[Fedora-directory-users] Samba & Fedora Directory Server Integration
Craig White
craigwhite at azapple.com
Thu Jan 19 01:24:47 UTC 2006
On Wed, 2006-01-18 at 18:57 -0600, Oscar A. Valdez wrote:
> El mié, 18-01-2006 a las 15:24 -0600, Oscar A. Valdez escribió:
> > El lun, 16-01-2006 a las 18:01 -0600, Oscar A. Valdez escribió:
> > > El sáb, 14-01-2006 a las 23:08 -0700, Craig White escribió:
> > > > If you are going to use a tool like the PADL migration tool
> > > > (migrate_passwd.pl), obviously you aren't going to get attributes beyond
> > > > the posixAccount stuff. Samba has some tools - smbldap-tools which can
> > > > attributes for the samba-schema...
> > >
> > > Thanks for your response. I'm going to read the "SMB LDAP PDC Howto"
> > > found at http://samba.idealx.org/samba-ldap-howto.pdf. It's by the folks
> > > who put together the smbldap-tools.
> >
> > Do the smbldap-tools work "out of the box" with the Fedora Directory
> > Server? They're not tailored too tightly to OpenLDAP?
>
> To answer my own question: they seem to work with FDS. I just installed
> them, and tried the smbldap-passwd command on a test account. The error
> I get seems to be a permissions error:
>
> Unable to change password: Insufficient 'write' privilege to the
> 'userPassword' attribute of entry
> 'uid=ovaldez,ou=people,dc=duraflex,dc=com,dc=sv'
>
> Any ideas on how to fix this?
----
sure - you need to use a dn with sufficient access...
i.e. cn=Directory Manager
or by default, uid=ovaldez,ou=people,dc=duraflex,dc=com,dc=sv should
have sufficient access to the userPasswd attribute
you probably want to create a 'super user' account which can change all
entries in 'dc=duraflex,dc=com,dc=sv' tree (see ACi) and set that to be
the user that is 'ldap admin' in smb.conf and in smbldap-tools.
Craig
More information about the Fedora-directory-users
mailing list