HP CIFS Server Administrator Guide Version A.02.04.04 (5070-6710, October 2011)
NOTE: You must ensure that the password correctly matches with the password for the ldap
admin directory manager. This password is for user administration and is stored for later use. If
the password is incorrect, no error message is displayed, but the user administration will fail when
attempted.
Adding a Samba User to the LDAP Directory
An existing POSIX user must already exists in the LDAP directory before you run the smbpasswd
-a command to add the corresponding Samba user and its sambaSamAccount information
required for HP CIFS Server user authentication.
If the POSIX user does not already exist in the LDAP directory server, you must first add the POSIX
user entry with your HP Netscape/Red Hat Directory Server commands. You can use the
ldapmodify tool to add, modify or delete the POSIX user account in an LDAP directory. See the
“LDAP Directory Management Tools” (page 171) section in the “Tool Reference” chapter for more
information on these LDAP directory management tools.
Procedures for Adding a Samba User
1. Use the ldapmodify command to create the POSIX user account entry to the LDAP directory
server:
For example, the following ldapmodify command adds the POSIX user account entry,
usercifs1, to the LDAP directory server, ldapserver:
ldapmodify -a -D "cn=Directory Manager,dc=hp,dc=com" -w dmpasswd
-h ldapserver -f new.ldif
As an example, the following LDIF update file, new.ldif, contains update statements to
create the user account, usercifs1, to the LDAP directory server:
dn: uid=usercifs1,ou=Pepole, dc=example,dc=hp,dc=com
objectclass: top
objectclass: account
objectclass: posixAccount
memberuid: usercifs1
homedirectory: /home/usercifs1
loginshell: /usr/bin/krh
gecos: Usercifs1 Hu, 40N-20
For more information on how to use the ldapmodify tool to modify the entries of the LDAP
directory server using the LDIF update file, refer to the “Creating Directory Entries” chapter in
“Part 1, Administering Red Hat Director Server” of the “Netscape/Red Hat Directory Server
Administrator's Guide”.
2. Run the smbpasswd -a command to add the sambaSamAccount information for a user to
the LDAP directory server if the smb.conf parameter, passwd_backend, is set to ldapsam:
smbpasswd -a <user name>
For example, the following command creates the Samba account for the user, cifsuser1:
smbpasswd -a cifsuser1
Verifying Samba Users
You can use the ldapsearch command-line utility to locate and retrieve LDAP directory entries.
This utility opens a connection to the specified server using the specified Distinguished Name (DN)
and password, and locates entries based on the specified search filter.
This section describes a portion of the available options for the ldapsearch command. See the
““LDAP Directory Management Tools” (page 171) section in chapter 14, “Tool Reference” for a
more complete description of this command.
94 LDAP Integration Support