[Samba] confusion about using samba as NT4 PDC with ldapsam backend
TAKAHASHI Motonobu
monyo at monyo.com
Wed Dec 29 10:05:14 MST 2010
2010/12/30 Jon Detert <jdetert at infinityhealthcare.com>:
> How do the samba ObjectClasses and their attributes get set for new users?
> E.g. will they be set automagically if I specify the 'add
> {user|group|machine} script' settings in the smb.conf? If not, how then?
Use smbldap-tools or ldapsam:editposix parameter.
If you have already migrated LDAP users, smbldap-tools will be easy to use,
although mbldap-tools are not maintenanced.
There is a webpage that mentions about ldapsam:editposix:
http://wiki.samba.org/index.php/Ldapsam_Editposix
Or make scripts like smbldap-tools by yourself.
> I'm confused about how/when the samba-supplied ldap schema is used (I mean
> the schema that's in the samba distribution, that contains the
> 'sambaSamAccount' objectClass).
(snip)
> Does the simple fact of specifying 'passdb backend' = ldapsam imply that
> this schema is used?
Yes, Samba assumes proper schema is defined in the LDAP directory.
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
2010/12/30 Jon Detert <jdetert at infinityhealthcare.com>:
> Hello,
>
> I want to use samba v3.3.x to implement an NT4/Win2k style domain:
> a samba PDC and a samba BDC, using ldapsam for the 'passdb backend'. I plan
> to use RedHat Directory Server v8.2 as the ldap server.
>
> I'm trying to sort out how user/group management and nss will work.
>
> I'm confused about how/when the samba-supplied ldap schema is used (I mean
> the schema that's in the samba distribution, that contains the
> 'sambaSamAccount' objectClass).
>
> I understand that I have to add/activate the schema within my ldap server
> (and that in its distributed form, it's for openLDAP, and so I have to
> convert it to a syntax suitable for RedHat DirServer).
>
> However, I don't understand how to make samba use it.
>
> Does the simple fact of specifying 'passdb backend' = ldapsam imply that
> this schema is used?
>
> How do the samba ObjectClasses and their attributes get set for new users?
> E.g. will they be set automagically if I specify the 'add
> {user|group|machine} script' settings in the smb.conf? If not, how then?
>
> The ldap server is already populated with inetOrgPerson information for my
> user population. I've just added the samba schema and the posixAccount
> schema. How should I populate the samba and posixAccount ObjectClasses and
> attributes for the existing users? I.e. run a one-time script to populate
> them, or is there a more clever way? If the former, are there ready-made
> scripts to do this, or do I need to write my own?
>
> Once the samba schema objects and attributes are populated, how does smbd
> know about them? Will I need to run winbind in order for samba to map posix
> UIDs and GIDs to SIDs and RIDs, or will that be done automagically by virtue
> of specifying that the 'passdb backend' is ldapsam, and populating the samba
> schema?
>
> Even if I don't need to run winbind, should I? I'll need to use nss in any
> case, but if I use nss_ldap, I think that the o.s. won't grok nested
> groups. If I use nss_winbind, I think it will.
>
> AtDhVaAnNkCsE,
>
> Jon
More information about the samba
mailing list