Thanks for your help, Please See below
Andrew Bartlett wrote:
On Fri, Apr 09, 2004 at 12:56:35PM +0200, M. Vancl wrote:Yes, I configured the users and groups management scripts in the smb.conf. That why smbpasswd is using smbldap-useradd in fact. Am I right ?
"Jerome Pramondon" <[EMAIL PROTECTED]> wrote:
The problem is when I start addind users using the 'smbpasswd' command.I'm not sure, but I think smbpasswd is not useable for ldap backend and you
I get an objectclass violation which says it cannot modify the
'userPassword' attribute.
After some searching, I noticed the 'userPassword' attribute was only
defined in the 'PosixAccount' objectclass. If I use a LDAP browser to
look what's in my directory, I see the user account, but he only has the
'SambaSamAccount' objectclass.
So it seems completly correct : if the 'PosixAccount' objectclass is not
added, then how could the 'userPassword' attribute be used in that
object ...
Then why the command does not add that objectclass ?
must use some more sofisticated program for it (e.g. IDEALX smbldap-tools
http://samba.idealx.org/).
No, smbpasswd will handle all of the Samba backends.
The issue here is that the 'ldap password sync' option is being used (hint - always post your smb.conf), and the user entries do not permit the setting of an LDAP password.
Sorry, here it is : # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2004/04/07 19:53:42
# Global parameters [global] unix charset = ISO8859-1 workgroup = INTRALICANTE.FR server string = Samba Server %v map to guest = Bad User passdb backend = ldapsam:ldap://192.168.1.53:389 log level = 2 log file = /var/log/samba/log.%m max log size = 1000 debug hires timestamp = Yes time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add user script = /usr/bin/smbldap-useradd -m -a delete user script = /usr/bin/smbldap-userdel add group script = /usr/bin/smbldap-groupadd -p delete group script = /usr/bin/smbldap-groupdel add user to group script = /usr/bin/smbldap-groupmod -m delete user from group script = /usr/bin/smbldap-groupmod -x add machine script = /usr/bin/smbldap-useradd -w logon script = logon.bat logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No ldap suffix = ou=Samba,dc=Alicante,dc=fr ldap machine suffix = ou=computers ldap user suffix = ou=accounts ldap group suffix = ou=groups ldap admin dn = cn=Manager,dc=Alicante,dc=fr ldap ssl = no ldap passwd sync = Yes ldap delete dn = Yes printer admin = @adm printing = cups
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
browseable = No
[print$] path = /var/lib/samba/printers write list = @adm, root inherit permissions = Yes guest ok = Yes
[pdf-generator]
comment = PDF Generator (only valid users)
path = /var/tmp
printable = Yes
print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "%J" &
[homes] valid users = %S read only = No browseable = No
[netlogon] path = /home/netlogon browseable = No
[public] comment = R?�pertoire Public path = /home/public read only = No guest ok = Yes
[%U] comment = R?�pertoire priv?� de %U path = /home/%U invalid users = nobody, guest read only = No
ok, I knew I could it this way (that suppose I already have users in the directory), but what if I want to have separate entries for users and samba account in the directory ?(The exact requirements differ between directory servers, but for OpenLDAP, your uses must have a posixAccount or simpleSecurityObject objectclass, to allow userPassword to be set).
something like :
dn: uid=jpramondon,ou=samba,dc=alicante,dc=fr
objectclass: account
objectclass: posixaccount
objectclass: sambSamAccount
uid: jpramondon
userpassword: ...
...
and
dn: cn=j�r�me pramondon,ou=users,dc=alicante,dc=fr objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: j�r�me pramondon ...
I saw something like that somewhere ...
Here's why I want to have it this way : this could prevent me to have too much administrative tasks by having only one command to add a user. (smbpasswd -a user)
Is smbpasswd able to add that kind of entry (the samba account one, not the user) with both sambaSamAccount and PosixAccount (in order to prevent from getting that objectclass violation error) ?
Could you help ?
Thanx so much
J�r�me -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
