[Fedora-directory-users] Samba & Fedora Directory Server Integration

Craig White craigwhite at azapple.com
Sun Jan 15 06:08:52 UTC 2006 

On Sat, 2006-01-14 at 18:58 -0600, Oscar A. Valdez wrote:
> I've followed the Samba & Fedora Directory Server Integration How-To
> located at http://directory.fedora.redhat.com/wiki/Howto:Samba , and I'm
> about to upload my user accounts into the DS. I have two questions
> before I proceed, though:
> 
> 1) At the end of the How-To, a "testuser" is added to the Samba server
> with the "smbpasswd -a" command. Wouldn't the DS make the user accounts
> visible to the Samba server, making it unecessary to add them via
> smbpasswd? If it's really necessary to add the accounts via smbpasswd,
> then the DS isn't really a backend to the Samba Server: they would be
> acting in parallel.
> 
> 2) The section on ldapsam of "The Official Samba-3 HOWTO and Reference
> Guide" 
> (http://us4.samba.org/samba/docs/man/Samba3-HOWTO/passdb.html#id2559672)
> mentions quite a few attributes for the sambaSamAccount ObjectClass,
> such as sambaLogonTime, sambaLMPassword, sambaPrimaryGroupSID,
> sambaAcctFlags, logoffTime, sambaKickoffTime, sambaPwdLastSet, sambaSID,
> sambaPwdCanChange, sambaPwdMustChange, and sambaNTPassword, that are not
> present in the ldif files generated by the openldap migrate_passwd.pl
> script recommended by the How-To. How should these attributes be added,
> if one follows the How-To?
----
In general, the administrator is responsible for the client tools used
to create attributes for LDAP dn's

If you are going to use a tool like the PADL migration tool
(migrate_passwd.pl), obviously you aren't going to get attributes beyond
the posixAccount stuff. Samba has some tools - smbldap-tools which can
attributes for the samba-schema and then there are some other tools such
as GQ, phpldapadmin, LAM and Webmin which can do a wide variety of LDAP
entry.

Just guessing at what you are trying to accomplish (taking an
existing /etc/passwd - list and importing it into LDAP while inserting
necessary samba attributes simultaneously...I would suggest that you use
Webmin's LDAP Users and Groups which does have mass importing and is
capable of adding a 'pre-configured' samba-schema attributes.

Craig

More information about the Fedora-directory-users mailing list