[Date Prev][Date Next]
Jason Williams wrote:
Well, I have been working very hard lately, trying to get a server up to
act as our Samba PDC with LDAP. So far, everything seems to be working
well. I've been able to get samba 2.2.8 and openldap 2.0.27 installed
with no problems. I've setup my config files (ldap.conf, slapd.conf,
smb.conf) as well as added some initial entries to the LDAP directory.
I've been able to add a user to the directory and set the password for
This is where I wanted to ask some questions:
Now, let me try and explain what I want to do:
As it is now, our network is setup in a workgroup, with 30+ users. I
want all of our users to be able to join the Domain/Samba PDC. They will
not be using roaming profiles, just login to their workstation into the
What I am trying to understand is the best way to go about adding my
users to the domain as well as authenticating against the domain. It may
seem vague, but im a little confused here myself.
I thought i'd post some of my initial entries and go from there. Here goes:
# mycompany, com
description: mycompany comanization
# Groups, mycompany, com
description: System Groups
# Users, mycompany, com
description: Users of the comanization
# Computers, mycompany, com
description: Windows Domain Computers
# Domain Admins, Groups, mycompany, com
dn: cn=Domain Admins,ou=Groups,dc=mycompany,dc=com
cn: Domain Admins
description: Windows Domain users
# Domain Users, Groups, mycompany, com
dn: cn=Domain Users,ou=Groups,dc=mycompany,dc=com
cn: Domain Users
description: Windows Domain Users
# Administrators, Groups, mycompany, com
description: Windows Domain Members can administer the computer and Domain
That is just some initial entries. Here is what I have questions about:
I am going to have about 3-4 groups. For instance, officers, processors
Now, I need to add my users to the PDC. From what I have read, not only
do I need to add my users to the PDC, but a machine/computer account as
So, my question is what is the best way to add my users to the PDC and
their machine accounts?
the machine accounts can be created automatically when they join the
domain, for the user accounts i'd suggest the smbldap-tools from
http://samba.idealx.org or your own-cooked-perl-scripts...
Secondly, as you can see in my LDAP directory above, I have some initial
entires. I am unclear as how to add my users to the server and LDAP and
make sure they go into the correct group and correct part of the LDAP
Directory. That make sense? For example, if I have a user named Todd
that needs to go into the group "officers" how would I go about doing that?
adding objectClass posixGroup and using Attribute "memberUid" for the
user todd. (exactly specifying the uid of the user as value of the
Lastly, (for now :) ) when I go around to my Windows 2000 workstations
to have my users join the domain, from some prior testing, once I change
it from a workgroup to a domain, a username and password box will pop
up. What username and password must I use here? Is it what I have
specified in my slapd.conf and smb.conf: "cn=Manager,dc=company,dc=com"
you have an objectClass "sambaAccount" which has an uid (=username) and
two password strings (lmPassword for win9x and ntPassword for nt/2k/xp).
these two are used for authentication.
I appreciate everyone's help.
take a look at the documentation at http://samba.idealx.org/ and google.
and probably switching to the samba-list would be helpful ;)
\\\ ||| /// _\=/_
( @ @ ) (o o)
| Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at |
| IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at |
| email@example.com Tel.: +43(1)33126/316 |
| firstname.lastname@example.org Fax.: +43(1)33126/154 |
| FSF Associate Member #597, Linux User #259595 (counter.li.org) |
| oOOo Yet Another Spam Trap: oOOo |
| ( ) oOOo email@example.com ( ) oOOo |
+--------\ (----( )--------------------------\ ( -----( )-----+
\_) ) / \_) ) /
Computers are like airconditioners:
They stop working properly if you open windows.