Stéphane, The book "Samba-3 by Example" is being reprinted very soon. Up to date builds of the PDF are available on the Samba web site daily. This document can be downloaded from:
http://www.samba.org/samba/docs/Samba-Guide.pdf In chapter 5 I have fully documented how Samba-3 can be deployed with LDAP and using the smbldap-tools. It works perfectly for me and in many sites that have given me feedback that it works. Over the past two months I have received and applied about 40 suggestions for improvement. Every report that it does not work has been resolved, but given all of this I am 100% certain that there are still bugs in there. I would greatly appreciate if you could test-drive this chapter and report back any bugs or problems you come across. I will personally work with you to resolve any issues that you may find. Your claim below that there has been no reaction from the Samba Team is wrong. A number of us have worked with Jerome Tournier, that has resulted in the 0.9.0 release of the smbldap-tools. We do not make a practice of ignoring our uses. I have been working on updating our documentation also as a result of feedback an dbug reports. You have never been ignored. The smbldap-tools should be configured to handle only the POSIX part of LDAP based accounts. Samba should handle all the sambaSAM components. Please review chapter 5 and give me your feedback. I am anxious to fix any problem you may have. Cheers, John T. On Thursday 26 May 2005 09:12, [EMAIL PROTECTED] wrote: > Ok, > > I re-read the script and the sambasamaccount is only added with -i option. > > My position is : > - I asked the problem in 2004, I a put a BUG. For some reasons, no > reaction from samba team for this problem. > - My solution is modify the smbldap-script for add sambasamaccount > and add a machine on two step, it's work (until today) > > add theses lines after the > if (defined($Options{'i'})) { > > > ... > > } > > if (defined($Options{'w'})) { > # For machine account > # Objectclass sambaSAMAccount must be added now ! > > my $date=time; > my $modify = $ldap_master->modify ( > "uid=$userName,$config{computersdn}", > changes => [ > replace => [objectClass > => ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']], > add => [sambaLogonTime > => '0'], > add => [sambaLogoffTime > => '2147483647'], > add => > [sambaKickoffTime => '2147483647'], > add => > [sambaPwdCanChange => '0'], > add => > [sambaPwdMustChange => '2147483647'], > add => [sambaPwdLastSet > => "$date"], > add => [sambaAcctFlags > => '[W ]'], > add => [sambaSID => > "$user_sid"], > add => > [sambaPrimaryGroupSID => "$config{SID}-515"] > ] > ); > > $modify->code && die "failed to add entry: ", $modify->error ; > } > > ask me if problem, I cannot add machine today, but if you can test for me I > appreciate. > > thanks > > > Stéphane Purnelle > > ----------------------------------- > Stéphane PURNELLE [EMAIL PROTECTED] > Service Informatique Corman S.A. Tel : 00 32 087/342467 > > [EMAIL PROTECTED] a écrit > > sur 26/05/2005 16:57:49 : > > [EMAIL PROTECTED] wrote: > > > I forgot some details. > > > the script add the sambasamaccount. > > > could you send me the smbldap-useradd script for see what version you > > use ? > > > > some smbldap script not add the sambasamaccount, because normally samba > > > must add it (and is this part which don't work). > > > the last version seems to add the sambasamaccount attributes and old > > > version too. > > > > Ah! smbldap-useradd in 0.8.7 certainly does not seem to add the > > sambasamaccount attributes. I just downloaded the latest 0.9.0 and that > > doesn't seem to either. Not with -w, which as i understand it is the way > > it should be used. -w just makes the posixaccount and expects samba to > > do the rest... > > > > # MACHINE ACCOUNT > > if (defined($Options{'w'}) or defined($Options{'i'})) { > > > > #print "About to create machine $userName:\n"; > > > > if (!add_posix_machine > > ($userName,$userUidNumber,$userGidNumber,$Options{'t'})) { > > die "$0: error while adding posix account\n"; > > } > > > > if (defined($Options{'i'})) { > > ... > > } > > > > $ldap_master->unbind; > > exit 0; > > } > > > > Should the add machine script set up the samba attributes? It seems a > > bit mad. Surely samba should be finding that the user exists but doesn't > > have the samba attributes and then it should modify the user? That's > > what the code in my original post appears to be trying to do... > > > > John -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba