[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: export account profile from file to ldap


On Thu, Mar 28, 2002 at 12:51:30PM -0600, José A. Guzmán wrote:
> On Mon, Mar 25, 2002 at 09:46:49AM -0600, Georg Lehner wrote:
> > as I found they harmed
> > use of ldap in nsswitch and samba-ldap autentication (but I may be
> > wrong). 
>  How come?
>  I've used them to migrate  passwd/shadow into LDAP with no problems 
>  at all.

To be more specific and exact, the problems encountered have nothing
to do with libpam-smb or libpam-ldap.

I use samba recompiled from the Debian-Source Package (about two
months ago), Version 2.2.2debian-2 but with the LDAP-support compile
switches on.

To create a user account I do the following:

  1) Create a unix account "x" on a main server
  2) port it to LDAP
  3) do smbpasswd "x"

smbpasswd (this is the LDAP-modified version), fails, when it
encounters for example an "objectClass=mailRecipient" attribute in the
recently created LDAP entry.

It simply does not find the user in the LDAP database.

the migration tools are very generous on creating aditional attributes
like kerberos name, mailname, Internet org person and the like.

I suppose that if my slapd - server does not include the corresponding
Schemes, there can be trouble in retreiving the information correctly,
but never digged really into the problem.

In my modified migration script I cut out what seemed "disturbing" the
process, although today in the morning I stumbled again over the
"mailRecipient" with a new account.

Samba and LDAP allows me to overlap Windows NT Domain accounts with
Unix accounts (shared by autofs) on the whole network.  Only problem
remaining is password migration between the different aproaches, which
I had intented to solve by using the NT (samba) password for
unix-autentication via libpam-smb.  BUT I do not like it really,
shadow seems more secure to me.

Best Regards,


To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: