Questions about samba and LDAP

Easgs · October 10, 2009, 7:01pm

I have a few questions about integrating samba and ldap using yast following this guide Integrating LDAP and Samba using openSUSE

what problem are expected if the Certificate doesn`t has the exact hostname of the server?
the group mapping is the same like when using the tdbsam backend?
is it necessary to execute the command smbpasswd -w password to register the ldap password in the secrets files?
is it necessary to join the PDC server to his own domain?
if I enable password policy in LDAP server, and check maximum password days to 30 and enable account block after x failed attemps, where can I check last days to reset password for an account and enable the account in the case the user block it with failed attemps? is there any other option to make this work with samba?

thanks

Easgs · October 19, 2009, 11:48pm



1) what problem are expected if the Certificate doesn`t has the exact hostname of the server?

warning errors


2) the group mapping is the same like when using the tdbsam backend?

yes


3) is it necessary to execute the command smbpasswd -w password to register the ldap password in the secrets files?

No, but you have to do it if you change the ldap administrator password


4) is it necessary to join the PDC server to his own domain?

No


5) if I enable password policy in LDAP server, and check maximum password days to 30 and enable account block after x failed attemps, where can I check last days to reset password for an account and enable the account in the case the user block it with failed attemps? is there any other option to make this work with samba?

I still have this question, I have enabled the password policies in the ldap server but these doesnt work, I have enabled the blockout policy and tried to intencionally block an account and it doesnt work if I run the pdbedit -L -v command I get this output


Unix username:        jperez
NT username:          jperez
Account Flags:        
User SID:             S-1-5-21-3397218990-2589311563-743726965-21008
Primary Group SID:    S-1-5-21-3397218990-2589311563-743726965-513
Full Name:            Juan Perez
Home Directory:
HomeDir Drive:        P:
Logon Script:
Profile Path:
Domain:               SIENIC
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    sáb, 17 oct 2009 12:01:54 CST
Password can change:  sáb, 17 oct 2009 12:01:54 CST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

I have selected the dn for the security policy in the user configuration, but I think it must apply to all users at once.