samba3.0.1rc3 with smbladp-tools and MS Usermanger
Hansjörg Maurer
hansjoerg.maurer at itsd.de
Sat Nov 15 17:20:28 GMT 2003
Hi,
I have some minor problems, testing samba 3.0 with LDAP and MS
Usermanger for Domains.
Most Parts work better than I have ever seen.
great!!
But when I add a new user oder when I delete a user,
on the windows side (usermanager for domains)
there is an error about permission denied.
But the operation is performed.
A refresh in the usermaneger shows it.
I am not sure, if I have the right settings for the user scripts in smb.conf
eg, do I have to add a user with the -a optione in smbldap-useradd.pl ??
Attached are my settings.
I am not sure about the point, if I need
ldap passwd sync = yes
and
unix password sync = Yes
together
Same with
ldap delete dn = yes
and
delete user script
I think using samba with ldap and smbldap is a very common setting.
This might be worth to write a subchapter in the Samba Howto Collection.
I also tried to include the well known MS Groups (with RID via net groupmap)
and the well known MS users (Domain Admin ...).
And I am not sure how to do it right.
For example the Domain Admin needs RID 500.
I added a user with this RID.
Is this a Problem with the RID UID mapping??
What UID do I have to assign to him...?
I only have ldap as backend and no user root in ldap.
With what username do I have to connect from the windows-side to have
access
modify the userdatabase.
Do I have to add root to smbpasswd and add smbpasswd to the passwd backends?
If somebody can answer this questions,
and the authors thinks, it will be helpfull
I can submit a small subchapter to the howto collection in oder to
set up a Samba PDC with smbldap-tools and an initial contents of the
directory
in the right way.
Thank you
Hansjörg Maurer
ldap delete dn = yes
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = ou=Users,dc=itsd,dc=de
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd.pl "%u"
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod.pl -g "%g" "%u"
delete user script = /usr/local/sbin/smbldap-userdel.pl "%u"
add group script = /usr/local/sbin/smbldap-groupadd.pl "%g"
delete group script = /usr/local/sbin/smbldap-groupdel.pl "%g"
add machine script = /usr/local/sbin/smbldap-useradd.pl -w "%m"
passwd program = /usr/local/sbin/smbldap-passwd.pl "%u"
passwd chat = *ew*password* %n\n *new*password* %n\n *
unix password sync = Yes
--
Dr. Hansjörg Maurer
itsystems Deutschland AG
Linprunstr. 10
D-80335 München
Ph/Fax +49 89 52 04 68-41/-59
More information about the samba-technical
mailing list