[lugm.org] Openldap and Samba issue

[Jochen Kirstätter]

Hello,

We have a successful combination of Samba using OpenLDAP backend to 
authenticate users.

First issue in this case would be to check whether the samba account has 
been enabled in the LDAP records. For this purpose it is highly advised 
to use the smbldap-tools. There you get a set of commands that should be 
used on the console and configured in the smb.conf file like this:

passdb backend = ldapsam:ldap://127.0.0.1/
obey pam restrictions = no
ldap ssl = off
ldap suffix = dc=ios,dc=mu
ldap admin dn = cn=admin,dc=ios,dc=mu
ldap group suffix = ou=Group
ldap user suffix = ou=People
; Don't use samba's internal LDAP password sync
ldap passwd sync = No

passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*all*authentication*tokens*updated*
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

The usually used smbpasswd is not sufficient to work with LDAP.

-- 
Kind regards.

A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?

Get Blogged by JoKi - "The only frontiers are in your mind"
   http://jochen.kirstaetter.name/ - http://www.ios.mu/