-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is it required to use LDAP for both POSIX/UNIX accounts and for Samba, or can one move only the smbpasswd file to LDAP without impacting the standard UNIX passwd file at all? - -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |novosirj@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHfSwomb+gadEcsb4RAvXNAJ9k0Uw2fVYRspDO+rTRFxBYfefw3wCgyvSJ npPNBznEw287gOv1SH3zN88=eAkV -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Drescher wrote:>> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba, >> or can one move only the smbpasswd file to LDAP without impacting the >> standard UNIX passwd file at all? >> - -- > With ldap you have both the users that are in the ldap server + the > /etc/passwd file.So then, do you get POSIX and Samba accounts in the LDAP, and then the /etc/passwd is also used? What I really want is to move smbpasswd users to LDAP, but we have process that interact with /etc/passwd, but I would like LDAP to be only used by Samba. I suppose if nsswitch did not say to use LDAP, ssh/etc. would not check LDAP for user logins? - -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |novosirj@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHfS9Nmb+gadEcsb4RApoyAJ0bzAtFlSkoZaccE4oZW/nwyJ1OkwCgivoo OuNhdmPGlaBokt5Uh3BoKvo=pVMJ -----END PGP SIGNATURE-----
> John Drescher wrote: > >> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba, > >> or can one move only the smbpasswd file to LDAP without impacting the > >> standard UNIX passwd file at all? > >> - -- > > With ldap you have both the users that are in the ldap server + the > > /etc/passwd file. > > So then, do you get POSIX and Samba accounts in the LDAP, and then the > /etc/passwd is also used? >Yes. Both are specified in the nsswitch and both are used.> > What I really want is to move smbpasswd users to LDAP, but we have > process that interact with /etc/passwd, but I would like LDAP to be only > used by Samba. I suppose if nsswitch did not say to use LDAP, ssh/etc. > would not check LDAP for user logins? >I have never tried that so I am not sure. John
> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba, > or can one move only the smbpasswd file to LDAP without impacting the > standard UNIX passwd file at all? > - --With ldap you have both the users that are in the ldap server + the /etc/passwd file. John
"Ryan Novosielski" <novosirj@umdnj.edu> wrote in message news:477D2C28.7070705@umdnj.edu...> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is it required to use LDAP for both POSIX/UNIX accounts and for Samba, > or can one move only the smbpasswd file to LDAP without impacting the > standard UNIX passwd file at all?Interesting question. Just a little background info. so we are all on the same page. Each Samba user must have a Linux (POSIX) account in order to access the Linux machine. It must also have some Samba (Windows) information for it to work as a Windows domain controller. If you use the smbldap tools to manage the addition and deletion of users, they will add the POSIX and the Samba user info to the LDAP directory. This will happen because your add user script in the smb.conf file will point to the relevant smbldap add user script. You would typically configure the /etc/nsswitch.conf file to tell the Linux machine to look for user names and passwords in the LDAP directory. That way the user does not need to exist in the /etc/passwd file. So far so good. I understand from what you are saying that you want to separate the POSIX (Linux) information from the Samba information. You want to keep the POSIX information in the /etc/passwd file and the Samba information in the LDAP directory. Each user's authentication information will be stored in both locations. To do this you should not use the add user script from the smbldap tools. Instead use the standard Linux "add user" command in a script to add the user. I have done this in the past. It adds Samba info. to LDAP and creates the user account in the /etc/passwd file. Your smb.conf file should look something like add user script = /usr/sbin/useradd -m '%u' add machine script = /usr/sbin/useradd -M '%u' add group script = /usr/sbin/groupadd '%g' Typically I use the User Manager for Domains to add and delete users. Not sure how things will work with other tools. I guess you can use the smbldap tools to populate the LDAP database with the standard Windows users and groups but use the Linux commands in the add user script. I haven't tried this since the early versions of Samba 3.x. Let me know how it works out.