[K12OSN] SMB/LDAP management with Webmin Users and Groups module

Peter Hartmann ascensiontech at gmail.com
Wed Jul 5 22:02:42 UTC 2006

Wow! Thanks Jim this is awesome!  I just created a test user via batch
file.  It's funny though if I try and add a user to the ldap database
that's already a user on the system it returns : "Duplicate username
at line 1 : [user]"  Question: Why should the ldap database care
what's in /etc/passwd?   This machine is going to be a stand-alone
ldap server so it's not set to authenticate the the ldap database.
Umm..I don't have to set it for ldap auth do I?


On 8/8/05, Jim Kronebusch <jim at winonacotter.org> wrote:
> You can add/modify/delete users and groups from the LDAP Users and
> groups module.  Below I will show my settings for the module as
> configured for version 2.0-alpha of the smb/ldap installer scripts.  The
> add users via batch section is all that needs work now.  It appears to
> leave out the Samba account options when run.  I emailed Jamie Cameron
> to see if he can let me know how to make this work.  Anyhow with the
> settings below I am able to login via Linux, via a OSX LDAP enabled
> machine, and join a Windows Machine to the domain and login.  I will
> list only fields where I have made changes from the default.  This is
> also with the newest stable version of webmin.  Disk quotas will also be
> able to be managed via the Webmin Disk Quota module, provided that under
> the Disk and Network Filesystems you have enable User or Group quotas,
> and subsequently enabled Disk Quotas under the Disk Quotas module.
> Also in discussion with Jamie Cameron I was informed that the variables
> ${USER} and ${UID} can be used to substitute username and user id
> respectively anywhere in the webmin module configuration.
> Here goes:
> Linux LDAP NSS library config file: /etc/ldap.conf
> Bind to LDAP server as: cn=manager,dc=yourdomain,dc=org
> Credentials for bind name above: On first access click Set to and enter
> your smb/ldap password as set during script installation, after first
> entry leave set to Don't change
> Base for users: ou=Users,dc=yourdomain,dc=org
> Base for groups: ou=Groups,dc=yourdomain,dc=org
> Other objectClasses to add to new users: top inetOrgPerson
> Full path to slappasswd program: /usr/sbin/slappasswd
> LDAP properties for all new users: sn: ${USER}
> Lowest UID for new users: 1000
> Default primary group for new users: Domain Users
> Default secondary groups for new users: Domain Users
> Default shell for new users: /bin/bash
> LDAP object class for Samba users: sambaSamAccount
> Enabled Samba account by default?: Yes
> Domain SID for Samba3: S-1-5-21-699950680-3956470712-3012135405 (Please
> use your own sambaSID here :-)
> LDAP properties for new Samba users:
> sambaLogonScript: startup.bat
> sambaProfilePath: \\YOURDOMAIN-PDC\profiles\${USER}
> sambaHomePath: \\YOURDOMAIN-PDC\homes\${USER}
> sambaHomeDrive: X:
> LDAP object class for Samba groups: sambaGroupMapping
> Well I hope that helps others out to get webmin working.  For now this
> will at least work with using the command line bulk-add scripts to add
> the largest population, then webmin for smaller changes.  I will post
> out if I get a fix from Jamie.  Or if anyone else tries this let me know
> if you can get the batch import to work.
> Also I found that to get default OSX settings out you can create a
> Library folder in /etc/skel and copy the files you want to default into
> that folder.  Say you create a custom dock you can take Macintosh
> HD:Users:test user:Library:Preferences:com.apple.dock.plist and move it
> to /etc/skel/Library/Preferences/com.apple.dock.plist on the linux
> server and all new users will receive the custom dock.
> Also since OSX and Linux use the same desktop folder and same /home by
> default I will try to create scripts make the windows desktop point to
> /home/user/desktop and to point My Documents to /home/user.  This should
> make profile roaming seamless between Ops.  I think I can for the most
> part use the scripts posted in the last couple weeks.
> Jim Kronebusch
> Cotter Tech Department
> 507-453-5188
> jim at winonacotter.org
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.338 / Virus Database: 267.10.2/65 - Release Date: 8/7/2005
> --
> This message has been scanned for viruses and
> dangerous content by the Cotter Technology
> Department, and is believed to be clean.
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list