samba - Jul 2004 - [Fwd: Re: posixAccount for Machines in LDAP?]

---------------------------- Original Message ----------------------------
Subject: Re: [Samba] posixAccount for Machines in LDAP?
From:    kent@www.warehamportal.mec.edu
Date:    Tue, July 13, 2004 4:54 pm
To:      "Paul Gienger" <pgienger@ae-solutions.com>
--------------------------------------------------------------------------

Thanks for getting back to me, Paul.
Here's the domain controllers smb.conf


[global]
        workgroup = WarehamPS
	encrypt passwords = Yes
	time server = Yes
	socket options = TCP_NODELAY
	security = user
	logon script = whs1.bat
	writable = Yes
	dns proxy = no
	directory mask = 02770
	preferred master = yes
        netbios name = WHS1
        server string = RedHat 8.0 LDAP Server
        passdb backend = ldapsam
        ldap passwd sync = Yes
	machine password timeout = 604800
        passwd program = /usr/local/samba/bin/smbpasswd %u
       passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
        log file = /var/log/samba.%m
        debug level = 2
        max log size = 50
        add user script = /usr/local/sbin/smbldap-useradd.pl %u
        delete user script = /usr/local/sbin/smbldap-useradd.pl %u add
group script = /usr/local/sbin/smbldap-groupadd.pl
        delete group script = /usr/local/sbin/smbldap-groupdel.pl
        add machine script = /usr/sbin/useradd -c "Computer" -d
/dev/null
-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m
%u
        logon script = whs1.bat
	logon path         logon drive = H:
	logon home         domain logons = Yes
        os level = 64
        domain master = Yes
        dns proxy = Yes
	admin users = @domain_admins
	wins support = Yes
	name resolve order = wins hosts bcast
        ldap suffix = dc=tow,dc=net
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap admin dn = cn=admin,dc=tow,dc=net
        ldap ssl = no

[homes]
	comment = Home Directories
	read only = no
	browseable = no
	writable = yes
	path = %H
	hide files = /.*/

[netlogon]
	comment = Netlogon share
	root preexec = /usr/local/samba/sbin/prelogon.pl %U
	path = /usr/local/samba/netlogon
	locking = no
	browseable = no
	read only = yes
	hide files = /*.dll/*.rap/*.kix/*.bat/

[staff]
	comment = Staff Directory
        path = /accounts/common
	browseable = no
	create mode = 0660
	valid users = @whsstaff
	write list = @whsstaff
	force group = whsstaff

[programs]
        comment = Programs
        path = /accounts/programs
	valid users = @whsstaff
	browseable = no

[adm-pgms$]
        comment = Admin Programs
        path = /accounts/adm_pgms
	browseable = no
	valid users = @techstaff
        write list = @techstaff
	force group = techstaff
	create mode = 0660

[images$]
        comment = Ghost image files
        path = /accounts/images
	browseable = no
	force group = techstaff
	create mode = 0660
	valid users = @techstaff
        write list = @techstaff

[cafeteria]
	path = /accounts/cafeteria/data
	browseable = no
	valid users = @whs-cafe
	force group = whs-cafe
	create mode = 0660
	directory mode = 0770

[printers]
        comment = All Printers
        path = /var/spool/samba
	valid users = @whsstaff, @techstaff
        read only = Yes
        printable = Yes
        browseable = No
[hp8100]
	path = /tmp
	comment = HP8100 Laser
	browseable = yes
	writable = no
	printable = yes
	printer name = hp8100
[tricker]
	path = /accounts/whsart/tricker
	comment = WHS Art students
	browseable = No
	valid users = +tricker
	write list = +tricker
	force group = tricker
	create mode = 0660
	directory mode = 0770
[gunnels]
	path = /accounts/whsart/gunnels
	comment = WHS Art students
	browseable = No
	valid users = +gunnels
	write list = +gunnels
	force group = gunnels
	create mode = 0660
	directory mode = 0770
[einstein]
	path = /accounts/whsart/einstein
	comment = WHS Art students
	browseable = No
	valid users = +einstein
	write list = +einstein
	force group = einstein
	create mode = 0660

[PCA]
        comment = PC Analyzer files
        path = /usr/local/samba/PCAnalyser
	browseable = no
	force group = techstaff
	directory mode = 0770
	create mode = 0770

Kent
Wareham Public Schools
> kent@www.warehamportal.mec.edu wrote:
>
>>Hello,
>>I have a question about machine accounts.
>>I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
RedHat machines.
>>I also have 3 slave/BDC's and 1 master/PDC
>>
>>Right now all of my users and groups exist entirely in the LDAP
>> directory.
>>I have a few accounts in addition to the normal system accounts that are
used for emergency access. All authention and group enumeration uses
PAM_LDAP with NSS_LDAP.
>>
>>My question is that when I have a machine join the domain, in the LDAP
directory an objectclass Account and sambaSAMAccount are created. I
still need to create a machine account in /etc/passwd for this to
happen. Is there anyone out there that is first creating a posixAccount
with appropriate attributes in LDAP then using the Samba/Windows to
generate the sambaSAMAccount object and attributes in LDAP
also?
>>
>>
> You shouldn't need anything in /etc/passwd.  Perhaps by posting an
smb.conf you could be pointed in the right direction.
>
>>I was so happy to get all of the user/group stuff consolidated into the
directory. Now I see that this is a possibility also but I haven't tried
it.
>>
>>Kent N
>>Wareham Public Schools
>>
>>
>>
>
> --
> Paul Gienger                     Office:		701-281-1884
> Applied Engineering Inc.         Cell:			701-306-6254
> Information Systems Consultant   Fax:			701-281-1322
> URL: www.ae-solutions.com        mailto:pgienger@ae-solutions.com
>
>
>