1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
2
"http://www.w3.org/TR/REC-html40/loose.dtd">
6
<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
7
<META name="GENERATOR" content="hevea 1.06">
13
<A HREF="smbldap-tools004.html"><IMG SRC ="previous_motif.gif" ALT="Pr�c�dent"></A>
14
<A HREF="index.html"><IMG SRC ="contents_motif.gif" ALT="Remonter"></A>
15
<A HREF="smbldap-tools006.html"><IMG SRC ="next_motif.gif" ALT="Suivant"></A>
18
<H2><A NAME="htoc13">4</A> Using the scripts</H2><UL>
19
<LI><A HREF="smbldap-tools005.html#toc8"> Initial directory's population</A>
20
<LI><A HREF="smbldap-tools005.html#toc9"> User management</A>
21
<LI><A HREF="smbldap-tools005.html#toc10"> Group management</A>
22
<LI><A HREF="smbldap-tools005.html#toc11"> Adding a interdomain trust account</A>
26
<H3><A NAME="htoc14">4.1</A> Initial directory's population</H3>
27
You can initialize the LDAP directory using the
28
<TT>smbldap-populate</TT> script. To do that, the account defined in
29
the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> to access the
30
master directory <B>must</B> must be the manager account defined in the
31
directory configuration. On RedHat system, this file is
32
<TT>/etc/openldap/slapd.conf</TT> and the account is defined with
34
rootdn "cn=Manager,dc=idealx,dc=com"
36
</PRE>The <TT>smbldap_bind.conf</TT> file must then be configured so that
37
the parameters to connect to the master LDAP server match the previous ones:
39
masterDN="cn=Manager,dc=idealx,dc=com"
42
Available options for this script are summarized in the table <A HREF="#table::populate">1</A>:
43
<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
44
<A NAME="code_epsilon_var"></A>
46
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
47
<TR><TD ALIGN=left NOWRAP>option</TD>
48
<TD ALIGN=left NOWRAP>definition</TD>
49
<TD ALIGN=left NOWRAP>default value</TD>
51
<TR><TD ALIGN=left NOWRAP>-u <I>uidNumber</I></TD>
52
<TD ALIGN=left NOWRAP>first uidNumber to allocate</TD>
53
<TD ALIGN=left NOWRAP>1000</TD>
55
<TR><TD ALIGN=left NOWRAP>-g <I>gidNumber</I></TD>
56
<TD ALIGN=left NOWRAP>first uidNumber to allocate</TD>
57
<TD ALIGN=left NOWRAP>1000</TD>
59
<TR><TD ALIGN=left NOWRAP>-a <I>user</I></TD>
60
<TD ALIGN=left NOWRAP>administrator login name</TD>
61
<TD ALIGN=left NOWRAP>Administrator</TD>
63
<TR><TD ALIGN=left NOWRAP>-b <I>user</I></TD>
64
<TD ALIGN=left NOWRAP>guest login name</TD>
65
<TD ALIGN=left NOWRAP>nobody</TD>
67
<TR><TD ALIGN=left NOWRAP>-e <I>file</I></TD>
68
<TD ALIGN=left NOWRAP>export a init file</TD>
69
<TD ALIGN=left NOWRAP> </TD>
71
<TR><TD ALIGN=left NOWRAP>-i <I>file</I></TD>
72
<TD ALIGN=left NOWRAP>import a init file</TD>
73
<TD ALIGN=left NOWRAP> </TD>
77
<DIV ALIGN=center>Table 1: Options available for the <TT>smbldap-populate</TT> script</DIV><BR>
79
<A NAME="table::populate"></A>
80
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
81
In the more general case, to set up your directory, simply use the
84
[root@etoile root]# smbldap-populate
85
Using builtin directory structure
86
adding new entry: dc=idealx,dc=com
87
adding new entry: ou=Users,dc=idealx,dc=com
88
adding new entry: ou=Groups,dc=idealx,dc=com
89
adding new entry: ou=Computers,dc=idealx,dc=com
90
adding new entry: ou=Idmap,dc=idealx,dc=org
91
adding new entry: cn=NextFreeUnixId,dc=idealx,dc=org
92
adding new entry: uid=Administrator,ou=Users,dc=idealx,dc=com
93
adding new entry: uid=nobody,ou=Users,dc=idealx,dc=com
94
adding new entry: cn=Domain Admins,ou=Groups,dc=idealx,dc=com
95
adding new entry: cn=Domain Users,ou=Groups,dc=idealx,dc=com
96
adding new entry: cn=Domain Guests,ou=Groups,dc=idealx,dc=com
97
adding new entry: cn=Print Operators,ou=Groups,dc=idealx,dc=com
98
adding new entry: cn=Backup Operators,ou=Groups,dc=idealx,dc=com
99
adding new entry: cn=Replicator,ou=Groups,dc=idealx,dc=com
100
adding new entry: cn=Domain Computers,ou=Groups,dc=idealx,dc=com
102
After this step, if you don't want to use the <TT>cn=Manager,dc=idealx,dc=com</TT>
103
account anymore, you can create a dedicated account for Samba and the
104
smbldap-tools. See section <A HREF="smbldap-tools009.html#change::manager">8.2</A> for more details.<BR>
106
The <TT>cn=NextFreeUnixId,dc=idealx,dc=org</TT> entry is only used to
107
defined the next uidNumber and gidNumber available for creating new
108
users and groups. The default values for those numbers are 1000. You
109
can change it with the <TT>-u</TT> and <TT>-g</TT> option. For
110
example, if you want the first available value for uidNumber and
111
gidNumber to be set to 1500, you can use the following command :
113
smbldap-populate -u 1550 -g 1500
116
<H3><A NAME="htoc15">4.2</A> User management</H3>
118
<H4><A NAME="htoc16">4.2.1</A> Adding a user</H4><A NAME="add::user"></A>
119
To add a user, use the <TT>smbldap-useradd</TT> script. Available
120
options are summarized in the table <A HREF="#table::add::user">2</A>. If applicable,
121
default values are mentionned in the third column. Any string beginning with a
122
$ symbol refers to a parameter defined in the
123
<TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> configuration file.
124
<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
126
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
127
<TR><TD VALIGN=top ALIGN=left>option</TD>
128
<TD VALIGN=top ALIGN=left>definition</TD>
129
<TD VALIGN=top ALIGN=left>example</TD>
130
<TD VALIGN=top ALIGN=left>default value</TD>
132
<TR><TD VALIGN=top ALIGN=left>-a</TD>
133
<TD VALIGN=top ALIGN=left>create a Windows account. Otherwise, only a Posix account
135
<TD VALIGN=top ALIGN=left> </TD>
136
<TD VALIGN=top ALIGN=left> </TD>
138
<TR><TD VALIGN=top ALIGN=left>-w</TD>
139
<TD VALIGN=top ALIGN=left>create a Windows Workstation account</TD>
140
<TD VALIGN=top ALIGN=left> </TD>
141
<TD VALIGN=top ALIGN=left> </TD>
143
<TR><TD VALIGN=top ALIGN=left>-i</TD>
144
<TD VALIGN=top ALIGN=left>create an interdomain trust account. See section
145
<A HREF="#trust::account">4.4</A> for more details</TD>
146
<TD VALIGN=top ALIGN=left> </TD>
147
<TD VALIGN=top ALIGN=left> </TD>
149
<TR><TD VALIGN=top ALIGN=left>-u</TD>
150
<TD VALIGN=top ALIGN=left>set a uid value</TD>
151
<TD VALIGN=top ALIGN=left>-u 1003</TD>
152
<TD VALIGN=top ALIGN=left>first uid available</TD>
154
<TR><TD VALIGN=top ALIGN=left>-g</TD>
155
<TD VALIGN=top ALIGN=left>set a gid value</TD>
156
<TD VALIGN=top ALIGN=left>-g 1003</TD>
157
<TD VALIGN=top ALIGN=left>first gid available</TD>
159
<TR><TD VALIGN=top ALIGN=left>-G</TD>
160
<TD VALIGN=top ALIGN=left>add the new account to one or several supplementary
161
groups (comma-separated)</TD>
162
<TD VALIGN=top ALIGN=left>-G 512,550</TD>
163
<TD VALIGN=top ALIGN=left> </TD>
165
<TR><TD VALIGN=top ALIGN=left>-d</TD>
166
<TD VALIGN=top ALIGN=left>set the home directory</TD>
167
<TD VALIGN=top ALIGN=left>-d /var/user</TD>
168
<TD VALIGN=top ALIGN=left>$userHomePrefix/user</TD>
170
<TR><TD VALIGN=top ALIGN=left>-s</TD>
171
<TD VALIGN=top ALIGN=left>set the login shell</TD>
172
<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD>
173
<TD VALIGN=top ALIGN=left>$userLoginShell</TD>
175
<TR><TD VALIGN=top ALIGN=left>-c</TD>
176
<TD VALIGN=top ALIGN=left>set the user gecos</TD>
177
<TD VALIGN=top ALIGN=left>-c "admin user"</TD>
178
<TD VALIGN=top ALIGN=left>$userGecos</TD>
180
<TR><TD VALIGN=top ALIGN=left>-m</TD>
181
<TD VALIGN=top ALIGN=left>creates user's home directory and copies /etc/skel
183
<TD VALIGN=top ALIGN=left> </TD>
184
<TD VALIGN=top ALIGN=left> </TD>
186
<TR><TD VALIGN=top ALIGN=left>-k</TD>
187
<TD VALIGN=top ALIGN=left>set the skeleton dir (with -m)</TD>
188
<TD VALIGN=top ALIGN=left>-k /etc/skel2</TD>
189
<TD VALIGN=top ALIGN=left>$skeletonDir</TD>
191
<TR><TD VALIGN=top ALIGN=left>-P</TD>
192
<TD VALIGN=top ALIGN=left>ends by invoking smbldap-passwd to set the user's
194
<TD VALIGN=top ALIGN=left> </TD>
195
<TD VALIGN=top ALIGN=left> </TD>
197
<TR><TD VALIGN=top ALIGN=left>-A</TD>
198
<TD VALIGN=top ALIGN=left>user can change password ? 0 if no, 1 if yes</TD>
199
<TD VALIGN=top ALIGN=left>-A 1</TD>
200
<TD VALIGN=top ALIGN=left> </TD>
202
<TR><TD VALIGN=top ALIGN=left>-B</TD>
203
<TD VALIGN=top ALIGN=left>user must change password at first session ? 0 if no, 1
205
<TD VALIGN=top ALIGN=left>-B 1</TD>
206
<TD VALIGN=top ALIGN=left> </TD>
208
<TR><TD VALIGN=top ALIGN=left>-C</TD>
209
<TD VALIGN=top ALIGN=left>set the samba home share</TD>
210
<TD VALIGN=top ALIGN=left>-C \\PDC\homes</TD>
211
<TD VALIGN=top ALIGN=left>$userSmbHome</TD>
213
<TR><TD VALIGN=top ALIGN=left>-D</TD>
214
<TD VALIGN=top ALIGN=left>set a letter associated with the home share</TD>
215
<TD VALIGN=top ALIGN=left>-D H:</TD>
216
<TD VALIGN=top ALIGN=left>$userHomeDrive</TD>
218
<TR><TD VALIGN=top ALIGN=left>-E</TD>
219
<TD VALIGN=top ALIGN=left>set DOS script to execute on login</TD>
220
<TD VALIGN=top ALIGN=left>-E common.bat</TD>
221
<TD VALIGN=top ALIGN=left>$userScript</TD>
223
<TR><TD VALIGN=top ALIGN=left>-F</TD>
224
<TD VALIGN=top ALIGN=left>set the profile directory</TD>
225
<TD VALIGN=top ALIGN=left>-F \\PDC\profiles\user</TD>
226
<TD VALIGN=top ALIGN=left>$userProfile</TD>
228
<TR><TD VALIGN=top ALIGN=left>-H</TD>
229
<TD VALIGN=top ALIGN=left>set the samba account control bits
230
like'[NDHTUMWSLKI]'</TD>
231
<TD VALIGN=top ALIGN=left>-H [X]</TD>
232
<TD VALIGN=top ALIGN=left> </TD>
234
<TR><TD VALIGN=top ALIGN=left>-N</TD>
235
<TD VALIGN=top ALIGN=left>set the canonical name of the user</TD>
236
<TD VALIGN=top ALIGN=left> </TD>
237
<TD VALIGN=top ALIGN=left> </TD>
239
<TR><TD VALIGN=top ALIGN=left>-S</TD>
240
<TD VALIGN=top ALIGN=left>set the surname of the user</TD>
241
<TD VALIGN=top ALIGN=left> </TD>
242
<TD VALIGN=top ALIGN=left> </TD>
244
<TR><TD VALIGN=top ALIGN=left>-M</TD>
245
<TD VALIGN=top ALIGN=left>local mailAddress (comma seperated)</TD>
246
<TD VALIGN=top ALIGN=left>-M testuser,aliasuser</TD>
247
<TD VALIGN=top ALIGN=left> </TD>
249
<TR><TD VALIGN=top ALIGN=left>-T</TD>
250
<TD VALIGN=top ALIGN=left>forward mail address (comma seperated)</TD>
251
<TD VALIGN=top ALIGN=left>-T
252
testuser@domain.org</TD>
253
<TD VALIGN=top ALIGN=left> </TD>
257
<DIV ALIGN=center>Table 2: Options available to the <TT>smbldap-useradd</TT> script</DIV><BR>
259
<A NAME="table::add::user"></A>
260
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
262
For example, if you want to add a user named <I>user_admin</I> and who :
265
<LI>must belong to the group of gid=512 ('Domain Admins' group)
266
<LI>has a home directory
267
<LI>does not have a login shell
268
<LI>has a homeDirectory set to /dev/null
269
<LI>does not have a roaming profile
270
<LI>and for whom we want to set a first login password
274
smbldap-useradd -a -G 512 -m -s /bin/false -d /dev/null -F "" -P user_admin
277
<H4><A NAME="htoc17">4.2.2</A> Removing a user</H4>
278
To remove a user account, use the <TT>smbldap-userdel</TT> script.
279
Available options are
280
<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
282
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
283
<TR><TD ALIGN=left NOWRAP>option</TD>
284
<TD ALIGN=left NOWRAP>definition</TD>
286
<TR><TD ALIGN=left NOWRAP>-r</TD>
287
<TD ALIGN=left NOWRAP>remove home directory</TD>
289
<TR><TD ALIGN=left NOWRAP>-R</TD>
290
<TD ALIGN=left NOWRAP>remove home directory interactively</TD>
294
<DIV ALIGN=center>Table 3: Option available to the <TT>smbldap-userdel</TT> script</DIV><BR>
296
<A NAME="table::del::user"></A>
297
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
298
For example, if you want to remove the <I>user1</I> account
299
from the LDAP directory, and if you also want to delete his home
300
directory, use the following command :
302
smbldap-userdel -r user1
304
Note: '-r' is dangerous as it may delete precious and unbackuped data,
305
please be careful.<BR>
308
<H4><A NAME="htoc18">4.2.3</A> Modifying a user</H4><A NAME="modify::user"></A>
309
To modify a user account, use the <TT>smbldap-usermod</TT> script.
310
Availables options are listed in the table <A HREF="#table::modify::user">4</A>.
311
<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
313
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
314
<TR><TD VALIGN=top ALIGN=left>option</TD>
315
<TD VALIGN=top ALIGN=left>definition</TD>
316
<TD VALIGN=top ALIGN=left>example</TD>
318
<TR><TD VALIGN=top ALIGN=left>-c</TD>
319
<TD VALIGN=top ALIGN=left>set the user gecos</TD>
320
<TD VALIGN=top ALIGN=left>-c "admin user"</TD>
322
<TR><TD VALIGN=top ALIGN=left>-d</TD>
323
<TD VALIGN=top ALIGN=left>set the home directory</TD>
324
<TD VALIGN=top ALIGN=left>-d /var/user</TD>
326
<TR><TD VALIGN=top ALIGN=left>-u</TD>
327
<TD VALIGN=top ALIGN=left>set a uid value</TD>
328
<TD VALIGN=top ALIGN=left>-u 1003</TD>
330
<TR><TD VALIGN=top ALIGN=left>-g</TD>
331
<TD VALIGN=top ALIGN=left>set a gid value</TD>
332
<TD VALIGN=top ALIGN=left>-g 1003</TD>
334
<TR><TD VALIGN=top ALIGN=left>-G</TD>
335
<TD VALIGN=top ALIGN=left>add the new account to one or several supplementary
336
groups (comma-separated)</TD>
337
<TD VALIGN=top ALIGN=left>-G 512,550</TD>
339
<TR><TD VALIGN=top ALIGN=left> </TD>
340
<TD VALIGN=top ALIGN=left> </TD>
341
<TD VALIGN=top ALIGN=left>-G -512,550</TD>
343
<TR><TD VALIGN=top ALIGN=left> </TD>
344
<TD VALIGN=top ALIGN=left> </TD>
345
<TD VALIGN=top ALIGN=left>-G +512,550</TD>
347
<TR><TD VALIGN=top ALIGN=left>-s</TD>
348
<TD VALIGN=top ALIGN=left>set the login shell</TD>
349
<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD>
351
<TR><TD VALIGN=top ALIGN=left>-N</TD>
352
<TD VALIGN=top ALIGN=left>set the canonical name of the user</TD>
353
<TD VALIGN=top ALIGN=left> </TD>
355
<TR><TD VALIGN=top ALIGN=left>-S</TD>
356
<TD VALIGN=top ALIGN=left>set the surname of the user</TD>
357
<TD VALIGN=top ALIGN=left> </TD>
359
<TR><TD VALIGN=top ALIGN=left>-P</TD>
360
<TD VALIGN=top ALIGN=left>ends by invoking smbldap-passwd to set the user's password</TD>
361
<TD VALIGN=top ALIGN=left> </TD>
363
<TR><TD VALIGN=top ALIGN=left>-a</TD>
364
<TD VALIGN=top ALIGN=left>add sambaSAMAccount objectclass</TD>
365
<TD VALIGN=top ALIGN=left> </TD>
367
<TR><TD VALIGN=top ALIGN=left>-e</TD>
368
<TD VALIGN=top ALIGN=left>set an expiration date for the password (format: YYYY-MM-DD HH:MM:SS)</TD>
369
<TD VALIGN=top ALIGN=left> </TD>
371
<TR><TD VALIGN=top ALIGN=left>-A</TD>
372
<TD VALIGN=top ALIGN=left>user can change password ? 0 if no, 1 if yes</TD>
373
<TD VALIGN=top ALIGN=left>-A 1</TD>
375
<TR><TD VALIGN=top ALIGN=left>-B</TD>
376
<TD VALIGN=top ALIGN=left>user must change password at first session ? 0 if no, 1
378
<TD VALIGN=top ALIGN=left>-B 1</TD>
380
<TR><TD VALIGN=top ALIGN=left>-C</TD>
381
<TD VALIGN=top ALIGN=left>set the samba home share</TD>
382
<TD VALIGN=top ALIGN=left>-C \\PDC\homes</TD>
384
<TR><TD VALIGN=top ALIGN=left> </TD>
385
<TD VALIGN=top ALIGN=left> </TD>
386
<TD VALIGN=top ALIGN=left>-C ""</TD>
388
<TR><TD VALIGN=top ALIGN=left>-D</TD>
389
<TD VALIGN=top ALIGN=left>set a letter associated with the home share</TD>
390
<TD VALIGN=top ALIGN=left>-D H:</TD>
392
<TR><TD VALIGN=top ALIGN=left> </TD>
393
<TD VALIGN=top ALIGN=left> </TD>
394
<TD VALIGN=top ALIGN=left>-D ""</TD>
396
<TR><TD VALIGN=top ALIGN=left>-E</TD>
397
<TD VALIGN=top ALIGN=left>set DOS script to execute on login</TD>
398
<TD VALIGN=top ALIGN=left>-E common.bat</TD>
400
<TR><TD VALIGN=top ALIGN=left> </TD>
401
<TD VALIGN=top ALIGN=left> </TD>
402
<TD VALIGN=top ALIGN=left>-E ""</TD>
404
<TR><TD VALIGN=top ALIGN=left>-F</TD>
405
<TD VALIGN=top ALIGN=left>set the profile directory</TD>
406
<TD VALIGN=top ALIGN=left>-F \\PDC\profiles\user</TD>
408
<TR><TD VALIGN=top ALIGN=left> </TD>
409
<TD VALIGN=top ALIGN=left> </TD>
410
<TD VALIGN=top ALIGN=left>-F ""</TD>
412
<TR><TD VALIGN=top ALIGN=left>-H</TD>
413
<TD VALIGN=top ALIGN=left>set the samba account control bits like'[NDHTUMWSLKI]'</TD>
414
<TD VALIGN=top ALIGN=left>-H [X]</TD>
416
<TR><TD VALIGN=top ALIGN=left>-I</TD>
417
<TD VALIGN=top ALIGN=left>disable a user account</TD>
418
<TD VALIGN=top ALIGN=left>-I 1</TD>
420
<TR><TD VALIGN=top ALIGN=left>-J</TD>
421
<TD VALIGN=top ALIGN=left>enable a user</TD>
422
<TD VALIGN=top ALIGN=left>-J 1</TD>
424
<TR><TD VALIGN=top ALIGN=left>-M</TD>
425
<TD VALIGN=top ALIGN=left>local mailAddress (comma seperated)</TD>
426
<TD VALIGN=top ALIGN=left>-M testuser,aliasuser</TD>
428
<TR><TD VALIGN=top ALIGN=left>-T</TD>
429
<TD VALIGN=top ALIGN=left>forward mail address (comma seperated)</TD>
430
<TD VALIGN=top ALIGN=left>-T
431
testuser@domain.org</TD>
435
<DIV ALIGN=center>Table 4: Options available to the <TT>smbldap-usermod</TT> script</DIV><BR>
437
<A NAME="table::modify::user"></A>
438
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
439
You can also use the <TT>smbldap-userinfo</TT> script to update user's information. This script can
440
also be used by users themselves to update their own informations listed in the tables
441
<A HREF="#table::modify::self::user">5</A> (adequats ACL must be set in the directory server). Available
443
<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
445
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
446
<TR><TD VALIGN=top ALIGN=left>option</TD>
447
<TD VALIGN=top ALIGN=left>definition</TD>
448
<TD VALIGN=top ALIGN=left>example</TD>
450
<TR><TD VALIGN=top ALIGN=left>-f</TD>
451
<TD VALIGN=top ALIGN=left>set the full name's user</TD>
452
<TD VALIGN=top ALIGN=left>-f MyName</TD>
454
<TR><TD VALIGN=top ALIGN=left>-r</TD>
455
<TD VALIGN=top ALIGN=left>set the room number</TD>
456
<TD VALIGN=top ALIGN=left>-r 99</TD>
458
<TR><TD VALIGN=top ALIGN=left>-w</TD>
459
<TD VALIGN=top ALIGN=left>set the work phone number</TD>
460
<TD VALIGN=top ALIGN=left>-w 111111111</TD>
462
<TR><TD VALIGN=top ALIGN=left>-h</TD>
463
<TD VALIGN=top ALIGN=left>set the home phone number</TD>
464
<TD VALIGN=top ALIGN=left>-h 222222222</TD>
466
<TR><TD VALIGN=top ALIGN=left>-o</TD>
467
<TD VALIGN=top ALIGN=left>set other information (in gecos definition)</TD>
468
<TD VALIGN=top ALIGN=left>-o "second stage"</TD>
470
<TR><TD VALIGN=top ALIGN=left>-s</TD>
471
<TD VALIGN=top ALIGN=left>set the default bash</TD>
472
<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD>
476
<DIV ALIGN=center>Table 5: Options available to the <TT>smbldap-userinfo</TT> script</DIV><BR>
478
<A NAME="table::modify::self::user"></A>
479
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
481
<H3><A NAME="htoc19">4.3</A> Group management</H3>
483
<H4><A NAME="htoc20">4.3.1</A> Adding a group</H4>
484
To add a new group in the LDAP directory, use the <TT>smbldap-groupadd</TT>
485
script. Available options are listed in the table
486
<A HREF="#table::add::group">6</A>.
487
<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
489
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
490
<TR><TD VALIGN=top ALIGN=left NOWRAP>option</TD>
491
<TD VALIGN=top ALIGN=left>definition</TD>
492
<TD VALIGN=top ALIGN=left NOWRAP>example</TD>
494
<TR><TD VALIGN=top ALIGN=left NOWRAP>-a</TD>
495
<TD VALIGN=top ALIGN=left>add automatic group mapping entry</TD>
496
<TD VALIGN=top ALIGN=left NOWRAP> </TD>
498
<TR><TD VALIGN=top ALIGN=left NOWRAP>-g <TT>gid</TT></TD>
499
<TD VALIGN=top ALIGN=left>set the <I>gidNumer</I> for this group to
501
<TD VALIGN=top ALIGN=left NOWRAP><TT>-g 1002</TT></TD>
503
<TR><TD VALIGN=top ALIGN=left NOWRAP>-o</TD>
504
<TD VALIGN=top ALIGN=left>gidNumber is not unique</TD>
505
<TD VALIGN=top ALIGN=left NOWRAP> </TD>
507
<TR><TD VALIGN=top ALIGN=left NOWRAP>-r <TT>group-rid</TT></TD>
508
<TD VALIGN=top ALIGN=left>set the rid of the group to
509
<I>group-rid</I></TD>
510
<TD VALIGN=top ALIGN=left NOWRAP><TT>-r 1002</TT></TD>
512
<TR><TD VALIGN=top ALIGN=left NOWRAP>-s <TT>group-sid</TT></TD>
513
<TD VALIGN=top ALIGN=left>set the sid of the group to
514
<I>group-sid</I></TD>
515
<TD VALIGN=top ALIGN=left NOWRAP><TT><FONT SIZE=1>-s
516
S-1-5-21-3703471949-3718591838-2324585696-1002</FONT></TT></TD>
518
<TR><TD VALIGN=top ALIGN=left NOWRAP>-t <TT>group-type</TT></TD>
519
<TD VALIGN=top ALIGN=left>set the <I>sambaGroupType</I> to
520
<I>group-type</I></TD>
521
<TD VALIGN=top ALIGN=left NOWRAP><TT>-t 2</TT></TD>
523
<TR><TD VALIGN=top ALIGN=left NOWRAP>-p</TD>
524
<TD VALIGN=top ALIGN=left>print the gidNumber to stdout</TD>
525
<TD VALIGN=top ALIGN=left NOWRAP> </TD>
529
<DIV ALIGN=center>Table 6: Options available for the <TT>smbldap-groupadd</TT> script</DIV><BR>
531
<A NAME="table::add::group"></A>
532
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
534
<H4><A NAME="htoc21">4.3.2</A> Removing a group</H4>
535
To remove the group named <TT>group1</TT>, just use the following
538
smbldap-userdel group1
541
<H3><A NAME="htoc22">4.4</A> Adding a interdomain trust account</H3><A NAME="trust::account"></A>
542
To add an interdomain trust account to the primary controller <I>trust-pdc</I>, use the <TT>-i</TT> option of
543
<TT>smbldap-useradd</TT> as follows :
545
[root@etoile root]# smbldap-useradd -i trust-pdc
546
New password : *******
547
Retype new password : *******
549
The script will terminate asking for a password for this trust
550
account. The account will be created in the directory branch where
551
all computer accounts are stored (<TT>ou=Computers</TT> by
552
default). The only two particularities of this account are that you are
553
setting a password for this account, and the flags of this account are
556
<A HREF="smbldap-tools004.html"><IMG SRC ="previous_motif.gif" ALT="Pr�c�dent"></A>
557
<A HREF="index.html"><IMG SRC ="contents_motif.gif" ALT="Remonter"></A>
558
<A HREF="smbldap-tools006.html"><IMG SRC ="next_motif.gif" ALT="Suivant"></A>