After a lot of trial and error I managed to get ldap + samba 3 running. Samba now authenticates through ldap. But somehow the difference between a unix and a samba login still exists.
I use smbldap-useradd.pl to create an ldap entry. There are two options:
With the "-a" option the entry contains the objectClass "sambaSamAccount", and a lot of Windows related attributes.
Without the mentioned option, the program creates an entry with objectClass "posixAccount" and the normal nss attributes.
Through smb.conf I have defined smbpasswd to use smbldap-useradd.pl to update the passwd in the ldap directory.
So, now I still have to have two entries per user in the ldap directory because with the sambaSamAccount userPasswd is {SHA}encrypted and with the posixAccount the userPasswd is {CRYPT} encrypted. Though two entries in LDAP is much more maintainable than anything I have seen before, I still have the idea that things can be solved more gracefull, with one entry and an automised password sync between unix and samba.
Any suggestions? kind regards, Robert
Extra: For those interested here are my ldap related smb.conf entries:
add user script = /sbin/smbldap-useradd.pl -a -m "%u"
delete user script = /sbin/smbldap-userdel.pl -r "%u"
add user to group script = /sbin/smbldap-groupmod.pl -m "%u" "%g"
delete user from group script = /sbin/smbldap-groupmod.pl -x "%u" "%g"
set primary group script = /sbin/smbldap-usermod.pl -g "%g" "%u"
add group script = /sbin/smbldap-groupadd.pl -a -p "%g"
delete group script = /sbin/smbldap-userdel.pl "%g"
add machine script = /sbin/smbldap-useradd.pl -w -d /dev/null -g nobody -c "Machine Account" -s /bin/false "%u"
ldap suffix = dc=salsatechnologies,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=admin,dc=salsatechnologies,dc=com
ldap ssl = no
ldap passwd sync = Yes
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
