HP CIFS Server Administrator's Guide (5900-1282, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

100

Procedures for Adding a Samba User

1. Use the ldapmodify command to create the POSIX user account entry to the LDAP directory

server:

For example, the following ldapmodify command adds the POSIX user account entry,

usercifs1, to the LDAP directory server, ldapserver:

ldapmodify -a -D "cn=Directory Manager,dc=hp,dc=com" -w dmpasswd

-h ldapserver -f new.ldif

As an example, the following LDIF update file, new.ldif, contains update statements to

create the user account, usercifs1, to the LDAP directory server:

dn: uid=usercifs1,ou=Pepole, dc=example,dc=hp,dc=com

objectclass: top

objectclass: account

objectclass: posixAccount

memberuid: usercifs1

homedirectory: /home/usercifs1

loginshell: /usr/bin/krh

gecos: Usercifs1 Hu, 40N-20

For more information on how to use the ldapmodify tool to modify the entries of the LDAP

directory server using the LDIF update file, refer to the “Creating Directory Entries” chapter in

“Part 1, Administering Red Hat Director Server” of the “Netscape/Red Hat Directory Server

Administrator's Guide”.

2. Run the smbpasswd -a command to add the sambaSamAccount information for a user to

the LDAP directory server if the smb.conf parameter, passwd_backend, is set to ldapsam:

smbpasswd -a <user name>

For example, the following command creates the Samba account for the user, cifsuser1:

smbpasswd -a cifsuser1

Verifying Samba Users

You can use the ldapsearch command-line utility to locate and retrieve LDAP directory entries.

This utility opens a connection to the specified server using the specified Distinguished Name (DN)

and password, and locates entries based on the specified search filter.

This section describes a portion of the available options for the ldapsearch command. See the

““LDAP Directory Management Tools” (page 166) section in chapter 13, “Tool Reference” for a

more complete description of this command.

Syntax

ldapsearch [option]

Option

-b Specifies the starting point for the search. The value specified must be a distinguished name

that currently exits in the database.

-s Specifies the scope of the search.

-D Specifies the distinguished name (DN) with which to authenticate to the server. If specified,

this value must be a DN recognized by the Directory Server, and it must also have the authority

to search for the entries.

-w Specifies the password of the directory manager

Example

The following example uses the ldapsearch utility to check that the user entry johnl contains

the sambaAccount objectclass:

94 LDAP Integration Support