5 Samba and the smbldap-tools scripts
5.1 General configuration
Samba can be configured to use the smbldap-tools scripts. This allows
administrators to add, delete or modify user and group accounts for Microsoft Windows
operating systems using, for example, User Manager utility under MS-Windows.
To enable the use of this utility, samba needs to be configured correctly. The
smb.conf configuration file must contain the following directives :
ldap delete dn = Yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
Remark: the two directives delete user script et delete group
script can also be used. However, an error message can appear in User Manager
even if the operations actually succeed.
If you want to enable this behaviour, you need to add
delete user script = /usr/local/sbin/smbldap-userdel "%u"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
5.2 Migrating an NT4 PDC to Samba3
The account migration procedure becomes really simple when samba is configured to use
the smbldap-tools. Samba configuration (smb.conf file) must contain the
directive defined above to properly call the script for managing users, groups and computer accounts.
The migration process is outlined in the chapter 30 of the samba howto
http://sambafr.idealx.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html.