[Fedora-directory-users] Samba & Fedora Directory Server Integration

Oscar A. Valdez oscar.valdez at duraflex-politex.com
Tue Jan 17 00:01:04 UTC 2006 

El sáb, 14-01-2006 a las 23:08 -0700, Craig White escribió:
> On Sat, 2006-01-14 at 18:58 -0600, Oscar A. Valdez wrote:
> > I've followed the Samba & Fedora Directory Server Integration How-To
> > located at http://directory.fedora.redhat.com/wiki/Howto:Samba , and I'm
> > about to upload my user accounts into the DS. I have two questions
> > before I proceed, though:
> > 
> > 1) At the end of the How-To, a "testuser" is added to the Samba server
> > with the "smbpasswd -a" command. Wouldn't the DS make the user accounts
> > visible to the Samba server, making it unecessary to add them via
> > smbpasswd? If it's really necessary to add the accounts via smbpasswd,
> > then the DS isn't really a backend to the Samba Server: they would be
> > acting in parallel.
> > 
> > 2) The section on ldapsam of "The Official Samba-3 HOWTO and Reference
> > Guide" 
> > (http://us4.samba.org/samba/docs/man/Samba3-HOWTO/passdb.html#id2559672)
> > mentions quite a few attributes for the sambaSamAccount ObjectClass,
> > such as sambaLogonTime, sambaLMPassword, sambaPrimaryGroupSID,
> > sambaAcctFlags, logoffTime, sambaKickoffTime, sambaPwdLastSet, sambaSID,
> > sambaPwdCanChange, sambaPwdMustChange, and sambaNTPassword, that are not
> > present in the ldif files generated by the openldap migrate_passwd.pl
> > script recommended by the How-To. How should these attributes be added,
> > if one follows the How-To?
> ----
> In general, the administrator is responsible for the client tools used
> to create attributes for LDAP dn's
> 
> If you are going to use a tool like the PADL migration tool
> (migrate_passwd.pl), obviously you aren't going to get attributes beyond
> the posixAccount stuff. Samba has some tools - smbldap-tools which can
> attributes for the samba-schema and then there are some other tools such
> as GQ, phpldapadmin, LAM and Webmin which can do a wide variety of LDAP
> entry.
> 
> Just guessing at what you are trying to accomplish (taking an
> existing /etc/passwd - list and importing it into LDAP while inserting
> necessary samba attributes simultaneously...I would suggest that you use
> Webmin's LDAP Users and Groups which does have mass importing and is
> capable of adding a 'pre-configured' samba-schema attributes.

Thanks for your response. I'm going to read the "SMB LDAP PDC Howto"
found at http://samba.idealx.org/samba-ldap-howto.pdf. It's by the folks
who put together the smbldap-tools.

In the future, I would like to be able to create user account in the DS,
and have it automatically create the samba-schema attributes. Does this
sound feasible?
-- 
Oscar A. Valdez

More information about the Fedora-directory-users mailing list