[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] SMB/LDAP management with Webmin Users and Groups module



Wow! Thanks Jim this is awesome!  I just created a test user via batch
file.  It's funny though if I try and add a user to the ldap database
that's already a user on the system it returns : "Duplicate username
at line 1 : [user]"  Question: Why should the ldap database care
what's in /etc/passwd?   This machine is going to be a stand-alone
ldap server so it's not set to authenticate the the ldap database.
Umm..I don't have to set it for ldap auth do I?

Thanks,
Peter

On 8/8/05, Jim Kronebusch <jim winonacotter org> wrote:
You can add/modify/delete users and groups from the LDAP Users and
groups module.  Below I will show my settings for the module as
configured for version 2.0-alpha of the smb/ldap installer scripts.  The
add users via batch section is all that needs work now.  It appears to
leave out the Samba account options when run.  I emailed Jamie Cameron
to see if he can let me know how to make this work.  Anyhow with the
settings below I am able to login via Linux, via a OSX LDAP enabled
machine, and join a Windows Machine to the domain and login.  I will
list only fields where I have made changes from the default.  This is
also with the newest stable version of webmin.  Disk quotas will also be
able to be managed via the Webmin Disk Quota module, provided that under
the Disk and Network Filesystems you have enable User or Group quotas,
and subsequently enabled Disk Quotas under the Disk Quotas module.

Also in discussion with Jamie Cameron I was informed that the variables
${USER} and ${UID} can be used to substitute username and user id
respectively anywhere in the webmin module configuration.

Here goes:

Linux LDAP NSS library config file: /etc/ldap.conf
Bind to LDAP server as: cn=manager,dc=yourdomain,dc=org
Credentials for bind name above: On first access click Set to and enter
your smb/ldap password as set during script installation, after first
entry leave set to Don't change
Base for users: ou=Users,dc=yourdomain,dc=org
Base for groups: ou=Groups,dc=yourdomain,dc=org
Other objectClasses to add to new users: top inetOrgPerson
Full path to slappasswd program: /usr/sbin/slappasswd
LDAP properties for all new users: sn: ${USER}
Lowest UID for new users: 1000
Default primary group for new users: Domain Users
Default secondary groups for new users: Domain Users
Default shell for new users: /bin/bash
LDAP object class for Samba users: sambaSamAccount
Enabled Samba account by default?: Yes
Domain SID for Samba3: S-1-5-21-699950680-3956470712-3012135405 (Please
use your own sambaSID here :-)
LDAP properties for new Samba users:
sambaLogonScript: startup.bat
sambaProfilePath: \\YOURDOMAIN-PDC\profiles\${USER}
sambaHomePath: \\YOURDOMAIN-PDC\homes\${USER}
sambaHomeDrive: X:
LDAP object class for Samba groups: sambaGroupMapping

Well I hope that helps others out to get webmin working.  For now this
will at least work with using the command line bulk-add scripts to add
the largest population, then webmin for smaller changes.  I will post
out if I get a fix from Jamie.  Or if anyone else tries this let me know
if you can get the batch import to work.

Also I found that to get default OSX settings out you can create a
Library folder in /etc/skel and copy the files you want to default into
that folder.  Say you create a custom dock you can take Macintosh
HD:Users:test user:Library:Preferences:com.apple.dock.plist and move it
to /etc/skel/Library/Preferences/com.apple.dock.plist on the linux
server and all new users will receive the custom dock.

Also since OSX and Linux use the same desktop folder and same /home by
default I will try to create scripts make the windows desktop point to
/home/user/desktop and to point My Documents to /home/user.  This should
make profile roaming seamless between Ops.  I think I can for the most
part use the scripts posted in the last couple weeks.


Jim Kronebusch
Cotter Tech Department
507-453-5188
jim winonacotter org

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.2/65 - Release Date: 8/7/2005



--
This message has been scanned for viruses and
dangerous content by the Cotter Technology
Department, and is believed to be clean.


_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]