Etienne Goyer
2002-Dec-05 15:43 UTC
[Samba] Administrator account samba-3.0alpha21 and LDAP
Hi!
I am setting up a test bed for Samba PDC + LDAP. I used the 3.0alpha21
rpm for RH8 from samba.org. The setup is working. Win9x client can
login no problem.
I was wondering how I should setup an "Administrator" account for the
domain. Right now, my plan is to have samba authenticate only to the
ldap backend ("passdb backend = ldapsam" only). Does the
administrator
only need write access to the ldap tree or it also need to be root on
the machine (uidnumber or gidnumber 0) ? What should I put in the rid
and primaryGroupID field ? At the very least, I'd like to be able to
add machine accounts to the domain with this account.
Thanks for your input !
--
Etienne Goyer Linux Qu?bec Technologies Inc.
http://www.LinuxQuebec.com etienne.goyer@linuxquebec.com
PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key
Fingerprint: F569 0394 098A FC70 B572 5D20 3129 3D86 8FD5 C853
Etienne Goyer
2002-Dec-05 21:44 UTC
[Samba] Administrator account samba-3.0alpha21 and LDAP
Hi again, I found answer to my own questions. For the record, here is what I did: 1. Ran the script smbldap-populate.pl from IDEALX. This create a lot of groups and the Administrator account. 2. Change uid of the Administrator to 0. Otherwise, it gave access denioed when I tried to create a computer acocunt in the domain. That's all ! On Thu, Dec 05, 2002 at 10:38:43AM -0500, Etienne Goyer wrote:> Hi! > > I am setting up a test bed for Samba PDC + LDAP. I used the 3.0alpha21 > rpm for RH8 from samba.org. The setup is working. Win9x client can > login no problem. > > I was wondering how I should setup an "Administrator" account for the > domain. Right now, my plan is to have samba authenticate only to the > ldap backend ("passdb backend = ldapsam" only). Does the administrator > only need write access to the ldap tree or it also need to be root on > the machine (uidnumber or gidnumber 0) ? What should I put in the rid > and primaryGroupID field ? At the very least, I'd like to be able to > add machine accounts to the domain with this account. > > Thanks for your input ! > > > > -- > Etienne Goyer Linux Qu?bec Technologies Inc. > http://www.LinuxQuebec.com etienne.goyer@linuxquebec.com > PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key > Fingerprint: F569 0394 098A FC70 B572 5D20 3129 3D86 8FD5 C853 > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba-- Etienne Goyer Linux Qu?bec Technologies Inc. http://www.LinuxQuebec.com etienne.goyer@linuxquebec.com PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key Fingerprint: F569 0394 098A FC70 B572 5D20 3129 3D86 8FD5 C853