the various tdb files.
>>> 2) deinstall samba and openldap and wipe out the bdb files
>>> 3) install the newer versions
>>> 4) slapadd to the new openldap server
>>>
>>> This seems to work in my test lab.
>>> During my tests I also built a new domain afresh and realized that the
>>> sambaDomainName ldap entry has some attributes that are not in my
>>> production server: sambaMinPwdLength, sambaLogonToChgPwd,
>>> sambaLockoutDuration,
>>> sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff.
>>>
>>> Do I have to add these attributes to my ldif file before slapadd?
>>> More generally, do I have to add some attributes to my ldap entries?
>>>
>>> Regards,
>>> Thierry
>>>
>>>
>>>
>
>
More information about the samba
mailing list