http://bugs.skolelinux.org/show_bug.cgi?id=1367
------- Comment #3 from [email protected] 2009-08-13 09:11 ------- about the schema: samba 3.2 could use the old samba2 schema, but this requiered config file changes. Or we could upgrade to the new samba3 schema, and gain the possibility of new features. i opted for the second one, to keep in line with debian, gain new features, and just keeping with the flow of development. [4] about the ldap entries: The effect i saw of NOT adding the ldap entries was that samba accounts reported as expiered all the time. This seamd to be unrelated to what schema i was using. When a user login on a windows computer, he got a notice that the password is expiered, and he need to change it. I am not certain if the password in ldap was changed (in ldap) or not when he tried chaning it. But trying to login again with the new password gave the same result. iow: windows users could not login. I found the requiered ldap entries by running openldap in debug mode. and the samba documentation [1] described [2] their purpose. I also found useful info in the samba+ldap howto [3] as far as i know the changes came from upstream samba, as part of their work to support AD PDC mode better. All the samba v3.2 + ldap howtos i have found [3] uses these entries as well, so i assume they are needed. You are correct when stating that both upgrades and new users via lwat is a problem. Luckily for lwat only changes to the config file /etc/lwat/admin.ini is requiered. i added the line sambaPwdLastSet = 123456789 to all entries. All this was explained to me by klausade. Kind regards Ronny Aasen [1] http://www.samba.org/samba/docs/ [2] http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#attribobjclPartA [3] http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html [4] http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#samba.schema.comments Ronny Aasen -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
