On 2012-11-30 11:15 am, Gaiseric Vandal wrote:
No, you wouldn't sync passwords to TDB. Does your LDAP entry for
each user currently have a SambaSID value? Also, when you type
"pdbedit -Lv someuser" you should see the unix account for the user.
The unix account is either explicitly created (e.g. in /etc/passwd or
ldap or nis) or dynamically created by winbind.
No, currently our users do not have SambaSID values in ldap.
# pdbedit -Lv someuser
Unix username: someuser
NT username: someuser
Account Flags: [U ]
User SID: S-1-5-21-xxxxx
Primary Group SID: S-1-5-21-xxx
Full Name: Some User
Home Directory: \\someserver\users\someuser
HomeDir Drive: X:
Logon Script: logon.bat
Profile Path:
Domain: SOMEDOMAIN
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 0
Kickoff time: 0
Password last set: Fri, 30 Sep 2011 09:40:43 EDT
Password can change: Fri, 30 Sep 2011 09:40:43 EDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
#
Assuming you are not using winbind to allocate uid's and gid's for
samba users, your LDAP user entry will eventually look something
like
dn: uid=someuser,ou=someou,ou=people,o=yourdomain.com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: Some User
gidNumber: xx
homeDirectory: /home/someuser
sambaSID: S-1-5-21-xxxx
sn: UserLastName
uid: someuser
uidNumber: 123
displayName: Some User
gecos: Some User
givenName: Some User
loginShell: /bin/tcsh
sambaAcctFlags: [UX ]
sambaHomeDrive: X:
sambaHomePath: \\someserver\users\someuser
sambaLogonScript: logon.bat
sambaNTPassword: xxxxxxxxxxxxxxxxxxxx
sambaPasswordHistory:
000000000000000000000000000000000000000000000000000000
0000000000
sambaPwdLastSet: 1291843237
st: xxxxxx
street: xxxxxxxxx
telephoneNumber: xxxxxxxxx
userPassword:: xxxxxxxxxxxx
Although the login script and network home directory probably not
relevant in a non-DC setup.
We are not using winbind at all currently.
Here is a sample user's ldap data:
dn: uid=tstaff,ou=people,dc=simons-rock,dc=edu
uid: tstaff
sn: Staff
uinSR: tstaff-false
givenName: Test
genderSR: m
loginShell: /bin/false
cn: Test Staff
gecos: Test Staff
mailSR: [email protected]
homeDirectory: /home/testaff
objectClass: person
objectClass: top
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: personSR
objectClass: extensibleObject
objectClass: posixAccount
objectClass: shadowAccount
shadowLastChange: 11551
shadowWarning: 7
gidNumber: 100
shadowMax: 99999
uidNumber: 7391
mail: [email protected]
groupSR: staff
groupSR: hidden
employeeNumber: 991991991
sambaNTPassword: REDACTED
sambaPwdLastSet: 1354296936
userPassword:: REDACTED
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
