Ok guys, i'm giving up. To clarify this whole thing for me please tell me: if you have ldap and samba configured together do you still need to have local accounts in /etc/passwd in order to use smbpasswd or pdbedit utility? (_fact_: smbldap-useradd.pl using them anyway _fact_) Thank you. Sincerely, Kiryl.
> if you have ldap and samba configured together do you still need to > have local accounts in /etc/passwd in order to use smbpasswd or > pdbedit utility? (_fact_: smbldap-useradd.pl using them anyway _fact_)You're going to love this... that depends. IF you want your system(s) to authenticate against LDAP, independant of samba, then no, those user accounts will be stored in the LDAP store. If you are just storing samba data in ldap and don't care about network authentication at the system level, then yes you do. There are many independant pieces of the puzzle that you can configure any way you want. Note: putting samba in ldap and not using ldap for anything but storage of samba data (that is, with users in the system password file) is really quite a bit of overkill, that's what tdbsam is for. I guess you could use winbind against your ldap server if you really wanted to though, which could work just fine. It's really up to the way you wanted to set it up. I would assume (and we know where that gets you) that most of the time, posix data is stored in LDAP first, the system authenticates just fine against LDAP, and then people would try to layer on samba support. From the amount of problems people seem to be having, that doesn't seem to be the case.> > Thank you. > > Sincerely, > Kiryl. >-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com
"Kiryl Hakhovich" <administrator@bsolution.net> wrote in message news:4106CD38.3020201@bsolution.net...> Ok guys, > > i'm giving up. To clarify this whole thing for me please tell me: > > if you have ldap and samba configured together do you still need to have > local accounts in /etc/passwd in order to use smbpasswd or pdbedit > utility? (_fact_: smbldap-useradd.pl using them anyway _fact_) > > Thank you. > > Sincerely, > Kiryl.I will tell you what I have found so far. I still have some learning to do on this. Linux needs to recognize Samba users as Linux users. They are Samba users, but they are using resources on the Linux box. If you use LDAP and /etc/passwd then Linux is happy. If you transfer the /etc/passwd (POSIX) info. to LDAP and tell Linux to use LDAP for authentication, Linux is happy. Both approaches allow Linux to see the Samba users as Linux users. Note that you will need to create the Linux and Samba accounts when you add users. The automatic creation of the Linux users can be done by using an adduser script. www.padl.com has tools for transferring /etc/passwd and /etc/group information into LDAP. You can put an add user script in your smb.conf file which will tell Samba to add the users to the Linux box when it creates the Samba account. My add user script adds the users to /etc/passwd. I use the useradd command. It is my understanding, (I haven't tried it yet), that the adduser script from Idealx will add the user information to LDAP when Samba creates the Samba users. You should therefore use this adduser script if you want to keep the Linux (POSIX) user information in LDAP. I use the NT User Manager to add users from a Windows XP/2000 client. It creates the Samba account and the Linux account. I have not been able to automatically add the Linux user accounts using the smbpasswd command.>From what I have read there is an advantage to keeping your Linux accountinformation in LDAP. If you want to use a Samba BDC, all the user information will be transferred to the BDC when you replicate the LDAP database to the BDC. If you don't do this, you will have to synchronize the /etc/passwd files from the PDC to the BDC. I can recommend two books: LDAP System Administration by Gerald Carter Samba-3 By Example by John Terpstra Both are members of the Samba development team.