Hi all, this mail is about current status of Windows client support in our Lenny.
Some weeks ago Ronny Aasen reported that his Windows clients started to complain that the user accounts are expired at login and users are unable to change passwords, after upgrading to Lenny. As I do not a current Windows VM on my notebook I was not yet able to verify this myself. But it did not take long until we found that the Samba people had updated the schema description between the Samba versions in Etch and Lenny. A fast check with a plain Debian Samba-LDAP setup of mine, where Samba added the attributes to the accounts itself, showed, that several new attributes were added to the LDAP tree (see http://wiki.debian.org/DebianEdu/Status/Lenny/SambaLDAP). As the Windows clients in my setup do not complain, we updated the schema file in debian-edu-config to the same version (which is the one in the samba-doc package). We also modified the slapd config to allow Samba access the added attributes. The (hopefully) last step now is to update old LDAP trees and to create new accounts with the new attributes. For the first part I hacked a little Perl script that goes through the tree and adds the new attributes with the (default) values listed on http://wiki.debian.org/DebianEdu/Status/Lenny/SambaLDAP. This script is still in development but already does the right thing. Before going and polish the script I would like to know if the modifications done by the script are sufficient to make Windows stop complaining. For the braves already running Lenny and suffering from this problem the following steps may fix the problems (please report your results in anyway): - Update (if not yet up to date) debian-edu-config to the version in lenny-test - Download the hacked script from http://www.ping.de/~dh/update-ldap - Make a backup (better save than sorry) with: slapcat > meingutesbackup and keep the "meingutesbackup" file save and secure as it contains (hashed) user passwords. - Run update-ldap. It will ask for the password of the rootdn which normally is the root password chosen during install. The update-ldap script should print some (ok many) lines about updated LDAP entries. After the script is done users should be able to login into Windows boxes without complaints by Windows. For the second part (the one about new user accounts) we would have to modify LWAT to create the new attributes. I would like some feedback about the updated user accounts first, before having a deeper look at LWAT and send a patch upstream. Hope someone is brave enough to test (remember to backup: than it is only half as scary), ... Greetings Daniel -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
