LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Joining a Samba+LDAP Domain question (https://www.linuxquestions.org/questions/linux-networking-3/joining-a-samba-ldap-domain-question-628803/)

wslyhbb 03-17-2008 08:01 PM
Joining a Samba+LDAP Domain question
 
I have Samba with a LDAP backend. I have the following users in my LDAP:
dn: uid=Administrator,ou=People,dc=mydomain,dc=com
cn: Administrator
sn: Administrator
uid: Administrator
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 512
uidNumber: 0
homeDirectory: /home/%U
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPrimaryGroupSID: S-1-5-21-504526975-3671300981-3734984268-512
sambaSID: S-1-5-21-504526975-3671300981-3734984268-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaLMPassword: xxx
sambaAcctFlags: [U]
sambaNTPassword: xxx
sambaPwdLastSet: 1205460847
sambaPwdMustChange: 1209348847
userPassword:: xxx

dn: uid=root,ou=People,dc=mydomain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: root
sn: root
givenName: root
uid: root
uidNumber: 1002
gidNumber: 512
homeDirectory: /home/root
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-504526975-3671300981-3734984268-3004
sambaPrimaryGroupSID: S-1-5-21-504526975-3671300981-3734984268-512
sambaLMPassword: xxx
sambaAcctFlags: [U]
sambaNTPassword: xxx
sambaPwdLastSet: 1205465156
sambaPwdMustChange: 1209353156
userPassword:: xxx

My smbusers file:
# Unix_name = SMB_name1 SMB_name2 ...
root = Administrator admin
nobody = guest pcguest smbguest

I am able to join the domain as either root or Administrator, however, if root does not exist in LDAP I cannot join the domain as Administrator. I do not understand why this is. I thought Administrator maps to root, root is in my /etc/passwd file, and I do not want it in LDAP.

iamwilliam 03-18-2008 10:47 AM
The way I understand it is that all domain logons are looked up in LDAP. /etc/passwd is then used only for localhost logins (if configured to do so). Therefore the mapping in smbusers only applies to the LDAP accounts.

wslyhbb 03-18-2008 12:55 PM
Yes that is true. I guess that makes sense. I guess what I was not understanding was, root is basically the only account that can add a domain member? It was just that for security reasons, I did not want my root account distributed.

Well thanks for the reply.


All times are GMT -5. The time now is 08:57 AM.