Ok, I'm trying to wrangle this under control with this setup I've inherited and have run across a few speed bumps. Here's the state of things as is.
I've made a few changes to the setup thinking that I've fixed an issue or two and have in fact only confused myself and possibly my configuration. The downside is that I don't know a few key passwords that was used in the original setup. (yay no overlap with my predecessor).
I have a samba server acting as my PDC with an LDAP server used for authentication. Question #1: the password contained within the LDAP directory for my 'admin' account should = the 'rootpw' entry in slapd.conf correct?
Question #2: the 'ldap admin dn' entry in my smb.conf file should equal the 'rootdn' entry in my slapd.conf file, afterwhich, this should be updated to samba using smbpasswd -w correct?
Question #3: the 'admin users' entry within the smb.conf are the users that allow access to the domain correct?
Currently, what I'm working with here is that I don't know the 'admin, samba or the samba-admin' passwords. The samba-admin account is just an LDAP admin account but Not the root account. This should be fixed to the above question 2 yes? I would like to change all of these passwords but am fearful that I could make things worse.
Also, regarding the components on my network (machines specifically), will there be an issue if I change the 'samba' account (domain account) password with their ability to connect to the domain?
Thank you in advance for any help and advice!
The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
Terry Haley wrote:
I have a samba server acting as my PDC with an LDAP server used for authentication. Question #1: the password contained within the LDAP directory for my 'admin' account should = the 'rootpw' entry in slapd.conf correct?
I would create an extra service account for the Samba server and assign appropriate ACLs. The rootdn circumvents all ACLs. Therefore in production no LDAP client should use the rootdn as bind-DN.
Question #2: the 'ldap admin dn' entry in my smb.conf file should equal the 'rootdn' entry in my slapd.conf file, afterwhich, this should be updated to samba using smbpasswd -w correct?
???
Isn't smbpasswd -w just for using this tool non-interactively?
Question #3: the 'admin users' entry within the smb.conf are the users that allow access to the domain correct?
This is a pure Samba question not related to the LDAP backend. Read smb.conf(5). IMHO it's pretty clear in this regard.
Ciao, Michael.
All your questions are covered in Chapter 5 of the Samba Guide available at http://www.samba.org
Gavin.
On 29/12/2008, Terry Haley terry_haley@dfci.harvard.edu wrote:
Ok, I'm trying to wrangle this under control with this setup I've inherited and have run across a few speed bumps. Here's the state of things as is.
I've made a few changes to the setup thinking that I've fixed an issue or two and have in fact only confused myself and possibly my configuration. The downside is that I don't know a few key passwords that was used in the original setup. (yay no overlap with my predecessor).
I have a samba server acting as my PDC with an LDAP server used for authentication. Question #1: the password contained within the LDAP directory for my 'admin' account should = the 'rootpw' entry in slapd.conf correct?
Question #2: the 'ldap admin dn' entry in my smb.conf file should equal the 'rootdn' entry in my slapd.conf file, afterwhich, this should be updated to samba using smbpasswd -w correct?
Question #3: the 'admin users' entry within the smb.conf are the users that allow access to the domain correct?
Currently, what I'm working with here is that I don't know the 'admin, samba or the samba-admin' passwords. The samba-admin account is just an LDAP admin account but Not the root account. This should be fixed to the above question 2 yes? I would like to change all of these passwords but am fearful that I could make things worse.
Also, regarding the components on my network (machines specifically), will there be an issue if I change the 'samba' account (domain account) password with their ability to connect to the domain?
Thank you in advance for any help and advice!
The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
On Tuesday 30 December 2008 03:28:32 Gavin Henry wrote:
All your questions are covered in Chapter 5 of the Samba Guide available at http://www.samba.org
and a good howto "The Linux Samba-OpenLDAP Howto": http://download.gna.org/smbldap-tools/docs/samba-ldap-howto/
Gavin.
On 29/12/2008, Terry Haley terry_haley@dfci.harvard.edu wrote:
Ok, I'm trying to wrangle this under control with this setup I've inherited and have run across a few speed bumps. Here's the state of things as is.
I've made a few changes to the setup thinking that I've fixed an issue or two and have in fact only confused myself and possibly my configuration. The downside is that I don't know a few key passwords that was used in the original setup. (yay no overlap with my predecessor).
I have a samba server acting as my PDC with an LDAP server used for authentication. Question #1: the password contained within the LDAP directory for my 'admin' account should = the 'rootpw' entry in slapd.conf correct?
Question #2: the 'ldap admin dn' entry in my smb.conf file should equal the 'rootdn' entry in my slapd.conf file, afterwhich, this should be updated to samba using smbpasswd -w correct?
Question #3: the 'admin users' entry within the smb.conf are the users that allow access to the domain correct?
Currently, what I'm working with here is that I don't know the 'admin, samba or the samba-admin' passwords. The samba-admin account is just an LDAP admin account but Not the root account. This should be fixed to the above question 2 yes? I would like to change all of these passwords but am fearful that I could make things worse.
Also, regarding the components on my network (machines specifically), will there be an issue if I change the 'samba' account (domain account) password with their ability to connect to the domain?
Thank you in advance for any help and advice!
The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
openldap-technical@openldap.org
-
Gavin Henry -
Jorge Armando Medina -
Michael Ströder -
Terry Haley