Hi, is anybody out there who is using Novell Edir. with samba? I have searched the archive and found some random notes but no real success story. Here is what I have achived so far. Maybe someone can give me some hints. I have tried the samba-nds.schema that comes with the 2.2.7a tar ball. While I was able to import/add it to EDir. it did not work for me, because the "lmPassword" and "ntPassword" attributes had a SyntaxID of "SYN_INTEGER" which I think is wrong, because samba tries to store some hex.Strings in these attributes. After changing them to "SYN_CI_STRING" I was able to authenticate against edir. The only thing that does not work is to ldapadd or ldif import users with objectClass sambaAccount. Adding posixAccount users and then adding the sambaAccount objectClass via Novells "ConsoleOne" works, so I guess this is a edir. specific problem which is OT here. So right now, I can manually add machine and user accounts, join (W2K) clients to the samba domain and log in as an user. Changing passwords works, too. I have attached the modified schema file. Can anyone give me a hint about adding users w/o using ConsoleOne? Setting this up with openldap was no problem at all, btw, but I have to use edirectory, because my university wants it that way. Any help is greatly appreceated, -Rolf
Forgot the attachment, sorry. -------------- next part -------------- -- -- Submitted by Bruno Gimenes Pereti <pereti@ut mp dot edu dot br> -- Modified by Rolf Offermanns <rolf.offermanns(at)gmx DOT net> -- -- schema file for Novell's eDirectory 8.6/8.7 -- SambaAccountSchemaExtensions DEFINITIONS ::BEGIN -- Password hashes "lmPassword" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 1 } } "ntPassword" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 2 } } -- Account flags in string format ([UWDX ]) "acctFlags" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 4 } } -- Password timestamps & policies "pwdLastSet" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 3 } } "logonTime" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 5 } } "logoffTime" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 6 } } "kickoffTime" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 7 } } "pwdCanChange" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 8 } } "pwdMustChange" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 9 } } -- string settings "homeDrive" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 10 } } "scriptPath" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 5 1 4 1 7165 2 1 11 } } "profilePath" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 12 } } "userWorkstations" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_CI_STRING, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 13 } } "smbHome" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_CI_STRING, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 17 } } "domain" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_CI_STRING, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 18 } } -- user and group RID "rid" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 14 } } "primaryGroupID" ATTRIBUTE ::{ Operation ADD, SyntaxID SYN_INTEGER, Flags { DS_SINGLE_VALUED_ATTR }, ASN1ObjID { 1 3 6 1 4 1 7165 2 1 15 } } "sambaAccount" OBJECT-CLASS ::{ Operation ADD, Flags {DS_AUXILIARY_CLASS}, SubClassOf {"TOP"}, MustContain { "uid"}, MustContain { "rid"}, MayContain { "CN"}, MayContain { "lmPassword"}, MayContain { "ntPassword"}, MayContain { "pwdLastSet"}, MayContain { "logonTime"}, MayContain { "logoffTime"}, MayContain { "kickoffTime"}, MayContain { "pwdCanChange"}, MayContain { "pwdMustChange"}, MayContain { "acctFlags"}, MayContain { "displayName"}, MayContain { "smbHome"}, MayContain { "homeDrive"}, MayContain { "scriptPath"}, MayContain { "profilePath"}, MayContain { "description"}, MayContain { "userWorkstations"}, MayContain { "primaryGroupID"}, MayContain { "domain"}, ASN1ObjID { 1 3 6 1 4 1 7165 2 2 3 } } -- Used for Winbind experimentation "uidPool" OBJECT-CLASS ::{ Operation ADD, Flags {DS_AUXILIARY_CLASS}, SubClassOf {"TOP"}, MustContain { "uidNumber"}, MustContain { "CN"}, ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 3 } } "gidPool" OBJECT-CLASS ::{ Operation ADD, Flags {DS_AUXILIARY_CLASS}, SubClassOf {"TOP"}, MustContain { "gidNumber"}, MustContain { "CN"}, ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 4 } } END
Hi Rolf, I spent a long time last year trying to use Edirectory with Samba but I didn?t get it working. That file in the tar ball is a translation I did from samba.schema to the sintaxe of the ndssch program that is installed with Edir 8.6.2 for linux. The SyntaxID error is probably my mistake. I didn?t get your file attached and I think you should send it to Jerry to update it in the CVS tree. I stopped working with that and now I?m using OpenLDAP but I remember that the object "Account" was missing in the rfc2307-usergroup.sch that comes with the Edir for linux. I suppose the user that you are using in the ldapclient and samba have the right privilege to insert and alter information in you Edir. What is the messages in you log file? Bruno Gimenes Pereti. ----- Original Message ----- From: "Rolf Offermanns" <rolf.offermanns@gmx.net> Subject: [Samba] Novell EDirectory as LDAP backend> Hi, > is anybody out there who is using Novell Edir. with samba? > > I have searched the archive and found some random notes but no real > success story. > > Here is what I have achived so far. Maybe someone can give me some hints. > > I have tried the samba-nds.schema that comes with the 2.2.7a tar ball. > While I was able to import/add it to EDir. it did not work for me, > because the "lmPassword" and "ntPassword" attributes had a SyntaxID of > "SYN_INTEGER" which I think is wrong, because samba tries to store some > hex.Strings in these attributes. After changing them to "SYN_CI_STRING" > I was able to authenticate against edir. > > The only thing that does not work is to ldapadd or ldif import users > with objectClass sambaAccount. > > Adding posixAccount users and then adding the sambaAccount objectClass > via Novells "ConsoleOne" works, so I guess this is a edir. specific > problem which is OT here. > > So right now, I can manually add machine and user accounts, join (W2K) > clients to the samba domain and log in as an user. Changing passwords > works, too. > > I have attached the modified schema file. > > Can anyone give me a hint about adding users w/o using ConsoleOne? > Setting this up with openldap was no problem at all, btw, but I have to > use edirectory, because my university wants it that way. > > Any help is greatly appreceated, > -Rolf
> Hi, > is anybody out there who is using Novell Edir. with samba?Yes, 8.6.3 on a RH 7.3 to be precise.> I have searched the archive and found some random notes but no real > success story.Works pretty good. I have not yet tried to integrate cups but user authentification (unix login) is done via pam_ldap, i just have some problems getting password syncronisation running, users can alt-ctrl-del an change their windows password, but I want to set the user unix password too.> The only thing that does not work is to ldapadd or ldif import users > with objectClass sambaAccount.sambaAccount is an auxiliary class, i think you do need a real object class (like user). Take a look with the Schema Manager (ConsoleOne) at the user class, and the needed attributes (IIRC there are 4).> Adding posixAccount users and then adding the sambaAccount objectClass > via Novells "ConsoleOne" works, so I guess this is a edir. specific > problem which is OT here.Check out the Novell News Servers, one is at: support-forums.novell.com by Stefan