On Sat, 2006-01-14 at 18:58 -0600, Oscar A. Valdez wrote:
> I've followed the Samba & Fedora Directory Server Integration How-To
> located at
http://directory.fedora.redhat.com/wiki/Howto:Samba , and I'm
> about to upload my user accounts into the DS. I have two questions
> before I proceed, though:
>
> 1) At the end of the How-To, a "testuser" is added to the Samba server
> with the "smbpasswd -a" command. Wouldn't the DS make the user
accounts
> visible to the Samba server, making it unecessary to add them via
> smbpasswd? If it's really necessary to add the accounts via smbpasswd,
> then the DS isn't really a backend to the Samba Server: they would be
> acting in parallel.
>
> 2) The section on ldapsam of "The Official Samba-3 HOWTO and Reference
> Guide"
> (
http://us4.samba.org/samba/docs/man/Samba3-HOWTO/passdb.html#id2559672)
> mentions quite a few attributes for the sambaSamAccount ObjectClass,
> such as sambaLogonTime, sambaLMPassword, sambaPrimaryGroupSID,
> sambaAcctFlags, logoffTime, sambaKickoffTime, sambaPwdLastSet, sambaSID,
> sambaPwdCanChange, sambaPwdMustChange, and sambaNTPassword, that are not
> present in the ldif files generated by the openldap migrate_passwd.pl
> script recommended by the How-To. How should these attributes be added,
> if one follows the How-To?
----
In general, the administrator is responsible for the client tools used
to create attributes for LDAP dn's
If you are going to use a tool like the PADL migration tool
(migrate_passwd.pl), obviously you aren't going to get attributes beyond
the posixAccount stuff. Samba has some tools - smbldap-tools which can
attributes for the samba-schema and then there are some other tools such
as GQ, phpldapadmin, LAM and Webmin which can do a wide variety of LDAP
entry.
Just guessing at what you are trying to accomplish (taking an
existing /etc/passwd - list and importing it into LDAP while inserting
necessary samba attributes simultaneously...I would suggest that you use
Webmin's LDAP Users and Groups which does have mass importing and is
capable of adding a 'pre-configured' samba-schema attributes.
Thanks for your response. I'm going to read the "SMB LDAP PDC Howto"
found at
. It's by the folks
who put together the smbldap-tools.
In the future, I would like to be able to create user account in the DS,
and have it automatically create the samba-schema attributes. Does this
sound feasible?
--
Oscar A. Valdez