LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 07-23-2007, 09:33 AM   #1
yuri_d
LQ Newbie
 
Registered: Mar 2006
Posts: 26

Rep: Reputation: 15
Samba, LDAP, do I need smbpasswd to create users?


I seem to have done a working setup of the subj.
I only use posixAccount class for creating users and thus avoiding all the mess with winbind, rid-uid mapping etc. Way to go.

I use phpldapadmin to manage ldap - very convenient
Still some minor problems...

Can anyone please advise, do I still need to "smbpasswd -a %u" new users? Or does phpldapadmin do everything required to add users/change passwords?
 
Old 07-24-2007, 06:16 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Look at your /etc/samba/smb.conf to determine what backend that samba uses for storing usernames and passwords.

What is the authentication source of the server itself.

Look in the /etc/nsswitch.conf file. What does the line starting with "passwd:" show?
Also look at the PAM config files and the files in /etc/security/. You could be using samba or ldap as the authentication source.

The samba or samba-doc package will supply 3 or 4 books, including "Samba 3 by Example" and the "Samba 3 Howto and Reference Guide". The first has some sample ldap based configurations. The latter will explain the various password backends in more detail. Your php scripts may be doing the same thing as the perl or python scripts in their examples. If you have a server that is a domain controller or a member of a domain, then there will be mapping between unix and windows IDs but the server may not be using smbpasswd or /etc/passwd for authenticating users. This is probably handled on the fly by your php scripts.

Last edited by jschiwal; 07-24-2007 at 06:25 PM.
 
Old 07-25-2007, 07:46 AM   #3
yuri_d
LQ Newbie
 
Registered: Mar 2006
Posts: 26

Original Poster
Rep: Reputation: 15
Thanks for hints, got it going somehow.

The main problem was in the original design. Samba schema needs sids and rids and posix only autentication does not work with Samba+LDAP with Ldap system authentication.

smbldap-installer gives a good starting config (with an error in ACL?) which can be corrected:

Quote:
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by dn="cn=admin,dc=nomis52,dc=net" write
by anonymous auth
by self write
by * none
smbpasswd is not required (it seems, not 100% sure).
Used with LDAP Admin for windows:
http://ldapadmin.sourceforge.net/
Home directories can be created with adding line to [homes] section in smb.conf:

root preexec = [ ! -e /home/%U ] && { /bin/cp -a /etc/skel /home/%U; /bin/chown -R %U."%G" /home/%U; }

Still a weird feature remains:
If i su to root i stop seeing ldap accounts with 'id $user' or 'getent passwd'. Initial login user can see them. It only affects subshells. It has no effect on functionality but is still bugging me.

Any ideas?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
adding users using smbpasswd, or synchronise passwd/smbpasswd gyodai Linux - Networking 2 03-11-2009 02:47 PM
Samba: Users can read, create folder, nothing else gt_swagger Linux - Server 1 02-20-2007 04:52 PM
smbpasswd won't create new passwords demerson3 Linux - Networking 0 02-13-2005 08:02 PM
Create users in Samba br_sriram Linux - Software 2 09-24-2004 11:49 AM
I get this error when trying to add users('smbpasswd -a XXX'). lostboy Linux - General 7 05-02-2003 06:34 PM


All times are GMT -5. The time now is 02:57 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration