[Samba] Samba file server using ldap backend without AD or PDC?

Brian Gold bgold at simons-rock.edu
Fri Nov 30 10:38:25 MST 2012 


On 2012-11-30 11:15 am, Gaiseric Vandal wrote:
> No, you wouldn't sync passwords to TDB.      Does your LDAP entry for
> each user currently have a SambaSID value?  Also, when you type
> "pdbedit -Lv someuser" you should see the unix account for the user.
> The unix account is either explicitly created (e.g. in /etc/passwd or
> ldap or nis) or dynamically created by winbind.
>

No, currently our users do not have SambaSID values in ldap.

>
> # pdbedit -Lv someuser
>
> Unix username:        someuser
> NT username:          someuser
> Account Flags:        [U          ]
> User SID:             S-1-5-21-xxxxx
> Primary Group SID:    S-1-5-21-xxx
> Full Name:            Some User
> Home Directory:       \\someserver\users\someuser
> HomeDir Drive:        X:
> Logon Script:         logon.bat
> Profile Path:
> Domain:               SOMEDOMAIN
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          0
> Kickoff time:         0
> Password last set:    Fri, 30 Sep 2011 09:40:43 EDT
> Password can change:  Fri, 30 Sep 2011 09:40:43 EDT
> Password must change: never
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> #
>
> Assuming you are not using winbind to allocate uid's and gid's for
> samba users, your LDAP  user entry will eventually look something 
> like
>
> dn: uid=someuser,ou=someou,ou=people,o=yourdomain.com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> cn: Some User
> gidNumber: xx
> homeDirectory: /home/someuser
> sambaSID: S-1-5-21-xxxx
> sn: UserLastName
> uid: someuser
> uidNumber: 123
> displayName: Some User
> gecos: Some User
> givenName: Some User
> loginShell: /bin/tcsh
> sambaAcctFlags: [UX         ]
> sambaHomeDrive: X:
> sambaHomePath: \\someserver\users\someuser
> sambaLogonScript: logon.bat
> sambaNTPassword: xxxxxxxxxxxxxxxxxxxx
> sambaPasswordHistory: 
> 000000000000000000000000000000000000000000000000000000
>  0000000000
> sambaPwdLastSet: 1291843237
> st: xxxxxx
> street: xxxxxxxxx
> telephoneNumber: xxxxxxxxx
> userPassword:: xxxxxxxxxxxx
>
>
> Although the login script and network home directory probably not
> relevant in a non-DC setup.

We are not using winbind at all currently.

Here is a sample user's ldap data:

dn: uid=tstaff,ou=people,dc=simons-rock,dc=edu
uid: tstaff
sn: Staff
uinSR: tstaff-false
givenName: Test
genderSR: m
loginShell: /bin/false
cn: Test Staff
gecos: Test Staff
mailSR: testaff at simons-rock.edu
homeDirectory: /home/testaff
objectClass: person
objectClass: top
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: personSR
objectClass: extensibleObject
objectClass: posixAccount
objectClass: shadowAccount
shadowLastChange: 11551
shadowWarning: 7
gidNumber: 100
shadowMax: 99999
uidNumber: 7391
mail: testaff at simons-rock.edu
groupSR: staff
groupSR: hidden
employeeNumber: 991991991
sambaNTPassword: REDACTED
sambaPwdLastSet: 1354296936
userPassword:: REDACTED

More information about the samba mailing list