[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Samba-LDAP PDC



Eureka! It now works with but one exception.
I can't get it to add the machine automagically. It's the only doggone thing that doesn't work. The "add user script" works fine from the command line but will not function appropriately when passed through smb.conf.


Anyway, here is my add user script and my acls. The only thing I can figure is that my admin user (i.e. root) doesn't have the access to add a new machine. This seems kinda wierd though because I don't have trouble adding a user with directory-administrator.

ACLs are presented in order specified in the config files.
The names have been changed to protect my network's innocence. ;-)

From smb.conf:
add user script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u


slapd.access.conf looks like this:

> # This is a good place to put slapd access-control directives
> access to dn=".*,dc=microverse,dc=net" attr=userPassword
>      by dn="cn=root,dc=example,dc=com" write
>      by dn="cn=proxyuser,dc=example,dc=com" read
>      by self write
>      by * auth
>
> access to dn=".*,dc=example,dc=com" attr=mail
>      by dn="cn=root,dc=example,dc=com" write
>      by self write
>      by * read
>
> access to dn=".*,ou=People,dc=example,dc=com"
>      by * read
>
> access to dn=".*,dc=example,dc=com"
>      by self write
>      by * read


Below is where I think the problem might be. First off there is no user
"uid=root,ou=People,dc=example,dc=com" and ideally I would rather use a group than a user anyway. Anybody got a clue on how I can specify all users in such-and-such a group?


samba-slapd.include looks like this:

> # You should either include this file into your
> # /etc/openldap/slapd.conf, or add the contents (after editing), inside
> # the db definition your samba server will use.
>
>
> # Index the rid for samba:
> index   rid             eq
>
>
> # Basic samba acl:
> access to attrs=lmPassword,ntPassword
>         by dn="cn=root,dc=microverse,dc=net" write
>         by dn="uid=root,ou=People,dc=example,dc=com" write
>         by * none