Samba integration / adding more objectClasses

Wed Aug 20 19:54:31 CEST 2008

Alain Spineux wrote:
> On Wed, Aug 20, 2008 at 8:43 AM, Albrecht Dreß
> <albrecht.dress at lios-tech.com> wrote:
>   
>> Dear Christian:
>>
>> Am 20.08.2008 05:53:56 schrieb(en) Christian Tardif:
>>     
>>> I'm working on it. Actually, I can see that the new objects are not sent
>>> to the add function. Here is a dump just after all objects are populated:
>>>       
>> I at least partly solved the issue!  If you have a look at the attached
>> patch, the user.php script now does the following:
>>
>> - populate the LDAP entry with the basic Samba stuff when a user is added;
>> - auto-select the first free POSIX UID, starting with 2000.  I also use this
>> to create the Samba SID, which may actually be wrong (see below);
>> - auto-assignment of the default group and Samba primary group (again, see
>> below);
>> - call cracklib when the user tries to change h(is|er) password, as to
>> reject weak ones (I think there is also a php class for that, but it's not
>> installed).  Note that the super user *may* issue weak passwords (like
>> "start" or whatever) when a user is created which might come handy.  No idea
>> how to force changing the pwd when the user first logs in on Win, though.
>>
>> This approach more or less works, but I wasn't able to get roaming profiles
>> working on Samba without tweaking the Win registry on each client
>> workstation.  I'm still fighting with that, and got an indication from the
>> Samba list that something with the SID's might be wrong (see
>> <http://lists.samba.org/archive/samba/2008-August/142991.html>).  If you
>> have more insight into that, any hint would be warmly welcome!

It seems to me to be a long standing problem. I don't think the SID has 
something to do with it. Oh! By the way, the standard procedure in 
assigning the SID (in fact, the user part), is taking this formula:

    $SID = ($uid * 2) + 1000;

This is what other tools do (dunno why, but in a goal of standardization...)

Now, regarding your patch. Nice work.

I did a little change, in order for everyone who'll use this new setup 
to find it easier to implement. I added a file 
(/kolab/var/kolab/php/admin/includes/samba.php) which holds some 
constants that have to be tweeked for every installation (mkntpwd 
location, PDC name, Base SID value,...). This samba.php file has to be 
put in proper place, since user.php will call it.

So, with this email, the adjusted patch, plus the samba.php file.

-- 
Christian Tardif

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20080820/204558d5/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: user.diff
URL: <http://lists.kolab.org/pipermail/users/attachments/20080820/204558d5/attachment.ksh>