On Mon, May 17, 2004 at 10:19:25PM +0200, Petter Reinholdtsen wrote: > > Anyone know samba details enough to give some answers to my questions? > I discussed this briefly on IRC, and I discovered that I am still > wondering how samba and Windows works. Anyone got glues to spare? > > If we move the Machines LDAP tree as a subtree of People, would it be > enough to give samba write access to the Machines tree, or does it > also need write access in People? I suspect it need write access to > People too, but would like to have it verified.
It needs write access to the samba* entries of the userAccounts. > During what kind of operations do samba need write access to the LDAP > tree? I'm aware of these operations. Are there others? > > - Adding a host to the SMB domain > - Logging a user into a host in the SMB domain You mean the last logged on entry ? > - Changing password of a user > - Removing a host from the SMB domain + When creating a user. wlus still uses smbpasswd to setup the samba part of the account > What attributes does it need to read and write to in LDAP and where in > the LDAP tree does it need to read and write during these operations? the attributes with the samba prefix. > Can we block password changes from windows, or can we make password > changes from windows update both the UNIX-hash and the windows hashes? > I do not want users to end up with different passwords on Windows and > UNIX. Dont know. But we can, if we give samba access to it, make the unix password change when a user changes the samba password If I got time, I will try to move the machines into the ou=Machines,ou=People subtree Then I will try to create the needed samba-attributes (as root), and only let samba update the ones it needs to update Then I will ty to block password updates from samba. -- Finn-Arne Johansen [EMAIL PROTECTED] http://bzz.no/
