[Samba] Samba file server using ldap backend without AD or PDC?
Brian Gold
bgold at simons-rock.edu
Fri Nov 30 10:38:25 MST 2012
On 2012-11-30 11:15 am, Gaiseric Vandal wrote:
> No, you wouldn't sync passwords to TDB. Does your LDAP entry for
> each user currently have a SambaSID value? Also, when you type
> "pdbedit -Lv someuser" you should see the unix account for the user.
> The unix account is either explicitly created (e.g. in /etc/passwd or
> ldap or nis) or dynamically created by winbind.
>
No, currently our users do not have SambaSID values in ldap.
>
> # pdbedit -Lv someuser
>
> Unix username: someuser
> NT username: someuser
> Account Flags: [U ]
> User SID: S-1-5-21-xxxxx
> Primary Group SID: S-1-5-21-xxx
> Full Name: Some User
> Home Directory: \\someserver\users\someuser
> HomeDir Drive: X:
> Logon Script: logon.bat
> Profile Path:
> Domain: SOMEDOMAIN
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: 0
> Kickoff time: 0
> Password last set: Fri, 30 Sep 2011 09:40:43 EDT
> Password can change: Fri, 30 Sep 2011 09:40:43 EDT
> Password must change: never
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> #
>
> Assuming you are not using winbind to allocate uid's and gid's for
> samba users, your LDAP user entry will eventually look something
> like
>
> dn: uid=someuser,ou=someou,ou=people,o=yourdomain.com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> cn: Some User
> gidNumber: xx
> homeDirectory: /home/someuser
> sambaSID: S-1-5-21-xxxx
> sn: UserLastName
> uid: someuser
> uidNumber: 123
> displayName: Some User
> gecos: Some User
> givenName: Some User
> loginShell: /bin/tcsh
> sambaAcctFlags: [UX ]
> sambaHomeDrive: X:
> sambaHomePath: \\someserver\users\someuser
> sambaLogonScript: logon.bat
> sambaNTPassword: xxxxxxxxxxxxxxxxxxxx
> sambaPasswordHistory:
> 000000000000000000000000000000000000000000000000000000
> 0000000000
> sambaPwdLastSet: 1291843237
> st: xxxxxx
> street: xxxxxxxxx
> telephoneNumber: xxxxxxxxx
> userPassword:: xxxxxxxxxxxx
>
>
> Although the login script and network home directory probably not
> relevant in a non-DC setup.
We are not using winbind at all currently.
Here is a sample user's ldap data:
dn: uid=tstaff,ou=people,dc=simons-rock,dc=edu
uid: tstaff
sn: Staff
uinSR: tstaff-false
givenName: Test
genderSR: m
loginShell: /bin/false
cn: Test Staff
gecos: Test Staff
mailSR: testaff at simons-rock.edu
homeDirectory: /home/testaff
objectClass: person
objectClass: top
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: personSR
objectClass: extensibleObject
objectClass: posixAccount
objectClass: shadowAccount
shadowLastChange: 11551
shadowWarning: 7
gidNumber: 100
shadowMax: 99999
uidNumber: 7391
mail: testaff at simons-rock.edu
groupSR: staff
groupSR: hidden
employeeNumber: 991991991
sambaNTPassword: REDACTED
sambaPwdLastSet: 1354296936
userPassword:: REDACTED
More information about the samba
mailing list