Re: [Samba] SMB+LDAP Question ...
Message: 18 Date: Wed, 15 Jan 2003 15:58:41 +0200 From: C.Lee Taylor [EMAIL PROTECTED] Organization: LeeNX To: [EMAIL PROTECTED] Subject: [Samba] SMB+LDAP Question ... Greetings ... I have a quick question, which I hope will get a straight and quick answer. I am moving my system from flat files to LDAP. I have had my users in LDAP for a while, but then found that my computer accounts for Win2K in still in passwd. My question is, what are the bare minume LDAP attribs that I need for them to contiune to work? AFAIK, just sambaAccount and related items. But I don't think I am going to get that answered, so, do I need a Unix password for computers? No. I would just like to keep as little info my LDAP as possible .. I still believe the smallest amount of common info is best. In the end, in 2.2.x and non-NUA sam backends in 3.0alpha, you need the following to work on any DC: $ getent passwd machine$ So, on your DCs, you either need a unix account for the machine in /etc/passwd, or an LDAP account with posixAccount and sambaAccount BTW, see examples/LDAP/import_smbpasswd.pl in the samba docs if you hanen't yet. Should work for importing machine accounts. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB+LDAP Question ...
I am moving my system from flat files to LDAP. I have had my users in LDAP for a while, but then found that my computer accounts for Win2K in still in passwd. My question is, what are the bare minume LDAP attribs that I need for them to contiune to work? AFAIK, just sambaAccount and related items. Mmm, you see, if you have the /etc/passwd entery and do a smbpasswd -a -m with LDAP, it creates the sambaAccount stuff in LDAP, but if I delete the /etc/passwd without moving it into LDAP, the computer will not logon the PDC/Network. So now I have a few machine accounts which I want to move into LDAP, so I would like to know what I need, at least from and LDAP point of view ... In the end, in 2.2.x and non-NUA sam backends in 3.0alpha, you need the following to work on any DC: $ getent passwd machine$ So, on your DCs, you either need a unix account for the machine in /etc/passwd, or an LDAP account with posixAccount and sambaAccount Okay, but what does Samba 2.2 need with posixAccount? I mean, it does not need a homedir for anything. It does not need the Unix password stuff. I currently use the gid, but if it's in LDAP, I don't think I need that either. BTW, see examples/LDAP/import_smbpasswd.pl in the samba docs if you hanen't yet. Should work for importing machine accounts. But I would think that import_smbpasswd.pl is for importing smbpasswd, I need to bring in the passwd, that is why I am asking ... Again, thanks for your input. Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB+LDAP Question ...
C.Lee Taylor wrote: AFAIK, just sambaAccount and related items. Mmm, you see, if you have the /etc/passwd entery and do a smbpasswd -a -m with LDAP, it creates the sambaAccount stuff in LDAP, but if I delete the /etc/passwd without moving it into LDAP, the computer will not logon the PDC/Network. So are you saying you have machines that are in LDAP, have no posixAccount in LDAP, no entry in smbpasswd, but have an entry in passwd? So now I have a few machine accounts which I want to move into LDAP, so I would like to know what I need, at least from and LDAP point of view ... In the end, in 2.2.x and non-NUA sam backends in 3.0alpha, you need the following to work on any DC: $ getent passwd machine$ So, on your DCs, you either need a unix account for the machine in /etc/passwd, or an LDAP account with posixAccount and sambaAccount Okay, but what does Samba 2.2 need with posixAccount? I mean, it does not need a homedir for anything. It does not need the Unix password stuff. I currently use the gid, but if it's in LDAP, I don't think I need that either. But gidNumber is an attribute of posixAccount, as is uid (and uidNumber). getent passwd won't return (under normal circumstances) an LDAP entry that doesn't have objectclass:posixAccount. AFAIK, samba checks the equivalent c call (getpwent) unless using one of the NUA backends. BTW, see examples/LDAP/import_smbpasswd.pl in the samba docs if you hanen't yet. Should work for importing machine accounts. But I would think that import_smbpasswd.pl is for importing smbpasswd, I need to bring in the passwd, that is why I am asking ... Well, what you *realy* want is LDAP acounts for machines that exist in smbpasswd but not in LDAP? Extract the entries from smbpasswd for those machines, and then run the script ... On Mandrake, that would be: $ /usr/share/samba/scripts/import_smbpasswd.pl /path/to/modified/smbpasswd Anyway, we've had some issues migrating DCs ... am not entirely convinced smbpasswd -S really works ... but it could be other issues. At least when we are done, we will know that nothing more resides in files, since the new machine does everything via LDAP. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba