The SAMBA-LDAP-PDC Howto

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

Revision : 1.24

dn: uid=testsmbuser2,ou=Users,dc=IDEALX,dc=ORG
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaAccount
cn: testsmbuser2
uid: testsmbuser2
uidNumber: 1006
gidNumber: 100
loginShell: /bin/bash
gecos: user-test-2
description: user-test-2
pwdLastSet: 0
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
displayName: user-test-2
acctFlags: [UX
]
rid: 3ee
primaryGroupID: 64
smbHome: \\PDC-SRV\homes
scriptPath: scripts.cmd
lmPassword: 17B4D4AEABF1D7A4AAD3B435B51404EE
ntPassword: 51831BDA51454AECB5D924D0DD12DF8F
userPassword: {SSHA}MhVyay/iN3mxD4y9ELVVQAMT55mu2F0a
homeDirectory: /home/testsmbuser2
homeDrive: J:
profilePath: \\PDC-SRV\profiles\testsmbuser2

TODO: explain the LDIF, present attribute types (from schema) and explain them. Here
follow a kick explanation about the attributes used:
8.1.1

uid/rid

Samba uses the following calculations:
userrid = 2 × uidNumber + 1000 grouprid = 2 × gidNumber + 1001
excepted for well-known user rids.
As of Samba 2.2.4, the following holds true:
• the only well-known user rids are DOMAIN USER RID ADMIN (0x1F4) and DOMAIN USER RID GUEST
(0x1F5);
• user and group rids must be given in hexadecimal in LDAP.
However, the rids were written in decimal in LDAP. So at least 2.2.3-pre, Samba do not read
them as hexadecimal anymore. The default behaviour of smbldap-useradd.pl as of 20011218
is to use the above calculations and store the rids in decimal.
8.1.2

acctFlags

TODO : explain acctFlags and their usage.
page 21/56