1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" 2 "http://www.w3.org/TR/REC-html40/loose.dtd"> 3<HTML> 4<HEAD> 5 6<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 7<META name="GENERATOR" content="hevea 1.06"> 8<TITLE> 9 Using the scripts 10</TITLE> 11</HEAD> 12<BODY > 13<A HREF="smbldap-tools004.html"><IMG SRC ="previous_motif.gif" ALT="Pr�c�dent"></A> 14<A HREF="index.html"><IMG SRC ="contents_motif.gif" ALT="Remonter"></A> 15<A HREF="smbldap-tools006.html"><IMG SRC ="next_motif.gif" ALT="Suivant"></A> 16<HR> 17 18<H2><A NAME="htoc13">4</A> Using the scripts</H2><UL> 19<LI><A HREF="smbldap-tools005.html#toc8"> Initial directory's population</A> 20<LI><A HREF="smbldap-tools005.html#toc9"> User management</A> 21<LI><A HREF="smbldap-tools005.html#toc10"> Group management</A> 22<LI><A HREF="smbldap-tools005.html#toc11"> Adding a interdomain trust account</A> 23</UL> 24 25<A NAME="toc8"></A> 26<H3><A NAME="htoc14">4.1</A> Initial directory's population</H3> 27You can initialize the LDAP directory using the 28<TT>smbldap-populate</TT> script. To do that, the account defined in 29the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> to access the 30master directory <B>must</B> must be the manager account defined in the 31directory configuration. On RedHat system, this file is 32<TT>/etc/openldap/slapd.conf</TT> and the account is defined with 33<PRE> 34 rootdn "cn=Manager,dc=idealx,dc=com" 35 rootpw secret 36</PRE>The <TT>smbldap_bind.conf</TT> file must then be configured so that 37the parameters to connect to the master LDAP server match the previous ones: 38<PRE> 39 masterDN="cn=Manager,dc=idealx,dc=com" 40 masterPw="secret" 41</PRE> 42Available options for this script are summarized in the table <A HREF="#table::populate">1</A>: 43<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV> 44 <A NAME="code_epsilon_var"></A> 45 <DIV ALIGN=center> 46 <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1> 47<TR><TD ALIGN=left NOWRAP>option</TD> 48<TD ALIGN=left NOWRAP>definition</TD> 49<TD ALIGN=left NOWRAP>default value</TD> 50</TR> 51<TR><TD ALIGN=left NOWRAP>-u <I>uidNumber</I></TD> 52<TD ALIGN=left NOWRAP>first uidNumber to allocate</TD> 53<TD ALIGN=left NOWRAP>1000</TD> 54</TR> 55<TR><TD ALIGN=left NOWRAP>-g <I>gidNumber</I></TD> 56<TD ALIGN=left NOWRAP>first uidNumber to allocate</TD> 57<TD ALIGN=left NOWRAP>1000</TD> 58</TR> 59<TR><TD ALIGN=left NOWRAP>-a <I>user</I></TD> 60<TD ALIGN=left NOWRAP>administrator login name</TD> 61<TD ALIGN=left NOWRAP>Administrator</TD> 62</TR> 63<TR><TD ALIGN=left NOWRAP>-b <I>user</I></TD> 64<TD ALIGN=left NOWRAP>guest login name</TD> 65<TD ALIGN=left NOWRAP>nobody</TD> 66</TR> 67<TR><TD ALIGN=left NOWRAP>-e <I>file</I></TD> 68<TD ALIGN=left NOWRAP>export a init file</TD> 69<TD ALIGN=left NOWRAP> </TD> 70</TR> 71<TR><TD ALIGN=left NOWRAP>-i <I>file</I></TD> 72<TD ALIGN=left NOWRAP>import a init file</TD> 73<TD ALIGN=left NOWRAP> </TD> 74</TR></TABLE> 75 </DIV> 76 <BR> 77<DIV ALIGN=center>Table 1: Options available for the <TT>smbldap-populate</TT> script</DIV><BR> 78 79 <A NAME="table::populate"></A> 80<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE> 81In the more general case, to set up your directory, simply use the 82following command: 83<PRE> 84[root@etoile root]# smbldap-populate 85Using builtin directory structure 86adding new entry: dc=idealx,dc=com 87adding new entry: ou=Users,dc=idealx,dc=com 88adding new entry: ou=Groups,dc=idealx,dc=com 89adding new entry: ou=Computers,dc=idealx,dc=com 90adding new entry: ou=Idmap,dc=idealx,dc=org 91adding new entry: cn=NextFreeUnixId,dc=idealx,dc=org 92adding new entry: uid=Administrator,ou=Users,dc=idealx,dc=com 93adding new entry: uid=nobody,ou=Users,dc=idealx,dc=com 94adding new entry: cn=Domain Admins,ou=Groups,dc=idealx,dc=com 95adding new entry: cn=Domain Users,ou=Groups,dc=idealx,dc=com 96adding new entry: cn=Domain Guests,ou=Groups,dc=idealx,dc=com 97adding new entry: cn=Print Operators,ou=Groups,dc=idealx,dc=com 98adding new entry: cn=Backup Operators,ou=Groups,dc=idealx,dc=com 99adding new entry: cn=Replicator,ou=Groups,dc=idealx,dc=com 100adding new entry: cn=Domain Computers,ou=Groups,dc=idealx,dc=com 101</PRE> 102After this step, if you don't want to use the <TT>cn=Manager,dc=idealx,dc=com</TT> 103account anymore, you can create a dedicated account for Samba and the 104smbldap-tools. See section <A HREF="smbldap-tools009.html#change::manager">8.2</A> for more details.<BR> 105<BR> 106The <TT>cn=NextFreeUnixId,dc=idealx,dc=org</TT> entry is only used to 107defined the next uidNumber and gidNumber available for creating new 108users and groups. The default values for those numbers are 1000. You 109can change it with the <TT>-u</TT> and <TT>-g</TT> option. For 110example, if you want the first available value for uidNumber and 111gidNumber to be set to 1500, you can use the following command : 112<PRE> 113smbldap-populate -u 1550 -g 1500 114</PRE> 115<A NAME="toc9"></A> 116<H3><A NAME="htoc15">4.2</A> User management</H3> 117 118<H4><A NAME="htoc16">4.2.1</A> Adding a user</H4><A NAME="add::user"></A> 119To add a user, use the <TT>smbldap-useradd</TT> script. Available 120options are summarized in the table <A HREF="#table::add::user">2</A>. If applicable, 121default values are mentionned in the third column. Any string beginning with a 122$ symbol refers to a parameter defined in the 123<TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> configuration file. 124<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV> 125 <DIV ALIGN=center> 126 <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1> 127<TR><TD VALIGN=top ALIGN=left>option</TD> 128<TD VALIGN=top ALIGN=left>definition</TD> 129<TD VALIGN=top ALIGN=left>example</TD> 130<TD VALIGN=top ALIGN=left>default value</TD> 131</TR> 132<TR><TD VALIGN=top ALIGN=left>-a</TD> 133<TD VALIGN=top ALIGN=left>create a Windows account. Otherwise, only a Posix account 134 is created</TD> 135<TD VALIGN=top ALIGN=left> </TD> 136<TD VALIGN=top ALIGN=left> </TD> 137</TR> 138<TR><TD VALIGN=top ALIGN=left>-w</TD> 139<TD VALIGN=top ALIGN=left>create a Windows Workstation account</TD> 140<TD VALIGN=top ALIGN=left> </TD> 141<TD VALIGN=top ALIGN=left> </TD> 142</TR> 143<TR><TD VALIGN=top ALIGN=left>-i</TD> 144<TD VALIGN=top ALIGN=left>create an interdomain trust account. See section 145 <A HREF="#trust::account">4.4</A> for more details</TD> 146<TD VALIGN=top ALIGN=left> </TD> 147<TD VALIGN=top ALIGN=left> </TD> 148</TR> 149<TR><TD VALIGN=top ALIGN=left>-u</TD> 150<TD VALIGN=top ALIGN=left>set a uid value</TD> 151<TD VALIGN=top ALIGN=left>-u 1003</TD> 152<TD VALIGN=top ALIGN=left>first uid available</TD> 153</TR> 154<TR><TD VALIGN=top ALIGN=left>-g</TD> 155<TD VALIGN=top ALIGN=left>set a gid value</TD> 156<TD VALIGN=top ALIGN=left>-g 1003</TD> 157<TD VALIGN=top ALIGN=left>first gid available</TD> 158</TR> 159<TR><TD VALIGN=top ALIGN=left>-G</TD> 160<TD VALIGN=top ALIGN=left>add the new account to one or several supplementary 161 groups (comma-separated)</TD> 162<TD VALIGN=top ALIGN=left>-G 512,550</TD> 163<TD VALIGN=top ALIGN=left> </TD> 164</TR> 165<TR><TD VALIGN=top ALIGN=left>-d</TD> 166<TD VALIGN=top ALIGN=left>set the home directory</TD> 167<TD VALIGN=top ALIGN=left>-d /var/user</TD> 168<TD VALIGN=top ALIGN=left>$userHomePrefix/user</TD> 169</TR> 170<TR><TD VALIGN=top ALIGN=left>-s</TD> 171<TD VALIGN=top ALIGN=left>set the login shell</TD> 172<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD> 173<TD VALIGN=top ALIGN=left>$userLoginShell</TD> 174</TR> 175<TR><TD VALIGN=top ALIGN=left>-c</TD> 176<TD VALIGN=top ALIGN=left>set the user gecos</TD> 177<TD VALIGN=top ALIGN=left>-c "admin user"</TD> 178<TD VALIGN=top ALIGN=left>$userGecos</TD> 179</TR> 180<TR><TD VALIGN=top ALIGN=left>-m</TD> 181<TD VALIGN=top ALIGN=left>creates user's home directory and copies /etc/skel 182 into it</TD> 183<TD VALIGN=top ALIGN=left> </TD> 184<TD VALIGN=top ALIGN=left> </TD> 185</TR> 186<TR><TD VALIGN=top ALIGN=left>-k</TD> 187<TD VALIGN=top ALIGN=left>set the skeleton dir (with -m)</TD> 188<TD VALIGN=top ALIGN=left>-k /etc/skel2</TD> 189<TD VALIGN=top ALIGN=left>$skeletonDir</TD> 190</TR> 191<TR><TD VALIGN=top ALIGN=left>-P</TD> 192<TD VALIGN=top ALIGN=left>ends by invoking smbldap-passwd to set the user's 193 password</TD> 194<TD VALIGN=top ALIGN=left> </TD> 195<TD VALIGN=top ALIGN=left> </TD> 196</TR> 197<TR><TD VALIGN=top ALIGN=left>-A</TD> 198<TD VALIGN=top ALIGN=left>user can change password ? 0 if no, 1 if yes</TD> 199<TD VALIGN=top ALIGN=left>-A 1</TD> 200<TD VALIGN=top ALIGN=left> </TD> 201</TR> 202<TR><TD VALIGN=top ALIGN=left>-B</TD> 203<TD VALIGN=top ALIGN=left>user must change password at first session ? 0 if no, 1 204 if yes</TD> 205<TD VALIGN=top ALIGN=left>-B 1</TD> 206<TD VALIGN=top ALIGN=left> </TD> 207</TR> 208<TR><TD VALIGN=top ALIGN=left>-C</TD> 209<TD VALIGN=top ALIGN=left>set the samba home share</TD> 210<TD VALIGN=top ALIGN=left>-C \\PDC\homes</TD> 211<TD VALIGN=top ALIGN=left>$userSmbHome</TD> 212</TR> 213<TR><TD VALIGN=top ALIGN=left>-D</TD> 214<TD VALIGN=top ALIGN=left>set a letter associated with the home share</TD> 215<TD VALIGN=top ALIGN=left>-D H:</TD> 216<TD VALIGN=top ALIGN=left>$userHomeDrive</TD> 217</TR> 218<TR><TD VALIGN=top ALIGN=left>-E</TD> 219<TD VALIGN=top ALIGN=left>set DOS script to execute on login</TD> 220<TD VALIGN=top ALIGN=left>-E common.bat</TD> 221<TD VALIGN=top ALIGN=left>$userScript</TD> 222</TR> 223<TR><TD VALIGN=top ALIGN=left>-F</TD> 224<TD VALIGN=top ALIGN=left>set the profile directory</TD> 225<TD VALIGN=top ALIGN=left>-F \\PDC\profiles\user</TD> 226<TD VALIGN=top ALIGN=left>$userProfile</TD> 227</TR> 228<TR><TD VALIGN=top ALIGN=left>-H</TD> 229<TD VALIGN=top ALIGN=left>set the samba account control bits 230 like'[NDHTUMWSLKI]'</TD> 231<TD VALIGN=top ALIGN=left>-H [X]</TD> 232<TD VALIGN=top ALIGN=left> </TD> 233</TR> 234<TR><TD VALIGN=top ALIGN=left>-N</TD> 235<TD VALIGN=top ALIGN=left>set the canonical name of the user</TD> 236<TD VALIGN=top ALIGN=left> </TD> 237<TD VALIGN=top ALIGN=left> </TD> 238</TR> 239<TR><TD VALIGN=top ALIGN=left>-S</TD> 240<TD VALIGN=top ALIGN=left>set the surname of the user</TD> 241<TD VALIGN=top ALIGN=left> </TD> 242<TD VALIGN=top ALIGN=left> </TD> 243</TR> 244<TR><TD VALIGN=top ALIGN=left>-M</TD> 245<TD VALIGN=top ALIGN=left>local mailAddress (comma seperated)</TD> 246<TD VALIGN=top ALIGN=left>-M testuser,aliasuser</TD> 247<TD VALIGN=top ALIGN=left> </TD> 248</TR> 249<TR><TD VALIGN=top ALIGN=left>-T</TD> 250<TD VALIGN=top ALIGN=left>forward mail address (comma seperated)</TD> 251<TD VALIGN=top ALIGN=left>-T 252 testuser@domain.org</TD> 253<TD VALIGN=top ALIGN=left> </TD> 254</TR></TABLE> 255 </DIV> 256 <BR> 257<DIV ALIGN=center>Table 2: Options available to the <TT>smbldap-useradd</TT> script</DIV><BR> 258 259 <A NAME="table::add::user"></A> 260<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE> 261 262For example, if you want to add a user named <I>user_admin</I> and who : 263<UL><LI> 264is a windows user 265<LI>must belong to the group of gid=512 ('Domain Admins' group) 266<LI>has a home directory 267<LI>does not have a login shell 268<LI>has a homeDirectory set to /dev/null 269<LI>does not have a roaming profile 270<LI>and for whom we want to set a first login password 271</UL> 272you must invoke: 273<PRE> 274smbldap-useradd -a -G 512 -m -s /bin/false -d /dev/null -F "" -P user_admin 275</PRE> 276 277<H4><A NAME="htoc17">4.2.2</A> Removing a user</H4> 278To remove a user account, use the <TT>smbldap-userdel</TT> script. 279Available options are 280<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV> 281 <DIV ALIGN=center> 282 <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1> 283<TR><TD ALIGN=left NOWRAP>option</TD> 284<TD ALIGN=left NOWRAP>definition</TD> 285</TR> 286<TR><TD ALIGN=left NOWRAP>-r</TD> 287<TD ALIGN=left NOWRAP>remove home directory</TD> 288</TR> 289<TR><TD ALIGN=left NOWRAP>-R</TD> 290<TD ALIGN=left NOWRAP>remove home directory interactively</TD> 291</TR></TABLE> 292 </DIV> 293 <BR> 294<DIV ALIGN=center>Table 3: Option available to the <TT>smbldap-userdel</TT> script</DIV><BR> 295 296 <A NAME="table::del::user"></A> 297<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE> 298For example, if you want to remove the <I>user1</I> account 299from the LDAP directory, and if you also want to delete his home 300directory, use the following command : 301<PRE> 302smbldap-userdel -r user1 303</PRE> 304Note: '-r' is dangerous as it may delete precious and unbackuped data, 305please be careful.<BR> 306<BR> 307 308<H4><A NAME="htoc18">4.2.3</A> Modifying a user</H4><A NAME="modify::user"></A> 309To modify a user account, use the <TT>smbldap-usermod</TT> script. 310Availables options are listed in the table <A HREF="#table::modify::user">4</A>. 311<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV> 312 <DIV ALIGN=center> 313 <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1> 314<TR><TD VALIGN=top ALIGN=left>option</TD> 315<TD VALIGN=top ALIGN=left>definition</TD> 316<TD VALIGN=top ALIGN=left>example</TD> 317</TR> 318<TR><TD VALIGN=top ALIGN=left>-c</TD> 319<TD VALIGN=top ALIGN=left>set the user gecos</TD> 320<TD VALIGN=top ALIGN=left>-c "admin user"</TD> 321</TR> 322<TR><TD VALIGN=top ALIGN=left>-d</TD> 323<TD VALIGN=top ALIGN=left>set the home directory</TD> 324<TD VALIGN=top ALIGN=left>-d /var/user</TD> 325</TR> 326<TR><TD VALIGN=top ALIGN=left>-u</TD> 327<TD VALIGN=top ALIGN=left>set a uid value</TD> 328<TD VALIGN=top ALIGN=left>-u 1003</TD> 329</TR> 330<TR><TD VALIGN=top ALIGN=left>-g</TD> 331<TD VALIGN=top ALIGN=left>set a gid value</TD> 332<TD VALIGN=top ALIGN=left>-g 1003</TD> 333</TR> 334<TR><TD VALIGN=top ALIGN=left>-G</TD> 335<TD VALIGN=top ALIGN=left>add the new account to one or several supplementary 336 groups (comma-separated)</TD> 337<TD VALIGN=top ALIGN=left>-G 512,550</TD> 338</TR> 339<TR><TD VALIGN=top ALIGN=left> </TD> 340<TD VALIGN=top ALIGN=left> </TD> 341<TD VALIGN=top ALIGN=left>-G -512,550</TD> 342</TR> 343<TR><TD VALIGN=top ALIGN=left> </TD> 344<TD VALIGN=top ALIGN=left> </TD> 345<TD VALIGN=top ALIGN=left>-G +512,550</TD> 346</TR> 347<TR><TD VALIGN=top ALIGN=left>-s</TD> 348<TD VALIGN=top ALIGN=left>set the login shell</TD> 349<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD> 350</TR> 351<TR><TD VALIGN=top ALIGN=left>-N</TD> 352<TD VALIGN=top ALIGN=left>set the canonical name of the user</TD> 353<TD VALIGN=top ALIGN=left> </TD> 354</TR> 355<TR><TD VALIGN=top ALIGN=left>-S</TD> 356<TD VALIGN=top ALIGN=left>set the surname of the user</TD> 357<TD VALIGN=top ALIGN=left> </TD> 358</TR> 359<TR><TD VALIGN=top ALIGN=left>-P</TD> 360<TD VALIGN=top ALIGN=left>ends by invoking smbldap-passwd to set the user's password</TD> 361<TD VALIGN=top ALIGN=left> </TD> 362</TR> 363<TR><TD VALIGN=top ALIGN=left>-a</TD> 364<TD VALIGN=top ALIGN=left>add sambaSAMAccount objectclass</TD> 365<TD VALIGN=top ALIGN=left> </TD> 366</TR> 367<TR><TD VALIGN=top ALIGN=left>-e</TD> 368<TD VALIGN=top ALIGN=left>set an expiration date for the password (format: YYYY-MM-DD HH:MM:SS)</TD> 369<TD VALIGN=top ALIGN=left> </TD> 370</TR> 371<TR><TD VALIGN=top ALIGN=left>-A</TD> 372<TD VALIGN=top ALIGN=left>user can change password ? 0 if no, 1 if yes</TD> 373<TD VALIGN=top ALIGN=left>-A 1</TD> 374</TR> 375<TR><TD VALIGN=top ALIGN=left>-B</TD> 376<TD VALIGN=top ALIGN=left>user must change password at first session ? 0 if no, 1 377 if yes</TD> 378<TD VALIGN=top ALIGN=left>-B 1</TD> 379</TR> 380<TR><TD VALIGN=top ALIGN=left>-C</TD> 381<TD VALIGN=top ALIGN=left>set the samba home share</TD> 382<TD VALIGN=top ALIGN=left>-C \\PDC\homes</TD> 383</TR> 384<TR><TD VALIGN=top ALIGN=left> </TD> 385<TD VALIGN=top ALIGN=left> </TD> 386<TD VALIGN=top ALIGN=left>-C ""</TD> 387</TR> 388<TR><TD VALIGN=top ALIGN=left>-D</TD> 389<TD VALIGN=top ALIGN=left>set a letter associated with the home share</TD> 390<TD VALIGN=top ALIGN=left>-D H:</TD> 391</TR> 392<TR><TD VALIGN=top ALIGN=left> </TD> 393<TD VALIGN=top ALIGN=left> </TD> 394<TD VALIGN=top ALIGN=left>-D ""</TD> 395</TR> 396<TR><TD VALIGN=top ALIGN=left>-E</TD> 397<TD VALIGN=top ALIGN=left>set DOS script to execute on login</TD> 398<TD VALIGN=top ALIGN=left>-E common.bat</TD> 399</TR> 400<TR><TD VALIGN=top ALIGN=left> </TD> 401<TD VALIGN=top ALIGN=left> </TD> 402<TD VALIGN=top ALIGN=left>-E ""</TD> 403</TR> 404<TR><TD VALIGN=top ALIGN=left>-F</TD> 405<TD VALIGN=top ALIGN=left>set the profile directory</TD> 406<TD VALIGN=top ALIGN=left>-F \\PDC\profiles\user</TD> 407</TR> 408<TR><TD VALIGN=top ALIGN=left> </TD> 409<TD VALIGN=top ALIGN=left> </TD> 410<TD VALIGN=top ALIGN=left>-F ""</TD> 411</TR> 412<TR><TD VALIGN=top ALIGN=left>-H</TD> 413<TD VALIGN=top ALIGN=left>set the samba account control bits like'[NDHTUMWSLKI]'</TD> 414<TD VALIGN=top ALIGN=left>-H [X]</TD> 415</TR> 416<TR><TD VALIGN=top ALIGN=left>-I</TD> 417<TD VALIGN=top ALIGN=left>disable a user account</TD> 418<TD VALIGN=top ALIGN=left>-I 1</TD> 419</TR> 420<TR><TD VALIGN=top ALIGN=left>-J</TD> 421<TD VALIGN=top ALIGN=left>enable a user</TD> 422<TD VALIGN=top ALIGN=left>-J 1</TD> 423</TR> 424<TR><TD VALIGN=top ALIGN=left>-M</TD> 425<TD VALIGN=top ALIGN=left>local mailAddress (comma seperated)</TD> 426<TD VALIGN=top ALIGN=left>-M testuser,aliasuser</TD> 427</TR> 428<TR><TD VALIGN=top ALIGN=left>-T</TD> 429<TD VALIGN=top ALIGN=left>forward mail address (comma seperated)</TD> 430<TD VALIGN=top ALIGN=left>-T 431 testuser@domain.org</TD> 432</TR></TABLE> 433 </DIV> 434 <BR> 435<DIV ALIGN=center>Table 4: Options available to the <TT>smbldap-usermod</TT> script</DIV><BR> 436 437 <A NAME="table::modify::user"></A> 438<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE> 439You can also use the <TT>smbldap-userinfo</TT> script to update user's information. This script can 440also be used by users themselves to update their own informations listed in the tables 441<A HREF="#table::modify::self::user">5</A> (adequats ACL must be set in the directory server). Available 442options are : 443<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV> 444 <DIV ALIGN=center> 445 <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1> 446<TR><TD VALIGN=top ALIGN=left>option</TD> 447<TD VALIGN=top ALIGN=left>definition</TD> 448<TD VALIGN=top ALIGN=left>example</TD> 449</TR> 450<TR><TD VALIGN=top ALIGN=left>-f</TD> 451<TD VALIGN=top ALIGN=left>set the full name's user</TD> 452<TD VALIGN=top ALIGN=left>-f MyName</TD> 453</TR> 454<TR><TD VALIGN=top ALIGN=left>-r</TD> 455<TD VALIGN=top ALIGN=left>set the room number</TD> 456<TD VALIGN=top ALIGN=left>-r 99</TD> 457</TR> 458<TR><TD VALIGN=top ALIGN=left>-w</TD> 459<TD VALIGN=top ALIGN=left>set the work phone number</TD> 460<TD VALIGN=top ALIGN=left>-w 111111111</TD> 461</TR> 462<TR><TD VALIGN=top ALIGN=left>-h</TD> 463<TD VALIGN=top ALIGN=left>set the home phone number</TD> 464<TD VALIGN=top ALIGN=left>-h 222222222</TD> 465</TR> 466<TR><TD VALIGN=top ALIGN=left>-o</TD> 467<TD VALIGN=top ALIGN=left>set other information (in gecos definition)</TD> 468<TD VALIGN=top ALIGN=left>-o "second stage"</TD> 469</TR> 470<TR><TD VALIGN=top ALIGN=left>-s</TD> 471<TD VALIGN=top ALIGN=left>set the default bash</TD> 472<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD> 473</TR></TABLE> 474 </DIV> 475 <BR> 476<DIV ALIGN=center>Table 5: Options available to the <TT>smbldap-userinfo</TT> script</DIV><BR> 477 478 <A NAME="table::modify::self::user"></A> 479<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE> 480<A NAME="toc10"></A> 481<H3><A NAME="htoc19">4.3</A> Group management</H3> 482 483<H4><A NAME="htoc20">4.3.1</A> Adding a group</H4> 484To add a new group in the LDAP directory, use the <TT>smbldap-groupadd</TT> 485script. Available options are listed in the table 486<A HREF="#table::add::group">6</A>. 487<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV> 488 <DIV ALIGN=center> 489 <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1> 490<TR><TD VALIGN=top ALIGN=left NOWRAP>option</TD> 491<TD VALIGN=top ALIGN=left>definition</TD> 492<TD VALIGN=top ALIGN=left NOWRAP>example</TD> 493</TR> 494<TR><TD VALIGN=top ALIGN=left NOWRAP>-a</TD> 495<TD VALIGN=top ALIGN=left>add automatic group mapping entry</TD> 496<TD VALIGN=top ALIGN=left NOWRAP> </TD> 497</TR> 498<TR><TD VALIGN=top ALIGN=left NOWRAP>-g <TT>gid</TT></TD> 499<TD VALIGN=top ALIGN=left>set the <I>gidNumer</I> for this group to 500 <I>gid</I></TD> 501<TD VALIGN=top ALIGN=left NOWRAP><TT>-g 1002</TT></TD> 502</TR> 503<TR><TD VALIGN=top ALIGN=left NOWRAP>-o</TD> 504<TD VALIGN=top ALIGN=left>gidNumber is not unique</TD> 505<TD VALIGN=top ALIGN=left NOWRAP> </TD> 506</TR> 507<TR><TD VALIGN=top ALIGN=left NOWRAP>-r <TT>group-rid</TT></TD> 508<TD VALIGN=top ALIGN=left>set the rid of the group to 509 <I>group-rid</I></TD> 510<TD VALIGN=top ALIGN=left NOWRAP><TT>-r 1002</TT></TD> 511</TR> 512<TR><TD VALIGN=top ALIGN=left NOWRAP>-s <TT>group-sid</TT></TD> 513<TD VALIGN=top ALIGN=left>set the sid of the group to 514 <I>group-sid</I></TD> 515<TD VALIGN=top ALIGN=left NOWRAP><TT><FONT SIZE=1>-s 516 S-1-5-21-3703471949-3718591838-2324585696-1002</FONT></TT></TD> 517</TR> 518<TR><TD VALIGN=top ALIGN=left NOWRAP>-t <TT>group-type</TT></TD> 519<TD VALIGN=top ALIGN=left>set the <I>sambaGroupType</I> to 520 <I>group-type</I></TD> 521<TD VALIGN=top ALIGN=left NOWRAP><TT>-t 2</TT></TD> 522</TR> 523<TR><TD VALIGN=top ALIGN=left NOWRAP>-p</TD> 524<TD VALIGN=top ALIGN=left>print the gidNumber to stdout</TD> 525<TD VALIGN=top ALIGN=left NOWRAP> </TD> 526</TR></TABLE> 527 </DIV> 528 <BR> 529<DIV ALIGN=center>Table 6: Options available for the <TT>smbldap-groupadd</TT> script</DIV><BR> 530 531 <A NAME="table::add::group"></A> 532<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE> 533 534<H4><A NAME="htoc21">4.3.2</A> Removing a group</H4> 535To remove the group named <TT>group1</TT>, just use the following 536command : 537<PRE> 538smbldap-userdel group1 539</PRE> 540<A NAME="toc11"></A> 541<H3><A NAME="htoc22">4.4</A> Adding a interdomain trust account</H3><A NAME="trust::account"></A> 542To add an interdomain trust account to the primary controller <I>trust-pdc</I>, use the <TT>-i</TT> option of 543<TT>smbldap-useradd</TT> as follows : 544<PRE> 545[root@etoile root]# smbldap-useradd -i trust-pdc 546New password : ******* 547Retype new password : ******* 548</PRE> 549The script will terminate asking for a password for this trust 550account. The account will be created in the directory branch where 551all computer accounts are stored (<TT>ou=Computers</TT> by 552default). The only two particularities of this account are that you are 553setting a password for this account, and the flags of this account are 554<TT>[I ]</TT>. 555 <HR> 556<A HREF="smbldap-tools004.html"><IMG SRC ="previous_motif.gif" ALT="Pr�c�dent"></A> 557<A HREF="index.html"><IMG SRC ="contents_motif.gif" ALT="Remonter"></A> 558<A HREF="smbldap-tools006.html"><IMG SRC ="next_motif.gif" ALT="Suivant"></A> 559</BODY> 560</HTML> 561
