you'll need to config samba to use your LDAP backend. in smb.conf
you'll need:
passdb backend = ldapsam:ldap://gomer.mdah.state.ms.us
ldap suffix = dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
idmap backend = ldap:ldap://gomer.mdah.state.ms.us
ldap passwd sync = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
winbind use default domain = false
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
and you can load your smbpasswd/tdbsam users with:
pdbedit --import=smbpasswd:/etc/samba/smbpasswd
--export=ldapsam:ldap://gomer.mdah.state.ms.us
and because the ldap passwd sync = yes, when your users do ctrl alt del
and click on change password, it should change it in LDAP for their unix
shell acct and their samba password that is in their LDAP dn.
read chapter 5 of the Samba-3 By Example PDF, it kind of explains
everything.
Eric Bouliane wrote:
We currently have an OpenLDAP server with many nodes authenticating to
it for various things. We have an existing server that is now using
LDAP to authenticate, but would like to have Samba in turn
authenticate to it. We've configured the smb.conf file accordingly and
can get this working.
Our dilemma is in adding the "Manage samba account parameters" plug-in
via the Yast User/Group modification. When doing this and attempting
to finish editing existing users, it errors out with "Change the
passwordto create the Samba account". We would like to prevent having
all of our LDAP users come to our desks to change the password
individually, is there a way to globally set this and use either
existing passwords within the samba/secrets.tdb file or those set
within LDAP already?
Cheers.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
