-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jamrock wrote: > "Ryan Novosielski" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba, >> or can one move only the smbpasswd file to LDAP without impacting the >> standard UNIX passwd file at all? > > Interesting question. Just a little background info. so we are all on the > same page. > > Each Samba user must have a Linux (POSIX) account in order to access the > Linux machine. It must also have some Samba (Windows) information for it to > work as a Windows domain controller. > > If you use the smbldap tools to manage the addition and deletion of users, > they will add the POSIX and the Samba user info to the LDAP directory. This > will happen because your add user script in the smb.conf file will point to > the relevant smbldap add user script. > > You would typically configure the /etc/nsswitch.conf file to tell the Linux > machine to look for user names and passwords in the LDAP directory. That > way the user does not need to exist in the /etc/passwd file. > > So far so good. > > I understand from what you are saying that you want to > separate the POSIX (Linux) information from the Samba information. You want > to keep the POSIX information in the /etc/passwd file and the Samba > information in the LDAP directory. Each user's authentication information > will be stored in both locations. > > To do this you should not use the add user script from the smbldap tools. > Instead use the standard Linux "add user" command in a script to add the > user. I have done this in the past. It adds Samba info. to LDAP and > creates the user account in the /etc/passwd file. > > Your smb.conf file should look something like > > add user script = /usr/sbin/useradd -m '%u' > > add machine script = /usr/sbin/useradd -M '%u' > > add group script = /usr/sbin/groupadd '%g' > > Typically I use the User Manager for Domains to add and delete users. Not > sure how things will work with other tools. > > I guess you can use the smbldap tools to populate the LDAP database with the > standard Windows users and groups but use the Linux commands in the add user > script. > > I haven't tried this since the early versions of Samba 3.x. Let me know how > it works out.
Sounds rather much like what I'm looking for. I really don't use the add user/group script right now anyway, just add machine. What is seems like you're saying is that I can migrate all of the stuff from /etc/passwd to LDAP and then just never change nsswitch for UNIX and only make Samba use the ldap, and setting the parameters as above. - -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHfcD1mb+gadEcsb4RAoU/AKCuF+4gO9FQMxQ8a3SyKv8giqLe6QCg4SYJ vimuQInaWkyU5fv9L2/ZSic= =rrvN -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
