The SAMBA-LDAP-PDC Howto

10

Revision : 1.24

Computer management

To manage computer accounts, we’ll use the following scripts (from smbldap-tools) :
• smbldap-useradd.pl : to add a new computer
• smbldap-userdel.pl : to delete an existing computer
• smbldap-usermod.pl : to modify an existing computer data
Computer accounts are sambaAccounts objects, just like Samba user accounts are.

10.1

A LDAP view

Here’s a LDAP view of a Samba computer account :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

dn: uid=testhost3$,ou=Computers,dc=IDEALX,dc=ORG
objectClass: top
objectClass: posixAccount
objectClass: sambaAccount
cn: testhost3$
gidNumber: 100
homeDirectory: /dev/null
loginShell: /bin/false
uid: testhost3$
uidNumber: 1005
pwdLastSet: 0
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
smbHome: \\%N\nobody
profilePath: \\%N\nobody\profile
description: Computer
rid: 0
primaryGroupID: 0
lmPassword: 7582BF7F733351347D485E46C8E6306E
ntPassword: 7582BF7F733351347D485E46C8E6306E
acctFlags: [W
]

25

TODO: explain the LDIF, present attribute types (from schema) and explain them.

10.2

Tools

To manipulate computer accounts, we’ve developped a collection of PERL scripts named
smbldap-tools: they provide all the tools you need to manage user and groups accounts, in
a LDAP directory.
In this Howto, we have used the following tools to manage user accounts :
• smbldap-useradd.pl : to add an computer account, using -w option,
page 28/56