Joining a Samba+LDAP Domain question
I have Samba with a LDAP backend. I have the following users in my LDAP:
dn: uid=Administrator,ou=People,dc=mydomain,dc=com cn: Administrator sn: Administrator uid: Administrator objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 512 uidNumber: 0 homeDirectory: /home/%U sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPrimaryGroupSID: S-1-5-21-504526975-3671300981-3734984268-512 sambaSID: S-1-5-21-504526975-3671300981-3734984268-500 loginShell: /bin/false gecos: Netbios Domain Administrator sambaLMPassword: xxx sambaAcctFlags: [U] sambaNTPassword: xxx sambaPwdLastSet: 1205460847 sambaPwdMustChange: 1209348847 userPassword:: xxx dn: uid=root,ou=People,dc=mydomain,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: root sn: root givenName: root uid: root uidNumber: 1002 gidNumber: 512 homeDirectory: /home/root loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: System User sambaSID: S-1-5-21-504526975-3671300981-3734984268-3004 sambaPrimaryGroupSID: S-1-5-21-504526975-3671300981-3734984268-512 sambaLMPassword: xxx sambaAcctFlags: [U] sambaNTPassword: xxx sambaPwdLastSet: 1205465156 sambaPwdMustChange: 1209353156 userPassword:: xxx My smbusers file: # Unix_name = SMB_name1 SMB_name2 ... root = Administrator admin nobody = guest pcguest smbguest I am able to join the domain as either root or Administrator, however, if root does not exist in LDAP I cannot join the domain as Administrator. I do not understand why this is. I thought Administrator maps to root, root is in my /etc/passwd file, and I do not want it in LDAP. |
The way I understand it is that all domain logons are looked up in LDAP. /etc/passwd is then used only for localhost logins (if configured to do so). Therefore the mapping in smbusers only applies to the LDAP accounts.
|
Yes that is true. I guess that makes sense. I guess what I was not understanding was, root is basically the only account that can add a domain member? It was just that for security reasons, I did not want my root account distributed.
Well thanks for the reply. |
All times are GMT -5. The time now is 08:57 AM. |