You also need sambaAccountFlags: [UX ] for user account and sambaAccountFlags: [W ] for machine accounts.
On 08/07/12 17:37, Frans Lanting - IT Admin wrote: > Hi Folks, > > A couple of questions about making SMB (3 or 4) authenticate to an > external (anonymous) LDAP server: > > 1) A typical LDAP user record is below. Is there anything lacking in > this record that would prevent Samba from authenticating against our > LDAP server? Note the sambaSID is as is, gobblygook info: > > > dsAttrTypeNative:eduPersonAffiliation: Employee Member > dsAttrTypeNative:givenName: David > dsAttrTypeNative:homeDirectory: /afs/cats.csux.edu/users/t/dsixpack > dsAttrTypeNative:mail: dsixp...@csux.edu > dsAttrTypeNative:objectClass: posixAccount organizationalPerson > csuxPerson top sambaSamAccount person inetOrgPerson csuxMain eduPerson > dsAttrTypeNative:sambaSID: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX > dsAttrTypeNative:sn: Sixpack > dsAttrTypeNative:csuxPersonGuID: G000242316 > AppleMetaNodeLocation: /LDAPv3/ldap-99.soe.csux.edu > AppleMetaRecordName: uid=dsixpack,ou=People,dc=crm,dc=csux,dc=edu > NFSHomeDirectory: /Users/dsixpack > Password: ******** > PrimaryGroupID: 100002 > RealName: > David Sixpack > RecordName: dsixpack > RecordType: dsRecTypeStandard:Users > UniqueID: 9239 > UserShell: /bin/bash > > 2) Regarding the "sudo smbpasswd -w secret" step, does this smb user > need to exist in our LDAP or that local to the machine running the SMB > daemon? I wasn't clear on how this step in the process is supposed to > work. > > 3) Is the "ldap admin dn =" also required? > > Note we have read-only access to our LDAP server, though a record > could be created for us if absolutely needed. > > Any help or ideas MUCH appreciated! Thanks! > > David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba