On Thu, 2004-09-16 at 12:46, rruegner wrote: > > load printers = yes > > printing = cups > > printcap name = cups > is there a group ntadmin in ldap? usally it only in passwd > > printer admin = @ntadmin
I haven't gotten round to doing anything with printing yet. I think that's the next challenge. > see my parameters and compare Well, I think I can actually spot something wrong with your config, while discovering mine was never broken to the degree I thought! You have the -a (add samba attributes) and -P (invoke smbldap-passwd) switches to the adduser script, which seem unnecessary. The penny's dropped and I've realised the scripts are only for taking care of managing the posix account side of things - samba adds the samba attributes to the LDAP record, so -a is not needed. Indeed, adding it broke things for me as both script and samba try to add the same attributes. -P doesn't seem needed either. I can add accounts perfectly via usermgr.exe without these attributes. I realised my sambaPwdMustChange value was being set two days ahead, because that's set by default in the policy config part of usermgr.exe! So, that was actually working fine, user error. Samba *doesn't* need to run smbldap-passwd.pl for password changes at all. It will update the samba related attributes itself, AND update the userPassword (posix) field if you have "ldap passwd sync = Yes" set in smb.conf So, basically, it was all working fine to begin with. Gah! > > ldap ssl = no > makes no sense if you say ldap ssl no above > > ldap ssl = start tls Well, TLS is different to using old SSL as I understand it. TLS works over usual port 389 while SSL is over 636. This much does work. The 'net time' thing I mentioned before isn't a problem, I realised the wrong time was being plucked from a random windows box on the network, not the samba server :) Hurrah for caffine. -- Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba