[Samba] Adding users with ldif file

Rowland penny rpenny at samba.org
Sat Jul 18 13:41:31 UTC 2020

On 18/07/2020 14:30, RhineDevil wrote:
> Sat, 18 Jul 2020 14:19:25 +0100 Rowland penny via samba <samba at lists.samba.org>:
>> On 18/07/2020 13:52, RhineDevil wrote:
>>> Fri, 17 Jul 2020 19:44:37 +0100 Rowland penny via samba <samba at lists.samba.org>:
>>>> On 17/07/2020 19:31, RhineDevil via samba wrote:
>>>>> And by that I mean, where are the dbs, what should I rm -rf?
>>>> On Debian just remove /var/lib/samba and /var/cache/samba
>>>>> By the way how do I obtain current machine netbios name?
>>>> Depends on which netbios name, if you are referring to the one that is
>>>> in smb.conf 'netbios name = ?????', that is just the short hostname in
>>>> uppercase. If you are referring to the netbios domain name (aka
>>>> workgroup) then you can find this with wbinfo:
>>>> wbinfo --own-domain
>>>> Rowland
>>> I tried to add ypServ30 using ldapi socket "ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi, it said
>>> `ERR: insufficient access rights : "LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS <acl: unable to get access to CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld> <>" on DN CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld at block before line 5`
>>> Shouldn't give me access by default if I'm using the private system socket?
>> No, you still need to authenticate as a user with the required
>> permissions e.g. Administrator
>> Also, as you are trying to update the schema, you will need to add
>> '/--option="dsdb:schema update allowed"=true' to the ldbmodify command/
>> /Rowland/
> Since I'm (g)root how could I avoid inputting any password at all?
> Should be possible since samba-tool never asks you a password as root
Then do what samba-tool does, fall back to the computers kerberos ticket 
and add '-P' to the ldbmodify command
> Also what's the point of having a more private socket in /var/lib/samba/private/ldap_priv/ldapi if it asks auth credential like the "less private" socket /var/lib/samba/private/ldapi?
Even more security ;-)


More information about the samba mailing list