[Samba] Ldapsam:editposix: How to continue once it's setup

Holger Rauch holger.rauch at empic.de
Wed Oct 21 06:18:34 MDT 2009 

Hi to everybody,

I managed to setup ldapsam:editposix for Debian Lenny
as described here:

http://wiki.samba.org/index.php/Ldapsam_Editposix

and had the impression that in order to add a Samba Unix client, it
would be best to continue here:

http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html

However, in the ldapsam:editposix tutorial, the Administrator is
mentioned instead of root (judging from what I've read so far, the
Administrator user is only used for "real" Windows client PCs).

My smb.conf is setup so that no NetBIOS stuff is used (no wins, only
port 445, netbios disabled).

Before running "net sam provision", there were already user accounts
present in LDAP. Do I have to execute smbpasswd, even though I
intend to use MIT Kerberos (the value for the userPassword attribute in
LDAP looks like this
  
{KERBEROS}<user>@<kerberos-realm>

???
  
(This especially applies to the root user since this account doesn't
seem to be created during "net sam provision").

By the way, the Kerberos database is also stored in LDAP.

What do I have to do so that the remaining users in LDAP also get the
Samba specific LDAP attributes added to their account info and can be
used for Kerberized Samba sessions (either from Windows or smbclient
setups from Unix)?

"getent passwd", "getent group", kinit all work as expected, i. e.
they return the accounts and groups stored in LDAP and I can obtain
Kerberos tickets. I can also use these tickets for passwordless SSH
logins and create files as that user, including changing group
membership to an auxiliary group using "newgrp". So, Kerberos works.

In case you need any additional info (etc. smb.conf) I will surely
provide it, but I didn't want to make this mail too long.

Any help is greatly appreciated!

Thanks & kind regards,

       Holger
       
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20091021/d8600220/attachment.pgp>

More information about the samba mailing list