1:51 p.m.
Ok, I'm trying to wrangle this under control with this setup I've
inherited and have run across a few speed bumps. Here's the state of
things as is.
I've made a few changes to the setup thinking that I've fixed an issue
or two and have in fact only confused myself and possibly my
configuration. The downside is that I don't know a few key passwords
that was used in the original setup. (yay no overlap with my
predecessor).
I have a samba server acting as my PDC with an LDAP server used for
authentication. Question #1: the password contained within the LDAP
directory for my 'admin' account should = the 'rootpw' entry in
slapd.conf correct?
Question #2: the 'ldap admin dn' entry in my smb.conf file should
equal the 'rootdn' entry in my slapd.conf file, afterwhich, this
should be updated to samba using smbpasswd -w correct?
Question #3: the 'admin users' entry within the smb.conf are the users
that allow access to the domain correct?
Currently, what I'm working with here is that I don't know the 'admin,
samba or the samba-admin' passwords. The samba-admin account is just
an LDAP admin account but Not the root account. This should be fixed
to the above question 2 yes? I would like to change all of these
passwords but am fearful that I could make things worse.
Also, regarding the components on my network (machines specifically),
will there be an issue if I change the 'samba' account (domain
account) password with their ability to connect to the domain?
Thank you in advance for any help and advice!
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
1:17 a.m.
Terry Haley wrote:
I have a samba server acting as my PDC with an LDAP server used for
authentication. Question #1: the password contained within the LDAP
directory for my 'admin' account should = the 'rootpw' entry in
slapd.conf correct?
I would create an extra service account for the Samba server and assign
appropriate ACLs. The rootdn circumvents all ACLs. Therefore in
production no LDAP client should use the rootdn as bind-DN.
Question #2: the 'ldap admin dn' entry in my smb.conf file
should equal
the 'rootdn' entry in my slapd.conf file, afterwhich, this should be
updated to samba using smbpasswd -w correct?
???
Isn't smbpasswd -w just for using this tool non-interactively?
Question #3: the 'admin users' entry within the smb.conf are the users
that allow access to the domain correct?
This is a pure Samba question not related to the LDAP backend. Read
smb.conf(5). IMHO it's pretty clear in this regard.
Ciao, Michael.
1:28 a.m.
All your questions are covered in Chapter 5 of the Samba Guide
available at http://www.samba.org
Gavin.
On 29/12/2008, Terry Haley <terry_haley(a)dfci.harvard.edu> wrote:
Ok, I'm trying to wrangle this under control with this setup
I've
inherited and have run across a few speed bumps. Here's the state of
things as is.
I've made a few changes to the setup thinking that I've fixed an issue
or two and have in fact only confused myself and possibly my
configuration. The downside is that I don't know a few key passwords
that was used in the original setup. (yay no overlap with my
predecessor).
I have a samba server acting as my PDC with an LDAP server used for
authentication. Question #1: the password contained within the LDAP
directory for my 'admin' account should = the 'rootpw' entry in
slapd.conf correct?
Question #2: the 'ldap admin dn' entry in my smb.conf file should
equal the 'rootdn' entry in my slapd.conf file, afterwhich, this
should be updated to samba using smbpasswd -w correct?
Question #3: the 'admin users' entry within the smb.conf are the users
that allow access to the domain correct?
Currently, what I'm working with here is that I don't know the 'admin,
samba or the samba-admin' passwords. The samba-admin account is just
an LDAP admin account but Not the root account. This should be fixed
to the above question 2 yes? I would like to change all of these
passwords but am fearful that I could make things worse.
Also, regarding the components on my network (machines specifically),
will there be an issue if I change the 'samba' account (domain
account) password with their ability to connect to the domain?
Thank you in advance for any help and advice!
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the
e-mail
contains patient information, please contact the Partners Compliance
HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in
error
but does not contain patient information, please contact the sender and
properly
dispose of the e-mail.
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
3:16 p.m.
On Tuesday 30 December 2008 03:28:32 Gavin Henry wrote:
All your questions are covered in Chapter 5 of the Samba Guide
available at http://www.samba.org
and a good howto "The Linux Samba-OpenLDAP Howto":
http://download.gna.org/smbldap-tools/docs/samba-ldap-howto/
Gavin.
On 29/12/2008, Terry Haley <terry_haley(a)dfci.harvard.edu> wrote:
> Ok, I'm trying to wrangle this under control with this setup I've
> inherited and have run across a few speed bumps. Here's the state of
> things as is.
>
> I've made a few changes to the setup thinking that I've fixed an issue
> or two and have in fact only confused myself and possibly my
> configuration. The downside is that I don't know a few key passwords
> that was used in the original setup. (yay no overlap with my
> predecessor).
>
> I have a samba server acting as my PDC with an LDAP server used for
> authentication. Question #1: the password contained within the LDAP
> directory for my 'admin' account should = the 'rootpw' entry in
> slapd.conf correct?
>
> Question #2: the 'ldap admin dn' entry in my smb.conf file should
> equal the 'rootdn' entry in my slapd.conf file, afterwhich, this
> should be updated to samba using smbpasswd -w correct?
>
> Question #3: the 'admin users' entry within the smb.conf are the users
> that allow access to the domain correct?
>
> Currently, what I'm working with here is that I don't know the 'admin,
> samba or the samba-admin' passwords. The samba-admin account is just
> an LDAP admin account but Not the root account. This should be fixed
> to the above question 2 yes? I would like to change all of these
> passwords but am fearful that I could make things worse.
>
> Also, regarding the components on my network (machines specifically),
> will there be an issue if I change the 'samba' account (domain
> account) password with their ability to connect to the domain?
>
> Thank you in advance for any help and advice!
>
>
> The information in this e-mail is intended only for the person to whom it
> is addressed. If you believe this e-mail was sent to you in error and the
> e-mail
> contains patient information, please contact the Partners Compliance
> HelpLine at
> http://www.partners.org/complianceline . If the e-mail was sent to you in
> error
> but does not contain patient information, please contact the sender and
> properly
> dispose of the e-mail.
--
Jorge Armando Medina
Computación Gráfica de México
Web: www.e-compugraf.com
Tel: 55 51 40 72
email: jmedina(a)e-compugraf.com
GPG Key: 1024D/28E40632 2007-07-26
GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632
5382
days inactive
5383
days old
openldap-technical@openldap.org
3 comments
4 participants
participants (4)
-
Gavin Henry -
Jorge Armando Medina -
Michael Ströder -
Terry Haley