On Thu, 2004-09-16 at 12:46, rruegner wrote:
load printers = yes
printing = cups
printcap name = cups
is there a group ntadmin in ldap? usally it only in passwd
printer admin = @ntadmin
I haven't gotten round to doing anything with printing yet. I think
that's the next challenge.
see my parameters and compare
Well, I think I can actually spot something wrong with your config,
while discovering mine was never broken to the degree I thought!
You have the -a (add samba attributes) and -P (invoke smbldap-passwd)
switches to the adduser script, which seem unnecessary. The penny's
dropped and I've realised the scripts are only for taking care of
managing the posix account side of things - samba adds the samba
attributes to the LDAP record, so -a is not needed. Indeed, adding it
broke things for me as both script and samba try to add the same
attributes. -P doesn't seem needed either. I can add accounts perfectly
via usermgr.exe without these attributes.
I realised my sambaPwdMustChange value was being set two days ahead,
because that's set by default in the policy config part of usermgr.exe!
So, that was actually working fine, user error. Samba *doesn't* need to
run smbldap-passwd.pl for password changes at all. It will update the
samba related attributes itself, AND update the userPassword (posix)
field if you have ldap passwd sync = Yes set in smb.conf
So, basically, it was all working fine to begin with. Gah!
ldap ssl = no
makes no sense if you say ldap ssl no above
ldap ssl = start tls
Well, TLS is different to using old SSL as I understand it. TLS works
over usual port 389 while SSL is over 636. This much does work.
The 'net time' thing I mentioned before isn't a problem, I realised the
wrong time was being plucked from a random windows box on the network,
not the samba server :) Hurrah for caffine.
--
Dan
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
