I'm playing around with samba + LDAP in a test environment. In LDAP
root doesn't have a SambaSID:, but root does have a User SID: in
pdbedit. Do I need to set the SambaSID in LDAP for the user root, or
does it not matter? If so, how? I tried smbpasswd -a, smbldap-useradd,
and smbldap-passwd -a and none worked. But I can load the SambaSID in
by hand with ldapmodify if I need to. I can log into my domain as root
ok however.
[root@gomer samba]# pdbedit -U
S-1-5-21-2139886109-2393431639-217723040-1000 root
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=ADAMSTEST))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=ADAMSTEST))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
init_sam_from_ldap: Entry found for user: root
init_ldap_from_sam: Setting entry for user: root
ldapsam_update_sam_account: successfully modified uid = root in the LDAP
database
init_sam_from_ldap: Entry found for user: root
Unix username: root
NT username: root
Account Flags: [U ]
User SID: S-1-5-21-2139886109-2393431639-217723040-1000
init_group_from_ldap: Entry found for group: 0
init_group_from_ldap: Entry found for group: 0
Primary Group SID: S-1-5-21-2139886109-2393431639-217723040-1005
Full Name: root
Home Directory: \\GOMER\homes\root
HomeDir Drive: r:
Logon Script: scripts\logon.bat
Profile Path: \\GOMER\profiles\root
Domain: ADAMSTEST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Fri, 11 Jan 2008 12:03:50 CST
Password can change: Fri, 11 Jan 2008 12:03:50 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@gomer samba]# ldapsearch -D
'cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us' -b
"uid=root,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxxxx
-x
# extended LDIF
#
# LDAPv3
# base <uid=root,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us> with
scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# root, People, gomer.mdah.state.ms.us
dn: uid=root,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
uid: root
cn: root
sn: root
mail: root@dc=mdah,dc=state,dc=ms,dc=us
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxx
shadowLastChange: 13704
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
