[Samba] "net sam provision" and samba 3.4.0
David Markey
dmarkey at dodds.dmarkey.com
Mon Sep 7 03:46:49 MDT 2009
Yes
smbpasswd -w is for user/group/domain information.
net idmap secret alloc is specifically for the idmap part of the directory.
IMO if there is no idmap password set, it should fall back to the global
ldap dn/password.
On Mon, 7 Sep 2009 08:35:20 +0200, "Zeller, Jan" <jan.zeller at id.unibe.ch>
wrote:
> thank you ! But what's "net idmap secret alloc <password>" ?
> Is it different from "smbpasswd -w" ?
>
> "man net" says :
> Store a secret for the specified domain, used primarily for domains that
> use idmap_ldap as a backend. In this case the secret is used as the
> password for the user DN used to bind to the ldap server.
>
> hmmm...
>
>> -----Ursprüngliche Nachricht-----
>> Von: David Markey [mailto:dmarkey at dodds.dmarkey.com]
>> Gesendet: Montag, 7. September 2009 00:53
>> An: Zeller, Jan
>> Cc: samba at lists.samba.org
>> Betreff: Re: [Samba] "net sam provision" and samba 3.4.0
>>
>>
>> These are the settings i use:
>> [global]
>> workgroup = TESTDOM
>> encrypt passwords = true
>> passdb backend = ldapsam:ldapi:///
>> domain logons = yes
>> ldapsam:trusted=yes
>> ldapsam:editposix=yes
>> restrict anonymous = 0
>> log level = 10
>> log file = /var/log/samba
>> ldap admin dn = cn=admin,dc=samba,dc=org
>> ldap delete dn = yes
>> ldap passwd sync = yes
>> ldap group suffix = ou=groups
>> ldap machine suffix = ou=computers
>> ldap user suffix = ou=users
>> ldap suffix = dc=samba,dc=org
>> ldap ssl = off
>> logon path =
>> template homedir = /home/%U
>> template shell = /bin/bash
>> idmap backend = ldap:ldapi:///
>> idmap uid = 1000000-1999999
>> idmap gid = 1000000-1999999
>> idmap alloc backend = ldap
>> idmap alloc config : ldap_url = ldapi:///
>> idmap alloc config : ldap_base_dn = ou=idmap,dc=samba,dc=org
>> idmap alloc config : ldap_user_dn = cn=admin,dc=samba,dc=org
>>
>>
>> Don't forget net idmap secret alloc "password"
More information about the samba
mailing list