Dear List
i have setup a samba server with a openldap backend (using the great
guide from hilinsk and Gerald's ldap system adminstration book)
I also have the unix account information stored in the ldap.
Current setup
samba 3.01 rc1
latest stable openldap on the same box
unix/samba accounts are stored in the ldap. (using nsswitch)
question 1
We have a corporate wide iplanet ldap server (which i can only read
from) used for email. I tried to sync the passwords from this
ldap-server with the samba-openldap one so my samba users only would
have to remember one password. I used a script that fetches the
(encrypted, sha1) passwords in a ldif file and ldapmodify this password
to the samba-openldap. This part works. The problem is that samba want
the sambaNTpassword and doesn't even look at the userpassword. Is there
a way that i can make samba use the sha1 userpassword or do i have a
no go, bad luck here.
Another solution would be to go the other way around so to update the
corporate ldap server when someone changes his windows/samba password
and that brings me to question number 2.
question 2
If i change the password from my windows workstation using the native
windows change password mechanism the sambaNTpassword gets changed but
the userpassword doesn't. I'm using the smbldap-passwd.pl tool. If i use
this tool directly from the command line it does update the userpassword
just fine. (using the same syntax as in the smb.conf.
When i turn sync unix passwords then the domain stops working (domain
not found)
Below my smb.conf
Thanx for your help
Regards
[global]
workgroup = TIS-AG
netbios name = TISPDC
null passwords = Yes
passdb backend = ldapsam
passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
passwd chat debug = Yes
log level = 1 passdb:2 auth:2
log file = /var/log/samba/%m.log
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
delete user script = /usr/local/sbin/smbldap-userdel.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl %g
delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
add user to group script = /usr/local/sbin/smbldap-groupmod.pl
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
logon script = logon.bat
logon path =
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins support = Yes
ldap suffix = dc=Test,dc=com
ldap machine suffix = ou=Machines
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap admin dn = uid=root,ou=People,dc=Test,dc=com
ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
comment = Samba-PDC Server
[netlogon]
path = /data/netlogon
write list = ntadmin
locking = No
--
Otto Schakenbos
PC-Support
TFX IT-Service AG
Fronackerstrasse 33-35
71332 Waiblingen
GERMANY
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
