[Bug 1367] New attributes required by samba.

To: debian-edu@lists.debian.org
Subject: [Bug 1367] New attributes required by samba.
From: drift@skolelinux.org
Date: Thu, 13 Aug 2009 09:11:00 +0200
Message-id: <[🔎] E1MbUSi-0008V4-RF@maintainer.skolelinux.no>

http://bugs.skolelinux.org/show_bug.cgi?id=1367





------- Comment #3 from ronny@skolelinux.org  2009-08-13 09:11 -------
about the schema: 
samba 3.2 could use the old samba2 schema, but this requiered config file
changes. Or we could upgrade to the new samba3 schema, and gain the possibility
of new features. i opted for the second one, to keep in line with debian, gain
new features, and just keeping with the flow of development. [4]

about the ldap entries:
The effect i saw of NOT adding the ldap entries was that samba accounts
reported as expiered all the time. This seamd to be unrelated to what schema i
was using. When a user login on a windows computer, he got a notice that the
password is expiered, and he need to change it. 
I am not certain if the password in ldap was changed (in ldap) or not when he
tried chaning it. But trying to login again with the new password gave the same
result. 
iow: windows users could not login.

I found the requiered ldap entries by running openldap in debug mode. and the
samba documentation [1] described [2] their purpose. I also found useful info
in the samba+ldap howto [3]

as far as i know the changes came from upstream samba, as part of their work to
support AD PDC mode better. All the samba v3.2 + ldap howtos i have found [3]
uses these entries as well, so i assume they are needed. 

You are correct when stating that both upgrades and new users via lwat is a
problem. Luckily for lwat only changes to the config file /etc/lwat/admin.ini
is requiered. i added the line sambaPwdLastSet = 123456789 to all entries. All
this was explained to me by klausade.

Kind regards
Ronny Aasen


[1] http://www.samba.org/samba/docs/
[2]
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#attribobjclPartA
[3] http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
[4] http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#samba.schema.comments

Ronny Aasen


-- 
Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Reply to:

Prev by Date: [Bug 1367] New attributes required by samba.
Next by Date: [Bug 1367] New attributes required by samba.
Previous by thread: [Bug 1367] New attributes required by samba.
Next by thread: [Bug 1367] New attributes required by samba.
Index(es):
- Date
- Thread