Other Information
1. sambaSID=uidNumber*2+1000
LDAP Special Attributes for sambaSamAccounts
The sambaSamAccount ObjectClass is composed of the attributes shown in next tables:
Part A, and
Part B.
Table10.3.Attributes in the sambaSamAccount ObjectClass (LDAP), Part A
sambaLMPassword
|
The LanMan password 16-byte hash stored as a character
representation of a hexadecimal string. |
sambaNTPassword
|
The NT password 16-byte hash stored as a character
representation of a hexadecimal string. |
sambaPwdLastSet
|
The integer time in seconds since 1970 when the
sambaLMPassword and sambaNTPassword attributes were last set.
|
sambaAcctFlags
|
String of 11 characters surrounded by square brackets [ ]
representing account flags such as U (user), W (workstation), X (no password expiration),
I (domain trust account), H (home dir required), S (server trust account),
and D (disabled). |
sambaLogonTime
|
Integer value currently unused. |
sambaLogoffTime
|
Integer value currently unused. |
sambaKickoffTime
|
Specifies the time (UNIX time format) when the user
will be locked down and cannot login any longer. If this attribute is omitted, then the account will never expire.
Using this attribute together with shadowExpire of the shadowAccount ObjectClass will enable accounts to
expire completely on an exact date. |
sambaPwdCanChange
|
Specifies the time (UNIX time format)
after which the user is allowed to change his password. If this attribute is not set, the user will be free
to change his password whenever he wants. |
sambaPwdMustChange
|
Specifies the time (UNIX time format) when the user is
forced to change his password. If this value is set to 0, the user will have to change his password at first login.
If this attribute is not set, then the password will never expire. |
sambaHomeDrive
|
Specifies the drive letter to which to map the
UNC path specified by sambaHomePath. The drive letter must be specified in the form “X:”
where X is the letter of the drive to map. Refer to the “logon drive” parameter in the
smb.conf(5) man page for more information. |
sambaLogonScript
|
The sambaLogonScript property specifies the path of
the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
is relative to the netlogon share. Refer to the
logon script parameter in the
smb.conf man page for more information. |
sambaProfilePath
|
Specifies a path to the user's profile.
This value can be a null string, a local absolute path, or a UNC path. Refer to the
logon path parameter in the smb.conf man page for more information. |
sambaHomePath
|
The sambaHomePath property specifies the path of
the home directory for the user. The string can be null. If sambaHomeDrive is set and specifies
a drive letter, sambaHomePath should be a UNC path. The path must be a network
UNC path of the form \\server\share\directory. This value can be a null string.
Refer to the
logon home
parameter in the smb.conf man page for more information.
|
Table10.4.Attributes in the sambaSamAccount ObjectClass (LDAP), Part B
sambaUserWorkstations
|
Here you can give a comma-separated list of machines
on which the user is allowed to login. You may observe problems when you try to connect to a Samba domain member.
Because domain members are not in this list, the domain controllers will reject them. Where this attribute is omitted,
the default implies no restrictions.
|
sambaSID
|
The security identifier(SID) of the user.
The Windows equivalent of UNIX UIDs. |
sambaPrimaryGroupSID
|
The security identifier (SID) of the primary group
of the user. |
sambaDomainName
|
Domain the user is part of. |
The majority of these parameters are only used when Samba is acting as a PDC of
a domain (refer to
Domain Control, for details on
how to configure Samba as a PDC). The following four attributes
are only stored with the sambaSamAccount entry if the values are non-default values:
sambaHomePath
sambaLogonScript
sambaProfilePath
sambaHomeDrive
These attributes are only stored with the sambaSamAccount entry if
the values are non-default values. For example, assume MORIA has now been
configured as a PDC and that
logon home = \\%L\%u was defined in
its smb.conf file. When a user named “becky” logs on to the domain,
the
logon home string is expanded to \\MORIA\becky.
If the smbHome attribute exists in the entry “uid=becky,ou=People,dc=samba,dc=org”,
this value is used. However, if this attribute does not exist, then the value
of the
logon home parameter is used in its place. Samba
will only write the attribute value to the directory entry if the value is
something other than the default (e.g., \\MOBY\becky).
No comments:
Post a Comment