[Samba] smbldap-tools and phpldapadmin

Dimitri Yioulos dyioulos at firstbhph.com
Wed Jan 19 06:01:41 MST 2011 

On Tuesday 18 January 2011 7:46:55 pm Alberto 
Moreno wrote:
> On Mon, Jan 17, 2011 at 4:38 AM, Dimitri Yioulos 
<dyioulos at firstbhph.com> wrote:
> > On Saturday 15 January 2011 4:26:03 pm
> > William
> >
> > Brown wrote:
> >> > If I enter the command "smbldap-useradd -a
> >> > -m -M juser -g "Domain Users" -G "Domain
> >> > Admins" -G "Administrators" -c "Joe User"
> >> > juser" (beginning and ending parens for
> >> > clarity), I do indeed create the type of
> >> > user I'm trying to create.  And, that user
> >> > appears in the list of users in
> >> > PhpLdapAdmin.
> >> >
> >> > However, if I create the same type of user
> >> > using the PhpLdapAdmin "Samba3 Account"
> >> > template, the user doesn't have the same
> >> > attributes as the ones created via
> >> > smbldap-useradd.
> >>
> >> Yes, there are schema extensions in samba's
> >> ldap admin tool that extend the posix
> >> account. You can convert an existing user
> >> iirc with that command, since the posix
> >> password hash is irrerversible. Also pay
> >> attention you MUST use the smbpasswod tool
> >> to change passwords, else the userPassword
> >> and smbPassword feilds will de-sync.
> >>
> >> > I could probably create a bash script that
> >> > invokes smbldap-useradd for my users to
> >> > use to create accounts, but they're
> >> > CLI-phobic, so I really want to get
> >> > PhpLdapAdmin to do this.
> >> >
> >> > How can I accomplish this
> >> > PhpLdapAdmin/smbldap-useradd "integration?
> >> > I'm really not a programmer, so messing
> >> > with the PhpLdapAdmin xml files is
> >> > daunting to me if, in fact, this is how
> >> > it's done.  I've looked through all of the
> >> > config files associated with the PDC
> >> > set-up, but simply don't see anything in
> >> > them that would do the trick.
> >>
> >> sorry, but edit the templates. Look here
> >>
> >> http://phpldapadmin.sourceforge.net/wiki/ind
> >>ex. php/Templates
> >>
> >> Also, create a user in ldap, and one in smb,
> >> then compare the differences. Some of the
> >> fields are autogenerated as well iirc,
> >>
> >> You can likely cheat with the <value> tag,
> >> to call php, that calls your smb script.
> >> Something like
> >> <value>system("smbldap-useradd -a -m -M" uid
> >> "") might do it (you will need to substitute
> >> in values like i did with "uid" )
> >>
> >> > If anyone has accomplished this, I would
> >> > greatly appreciate your help!
> >> >
> >> > Thanks.
> >> >
> >> > Dimitri
> >> >
> >> > --
> >
> > Thank you both for your responses.
> >
> > I was afraid I'd hear, "sorry, but edit the
> > templates".  Now, I know the old saw about,
> > "If you give a man a fish ... ", but if
> > someone has already created such a template,
> > and is willing to share it, I'd be extremely
> > grateful.  It's not laziness, it's lack of
> > skill in this area.
> >
> > Thanks.
> >
> > Dimitri
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > --
> > To unsubscribe from this list go to the
> > following URL and read the instructions:
> >  https://lists.samba.org/mailman/options/samb
> >a
>
> Hi guys.
>
> What I can add to this thread is that, for your
> safe.
>
> 1) Don't use samba 3.0.x, doesn't support
> windows 7, if someone came with a machine like,
> your are doom.
>     Use samba 3x is ready to be use as PDC and
> support windows 7, windows 2008, etc.
> 2) The only issue is that u have to setup
> smbldap-tools by hand because doesn't have
> support for samba 3x, but is to easy, I can
> help u.
> 3) I try phpldapadmin but I prefer Mandriva
> MDS, is the same,  ajax interface to openldap,
> I prefer this one is very clean and stable. I
> can help u setup this one to.
>
> Migrate from samba 3.0.x to samba 3.x is not a
> issue, you just have to upgrade samba, review
> your settings, maybe some are "on" on samba
> 3.0.x and "off" on samba3x is what I have seen
> in my deployments.
>
>  My two cents!!!
>
> --

Alberto,

Thanks for your kind response.

Let me respond to your points one-by-one:

1)  your point on using the latest Samba release 
is well-taken.  I started out isntalling it, but 
had such a tough time getting the PDC set up and 
working that, as part of my experimentation, I 
rolled back to the stock CentOS version.  Now 
that I have the PDC working, I can try upgrading 
the Samba version.  I guess in the worst case, I 
can always roll back if I run into problems.

2)  while the smbldap-tools suite has seemed to 
work, in that I was able to populate LDAP, and 
create users and machines, any help with making 
it better would be appreciated.

3)  it doesn't matter to me (or my end users, 
probably) what GUI front-end I give them, as long 
as it faithfully creates Samba users and machines 
as smbldap-tools does.  If Mandriva MDS does 
that, then excellent.  Again, your help would be 
appreciated.

Regards,

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list