Hi,
i've setup the samba environment like described in the wiki:
http://wiki.samba.org/index.php/Ldapsam_Editposix
I can now easily add windows user / machines when using the policies for
"Administrator".
I have also setup unix account session auth via libpam_ldap, libnss_ldap
like described here:
http://www.gentoo.org/doc/en/ldap-howto.xml
Some things i dont understand:
1. How is the unix password set for the windows users?
When i su <winusername> it is not accepting the win password.
I also tried editing the unix password via ldap-account-manager but also
with no luck.
Is a unix password set in general when creating new accounts?
With my unixuseraccounts migrated to ldap via migrationsscipt (the ones
used in the gentoo article) it is possible to su <username>.
2. How do I make a sambadomain user out of such a migrated unix user?
3. When creating accounts the user homes per default points to
/home/domainname/user. How can I change that?
Thanks for any reply/feedback for my configs
Gunnar
my smb.conf:
---
[global]
#pdc
netbios name = TIGGER
workgroup = th-domain
domain logons = yes
#path
logon home = \\%N\%U
logon path = \\%N\%U\.winprofile
#password
encrypt passwords = true
passdb backend = ldapsam
#ldap
ldap suffix = dc=th-domain,dc=lan
ldapsam:trusted = yes
ldapsam:editposix = yes
ldap admin dn = cn=admin,dc=th-domain,dc=lan
ldap delete dn = yes
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=peoples
ldap idmap suffix = ou=idmap
#idmap
idmap domains = th-domain
idmap config th-domain:backend = ldap
idmap config th-domain:readonly = no
idmap config th-domain:default = yes
idmap config th-domain:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
idmap config th-domain:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
idmap config th-domain:ldap_url = ldap://localhost
idmap config th-domain:range = 50000-500000
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
idmap alloc config:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
idmap alloc config:ldap_url = ldap://localhost
idmap alloc config:range = 50000-500000
#logging
log level = 1
---
my nsswitch/pam /etc/ldap.conf
---
ssl off
suffix "dc=th-domain,dc=lan"
uri ldap://localhost
pam_password exop
rootbinddn "cn=root,dc=th-domain,dc=lan"
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=peoples,dc=th-domain,dc=lan
nss_base_shadow ou=peoples,dc=th-domain,dc=lan
nss_base_group ou=groups,dc=th-domain,dc=lan
nss_base_hosts ou=hosts,dc=th-domain,dc=lan
scope one
----
