[Samba] Samba and LDAP - which attributes are mandatory which optional

Daniel Müller mueller at tropenklinik.de
Fri Nov 12 01:23:57 MST 2010 

Hello Götz,

A short explanation

sambaAcctFlags:[W]-Workstation, [U]-User. String of 11 characters surrounded
by square brackets [ ] representing account flags such as U (user), W
(workstation), X (no password expiration), I (domain trust account), H (home
dir required), S (server trust account), and D (disabled).
sambaHomeDrive: forces the [homes] mapped to a certain Letter (ex: S:).
Refer to the “logon drive”.If empty smb.conf
sambaHomePath: your.homes.path. if empty smb.conf [homes] path is used
sambaKickoffTime: Specifies the time (UNIX time format) when the user will
be locked down and cannot login any longer. If this attribute is omitted,
then the account will never expire. Using this attribute together with
shadowExpire of the shadowAccount ObjectClass will enable accounts to expire
completely on an exact date.
sambaLMPassword: Lan Manager Password
sambaLogoffTime:
sambaLogonScript: your.logon.script. if empty smb.conf netlogon script.
sambaLogonTime:
sambaNTPassword: Stores the passwords auto. Do not touch
sambaPrimaryGroupSID: The primary Group SID auto. Do not touch.
sambaProfilePath: The Profile Path. If it is empty taken from smb.conf. Not
needed if you do no profiles.
sambaPwdCanChange: need to be 0 or 1. 1 user can change password
sambaPwdLastSet: counts the last set of password automatically. Used for
your password policy. The integer time in seconds since 1970 when the
sambaLMPassword and sambaNTPassword attributes were last set.
sambaPwdMustChange: You must set to 0 or 1. 0 the user must change his
password needs: sambaPwdCanChange =1. On some distributions you also need
to, sambaPwdLastSet=0.

You can go into deep there:
http://www.linuxtopia.org/online_books/network_administration_guides/samba_r
eference_guide/18_passdb_23.html


Greetings 
Daniel
-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Götz Reinicke - IT-Koordinator
Gesendet: Freitag, 12. November 2010 08:15
An: samba at lists.samba.org
Betreff: [Samba] Samba and LDAP - which attributes are mandatory which
optional

Hallo,

I'm asking myself, which LDAP attributes are mandatory which optional for
user and workstation accounts.

After using the smbldap-populate command there where different attributes
set than for adding users with the smbldap-useradd command.

--- snip ---

sambaAcctFlags:
sambaHomeDrive:
sambaHomePath:
sambaKickoffTime:
sambaLMPassword:
sambaLogoffTime:
sambaLogonScript:
sambaLogonTime:
sambaNTPassword:
sambaPrimaryGroupSID:
sambaProfilePath:
sambaPwdCanChange:
sambaPwdLastSet	
sambaPwdMustChange:

--- snap ---

Regards and Thanks for any help,

	Götz
--
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke at filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner

Geschäftsführer:
Prof. Thomas Schadt

More information about the samba mailing list