hi kevin, > 1). How do I/Can I script the installation of a generic password into > these accounts? I'm looking to put some common password in for all > users and then allow the users to change it once they log into the new > server/domain. I don't see a method of doing so with > 'smbldap-passwd.pl'. write your own shellscript that uses smbldap-useradd.pl, add the features you need and use this script to create user!
> 2). I used the following command to add all of my users to the LDAP > Directory: > > 'smbldap-useradd.pl -a -m -A 1 -G <group1>,<group2> >username<' > > This successfully created the users, their home folders and placed them > in their groups, but it did not change the value for "pwdCanChange" in > the LDAP directory, as shown by 'smbldap-usershow.pl'. I want the users > to be able to change their own passwords - at any time - is there > something I did wrong when creating the user account? sorry, but i don't know smbldap-useradd.pl - i wrote my own admintools! > 3). I want every user's password to expire on a 90-cycle. I think I > see a slot in the LDAP directory for such an option - pwdMustChange, > but by default is set to a huge number - 2147483647. First, what > number does that represent? Seconds? Minutes? Days? Months? I've > watched it for the past week and it hasn't changed. Which leads me to > my next question, will changing this number to "O" actually cause the > respective password to expire? Will setting this number to "90" (or > what ever representation needed) allow a 90 day cycle? If not, what > must I do to have this 90 day cycle? this number is a unix timestamp - the seconds since 1.1.1970! the solution is: enable passwordsync and as program use a shellscript that creates the timestamp (90 days are 7776000 seconds) and insert this with ldapmodify into the attr pwdMustChange of the user! -> let DAYINFUTURE=$(/bin/date +%s)+7776000 > 4). By default, there are fields in the directory for "displayName" and > "description" that are both set to "System User". Can I change > either/both (at least "description") to what ever I want while creating > the user account? I couldn't find a switch in 'smbldap-useradd.pl' to > allow that. I guess I could script it using 'smbldap-usermod.pl', but > would prefer it to be done as one step. sorry, but once again: i don't know smbldap-useradd.pl - i wrote my own admintools and they do what i want ;-) i hope it was a little help greetings thomas reisenbichler -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
