[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Samba machine object in LDAP (smbldap-tools vs. ldapsam:editposix)

Hi Alejandro,

I have looked at automagic Samba machine creation in Debian Edu squeeze more closely and I have compared two different methods: using smbldap-tools or using Samba itself with samba options ldapsam:trusted = yes and ldapsam:editposix=yes (in combination with windbind for id allocation).

I currently have ldapsam:trusted/ldapsam:editposix working, but GOsa complains about the objects being created when editing the objects (it moans when clicking on the [ Save ] button after editing):

# TEST-VM-WINXP$, winstations, systems, Computers, skole.skolelinux.no
dn: uid=TEST-VM-WINXP$,ou=winstations,ou=systems,ou=Computers,dc=skole,dc=skol
sambaSID: S-1-5-21-4199393816-2655555220-888217501-1016
sambaAcctFlags: [W          ]
uidNumber: 20019
gidNumber: 513
homeDirectory: /home/SCHULE/SMB_workstations_home
loginShell: /bin/false
sambaPwdLastSet: 1314220476
macAddress: 52:54:00:3c:d8:bd
objectClass: account
objectClass: gotoWorkstation
objectClass: ieee802Device
objectClass: ipHost
objectClass: posixAccount
objectClass: sambaSamAccount

I have other machine account objects that I migrated from an old ARKTUR server, these look like this:

# CR1-01$, winstations, systems, CR01, Computers, skole.skolelinux.no
dn: uid=CR1-01$,ou=winstations,ou=systems,ou=CR01,ou=Computers,dc=skole,dc=sko
macAddress: aa:bb:cc:dd:ee:ff
uidNumber: 11016
gidNumber: 10006
homeDirectory: /dev/null
gecos: Windows-Maschinen-Account
sn: Windows-Maschine
loginShell: /bin/false
sambaSID: S-1-5-21-4199393816-2655555220-888217501-23032
sambaPrimaryGroupSID: S-1-5-21-4199393816-2655555220-888217501-10006
displayName: Windows-Maschinenaccount cr1-01
sambaPwdMustChange: 2147483647
sambaAcctFlags: [W ]
sambaPwdCanChange: 1112274625
sambaPwdLastSet: 1112274625
description: (ungenutzt)
objectClass: top
objectClass: inetOrgPerson
objectClass: ieee802Device
objectClass: ipHost
objectClass: posixAccount
objectClass: sambaSamAccount
objectClass: gotoWorkstation
objectClass: person
objectClass: organizationalPerson
objectClass: gosaAccount
objectClass: shadowAccount
uid: CR1-01$
cn: CR1-01$

These object work fine, but it is not an option to post-edit all machine accounts with ldapvi after they have been added by Samba.

Question (a):

Is any of the LDAP objects above correct? Or do they miss anythin???

Question (b):

Could you send an optimal Samba machine account object?

Question (c):

Do you have any idea for a generic way of adapting GOsa and/or Samba (ldapsam:editposix) in a way that both like each other???



mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de


Attachment: pgpd_pZkZvfdn.pgp
Description: Digitale PGP-Unterschrift

Reply to: