Results 1 to 2 of 2

Thread: Questions about samba and LDAP

  1. #1
    Join Date
    Jun 2008
    Location
    Managua, Nicaragua
    Posts
    419

    Default Questions about samba and LDAP

    I have a few questions about integrating samba and ldap using yast following this guide Integrating LDAP and Samba using openSUSE


    1) what problem are expected if the Certificate doesn`t has the exact hostname of the server?

    2) the group mapping is the same like when using the tdbsam backend?

    3) is it necessary to execute the command smbpasswd -w password to register the ldap password in the secrets files?

    4) is it necessary to join the PDC server to his own domain?

    5) if I enable password policy in LDAP server, and check maximum password days to 30 and enable account block after x failed attemps, where can I check last days to reset password for an account and enable the account in the case the user block it with failed attemps? is there any other option to make this work with samba?

    thanks

  2. #2
    Join Date
    Jun 2008
    Location
    Managua, Nicaragua
    Posts
    419

    Default Re: Questions about samba and LDAP

    Code:
    1) what problem are expected if the Certificate doesn`t has the exact hostname of the server?

    warning errors

    Code:
    2) the group mapping is the same like when using the tdbsam backend?
    yes

    Code:
    3) is it necessary to execute the command smbpasswd -w password to register the ldap password in the secrets files?
    No, but you have to do it if you change the ldap administrator password

    Code:
    4) is it necessary to join the PDC server to his own domain?
    No

    Code:
    5) if I enable password policy in LDAP server, and check maximum password days to 30 and enable account block after x failed attemps, where can I check last days to reset password for an account and enable the account in the case the user block it with failed attemps? is there any other option to make this work with samba?

    I still have this question, I have enabled the password policies in the ldap server but these doesn`t work, I have enabled the blockout policy and tried to intencionally block an account and it doesn`t work if I run the pdbedit -L -v command I get this output


    Code:
    Unix username:        jperez
    NT username:          jperez
    Account Flags:        [U          ]
    User SID:             S-1-5-21-3397218990-2589311563-743726965-21008
    Primary Group SID:    S-1-5-21-3397218990-2589311563-743726965-513
    Full Name:            Juan Perez
    Home Directory:
    HomeDir Drive:        P:
    Logon Script:
    Profile Path:
    Domain:               SIENIC
    Account desc:
    Workstations:
    Munged dial:
    Logon time:           0
    Logoff time:          never
    Kickoff time:         never
    Password last set:    sb, 17 oct 2009 12:01:54 CST
    Password can change:  sb, 17 oct 2009 12:01:54 CST
    Password must change: never
    Last bad password   : 0
    Bad password count  : 0
    Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    I have selected the dn for the security policy in the user configuration, but I think it must apply to all users at once.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •