# HOWTO: Samba PDC with LDAP backend



## Sylhouette (Dec 3, 2008)

Hello all.
I have put this Howto in an HTML on the web.

This makes it easier to edit it, and keep it up to date.

you can find it here
http://www.xs4all.nl/~doub/samba-ldap/index.html

I updated it.
This howto uses FreeBSD 8.1 with the ports tree from 12-10-2010


I put in the BIND and DHCP config also.

regards,
Johan


----------



## DutchDaemon (Oct 15, 2010)

Since the first post was radically altered, the entire thread following it became 'orphaned', so we may as well start over again with the new information in the first post as a starting point.


----------



## fdge (Oct 21, 2010)

I keep getting "segmentation fault" with slapd and I'm just lost now with what could be wrong.


----------



## Sylhouette (Oct 22, 2010)

What do you get when you do a pkg_info

Also have you tried pkg_delete openldap-server-<version>
And the a reinstall.
you can also try pkg_add -r openldap-server, this way you install a package.
If that one also crash, something else is going on.

regards,
Syl


----------



## fdge (Oct 22, 2010)

Thank you.

For the record I was using:
`pkg_add [url]ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/All/openldap-server-2.4.23.tbz[/url]`

and trying [cmd=]pkg_add -r openldap-server[/cmd] led me to this and it worked. 

[cmd=]pkg_add -r openldap24-server[/cmd]
([cmd=]pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/openldap24-server.tbz[/cmd])


----------



## alisel (Oct 27, 2010)

Hi! I followed the HOWTO (thank you very much for your efforts!!) but I have a little issue. After applying changes to nsswitch.conf I get: nss_ldap could not search LDAP server. Slapd is up and running. Any ideas?


----------



## Sylhouette (Nov 2, 2010)

Did you fill the database..

Also make sure the ldap.conf file is correct.!

Gr
Syl


----------



## TitanIT (Nov 4, 2010)

Thank you for the good job on that howto.

I setup a 8.1 box based on this config using Nov 1st 2010 ports...

I think I ended up using a newer version of perl.. but it all went fairly smooth and it seems to work.

I joined a XP box to the domain, successfully logged in as root and I decided to download  Usermgr.exe as mentioned in the howto. I downloaded usermgr.exe from Microsoft.... I can see the accounts but once I try to do anything. it says 
	
	



```
A device attached to the system is not functioning
```
 Nothing strange on the workstation/firewall or whatnots.. and nothing odd in the logs, that I can tell.

Anyone experience this that knows a quick fix? 

Cheers

- Chris


----------



## Sylhouette (Nov 4, 2010)

Did you do the last step,   

```
net rpc join -S smb-server01 -Uroot
```

Also you can try to use quotes around the %x settings in the smb.conf file like below, and reload/restart samba


```
# scripts invoked by samba
      add user script               = /usr/local/sbin/smbldap-useradd -m "%u"
      delete user script            = /usr/local/sbin/smbldap-userdel "%u"
      add group script              = /usr/local/sbin/smbldap-groupadd -p "%g"
      delete group script           = /usr/local/sbin/smbldap-groupdel "%g"
      add user to group script      = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
      delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
      set primary group script      = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
      add machine script            = /usr/local/sbin/smbldap-useradd -w "%m"
```

regards,
Johan


----------



## fuzzy-hat (Nov 14, 2010)

Tried following this a few times, always running into some sort of error.

Cleaned 8.1 FreeBSD install and I followed the guide until I get to the part about starting slapd and get the following error:

```
# /usr/local/etc/rc.d/slapd start
Starting slapd.
Unrecognized database type (bdb)
/usr/local/etc/rc.d/slapd: WARNING: failed to start slapd
```

I can't see to figure out how to fix it. I watched it install BDB, so I'm not sure why it's complaining. I ended up using Samba 3.4.8 because apparently I can't figure out how to get the newest version to appear in /usr/ports/. Hopefully that won't matter...


----------



## TitanIT (Nov 15, 2010)

fuzzy-hat -
Samba 3.5.6 was in ports 2 weeks back.. now it is a bad plist.

I had the same issue make sure you have the following line in your slapd.conf:


```
moduleload back_bdb
```

Sylhouette -

I did the net join command first time around.. I havn't been able to test the quotes yet.. let you know if that fixes it.

Thanks,

- Chris


----------



## Sylhouette (Nov 15, 2010)

About the moduleload back_bdb in the slapd.conf file, i had to remover it.
If i did leave it in there, it would not start, and errors out with something like module BDB already loaded.(out of my head)


I will add it to the howto.

Gr
Syl


----------



## TitanIT (Nov 15, 2010)

Syl, i think its the way the newer version is built in ports.. 

I tried to use quotes around the %x settings in the smb.conf but unfortunately still getting the same error as posted earlier. 
- Chris


----------



## Sylhouette (Nov 16, 2010)

I know i had this error message once.
I do not remember what i did to resolv this.

Could it be that cups is not running?
If my memory serves me well, it had something to do with a service that is not running, but i could be wrong.

If i have some more time, i will look into this.

Gr
Syl


----------



## fuzzy-hat (Nov 25, 2010)

Thanks for the suggestion.
I'm going to give it another go.


----------



## fuzzy-hat (Nov 29, 2010)

I'd like to start by pointing out I'm an idiot. I've found some of my mistakes. So for anyone else reading this



			
				fuzzy-hat said:
			
		

> # /usr/local/etc/rc.d/slapd start
> Starting slapd.
> Unrecognized database type (bdb)
> /usr/local/etc/rc.d/slapd: WARNING: failed to start slapd
> ...


This is actually addressed in the HOW TO. It's possible it wasn't there until recently but more likely I skimmed over it because I've never had to change that value before. All I had to do was actually read the guide and uncomment

```
moduleload back_bdb
```
in the slapd.conf file to make it work.



			
				fuzzy-hat said:
			
		

> I ended up using Samba 3.4.8 because apparently I can't figure out how to get the newest version to appear in /usr/ports/.


As for this, from what I understood from googling, the way to update your ports tree was to use csup or cvsup (I think I tried something else as well). It of course looked like it was updating to me, but nothing ever changed.

Today I finally found out that you run:
[CMD=]portsnap fetch[/cmd]
[cmd=]portsnap extract[/CMD]

to update your ports tree.

Next time I will try to read better. Sorry for wasting people's time.


----------



## tanked (Dec 22, 2010)

Hello, if I want to add a FreeBSD ZFS file server to a Windows 2003 AD domain, could anybody point out what modifications I need to make to this how-to (obviously I won't need LDAP, DHCP etc...)


----------



## Sylhouette (Dec 23, 2010)

try following the directions i posted in the following thread

http://forums.freebsd.org/showthread.php?t=20007

Gr
Syl


----------



## padrino (Mar 20, 2011)

Hi

First of all, thank you for the HowTO!

I have some little problems with my config. I try to get my ldap into a jail, so my network config of the host is: 
	
	



```
fxp0 192.168.1.66
```
 with alias for the jail on 192.168.100.1 the jail is called "ldap-jail"

So the first problem I have, is running *slapd* with 

```
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://127.0.0.1/ ldap://192.168.100.1/"'
```

Without the parameter ldap://192.168.100.1 *slapd* starts without problems, but with the parameter I get:

```
Mar 18 21:28:39 LDAP slapd[25467]: @(#) $OpenLDAP: slapd 2.4.24 (Mar 18 2011 16:32:42) $ 	root@LDAP:/usr/ports/net/openldap24-
server/work/openldap-2.4.24/servers/slapd
Mar 18 21:28:39 LDAP slapd[25467]: daemon: bind(8) failed errno=48 (Address already in use)
Mar 18 21:28:39 LDAP slapd[25467]: slapd stopped.
Mar 18 21:28:39 LDAP slapd[25467]: connections_destroy: nothing to destroy.
```

So I proceed without this parameter, but at the end of the samba section I have another problem when I try to populate the database:


```
smb-server01# smbldap-populate -u 10000 -g 10000 -r 10000
Populating LDAP directory for domain TESTDOMAIN (S-1-5-21-3989252577-37338151-2932095156)
(using builtin directory structure)

adding new entry: dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 7.
adding new entry: ou=People,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 12.
adding new entry: ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 17.
adding new entry: ou=Computers,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 22.
adding new entry: ou=Idmap,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 27.
adding new entry: uid=root,ou=People,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 58.
adding new entry: uid=nobody,ou=People,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 89.
adding new entry: cn=Domain Admins,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 101.
adding new entry: cn=Domain Users,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 112.
adding new entry: cn=Domain Guests,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 123.
adding new entry: cn=Domain Computers,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 134.
adding new entry: cn=Administrators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 179.
adding new entry: cn=Account Operators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 201.
adding new entry: cn=Print Operators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 212.
adding new entry: cn=Backup Operators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 223.
adding new entry: cn=Replicators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 234.
adding new entry: sambaDomainName=TESTDOMAIN,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 242.

Please provide a password for the domain root: 
No such object at /usr/local/lib/perl5/site_perl/5.12.3/smbldap_tools.pm line 409.
```

Now I don't know how to resolve this issue and proceed... any ideas?

Thank you

P.S. at the end of smbldap.conf there is 
	
	



```
smbpasswd="/usr/local/bin/smbpasswd"
```
 that should be 
	
	



```
smbpasswd="/usr/local/[B]s[/B]bin/smbpasswd"
```


----------



## padrino (Mar 20, 2011)

Sorry for the double-post.

The second issue I had is now solved, I forgot a "{" in my configuration file. Unfortunately I'm still not able to join my domaincontroller.


```
smb-server01# net rpc join -S smb-server01 -Uroot
Connection failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Enter root's password:
Could not connect to server smb-server01
Connection failed: NT_STATUS_INVALID_NETWORK_RESPONSE
```

It also fails, when I'm trying do join from a Windows-Client, maybe the reason is the missing parameter 192.168.100.1 in the /etc/rc.conf? :\


----------



## CKeoni86 (Apr 21, 2011)

Hello,

I'm running into the same error as padrino. I followed the tutorial for setting up a Samba PDC with LDAP backend from Sylhouette quite strictly.


```
Please provide a password for the domain root:
No such object at /usr/local/lib/perl5/site_perl/5.12.3/smbldap_tools.pm line 409.
```

Can anyone point me into the right direction to righting this dilemma?

Thanks in advance.


----------



## toomanysecrets (May 9, 2011)

Hi Padrino.



			
				padrino said:
			
		

> Sorry for the double-post.
> 
> The second issue I had is now solved, I forgot a "{" in my configuration file. Unfortunately I'm still not able to join my domaincontroller.



Please, could you tell me in what configuration file did you forgot the "{"? I'm also following the same URL to FreeBSD+Samba+PDC and have the same issue as you.

Thank you!!


----------



## bsus (Jul 9, 2011)

Hi, I followed the howto until net getlocalsid but here I am getting following output:

```
net getlocalsid
[2011/01/15 14:18:01.950062,  0] lib/smbldap.c:1151(smbldap_connect_system)
  failed to bind to server ldap://192.168.178.4/ with dn="cn=Manager,dc=fritz,dc=box" Error: Can't contact LDAP server
  	(unknown)
SID for domain SAMBA_SERVER is: S-1-5-21-995152089-1900560301-1122320211
```
Can I ignore this or is this more then just a warning?

Regards


----------



## Sylhouette (Nov 2, 2011)

Yes you can, i did a little upgrade to the howto and use the smbldap config script.

It times out because the ldap server is not running.

regards
Johan


----------



## illex (Nov 5, 2011)

*testparm warnings*

Hi! When I used the *testparm* command, I received some warrnings. Can somebody help me with that? And thanks for HOWTO.



```
srv01# testparm /usr/local/etc/smb.conf
Load smb config files from /usr/local/etc/smb.conf
max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
WARNING: The "enable privileges" option is deprecated
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Processing section "[netlogon]"
Processing section "[homes]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
```


----------



## illex (Nov 5, 2011)

Oh,

```
max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
```

It was fixed by editing a /boot/loader.conf. But WARNINGS still continuous.


----------



## Sylhouette (Nov 5, 2011)

/boot/loader.conf values are only read at bootup.
So you need to reboot the machine.

regards
Johan


----------



## illex (Nov 5, 2011)

Yeah, I fixed it. Now I have:


```
srv01# testparm /usr/local/etc/smb.conf
Load smb config files from /usr/local/etc/smb.conf
WARNING: The "enable privileges" option is deprecated
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Processing section "[netlogon]"
Processing section "[homes]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
```

So how can I fix this WARNINGS? thx


----------



## Sylhouette (Nov 5, 2011)

I think you use a newer version of samba then 3.5.x.
Are you using samba 3.6.1?

If so, comment out by putting a # before the following lines.


```
enable privileges = yes
      idmap backend                 = ldap:ldap://smb-server01.testdomain.com
      idmap uid                     = 10000-20000
      idmap gid                     = 10000-20000
```
That should get rid of the errors.

Gr
Johan


----------



## illex (Nov 5, 2011)

Yes, I'm using samba 3.6.1.
I've commented those lines and now it has no warnings, but does it's ok without those lines? 

Now I have some problem with connection to domain:

```
srv01# net rpc join -S srv01 -U root
Connection failed: NT_STATUS_INVALID_PARAMETER
Enter root's password:
Could not connect to server srv01
Connection failed: NT_STATUS_INVALID_PARAMETER
```
Do you know how to fix it?
thx


----------



## Sylhouette (Nov 6, 2011)

No i have not used samba 3.6.1 before.
Maybe i have some time next week to try it, but i can not promise if i get to it.

Is everything running?
Cups, samba,(smbd, nmbd and winbind) slapd and so on.
Also try -Uroot without a space, i do not know if it makes a difference.

If you find the solution yourself, please let me know, then i can edit the howto.

regards
Johan


----------



## illex (Dec 4, 2011)

I guess the problem was because of I tried to install samba as pdc on computer with 2 ethernet card and PF firewall  

Now it works! 

I'm sorry for newbie question, but how should I add users? I've downloaded "LDAP Admin", but I'm not sure that it's right way. Maybe I should use some commands?


----------



## Sylhouette (Dec 4, 2011)

Hello, there are several ways.

one is LDAP Admin like you installed.

There is also ldap account manager also in the ports tree.

http://www.ldap-account-manager.org/ 


or you could use the command line.

http://clark-technet.com/linux-guides/adding-users-to-samba-ldap

The commands in your /usr/local/etc/smb.conf file can be used also from the command line.


```
add user script               = /usr/local/sbin/smbldap-useradd -m %u
      delete user script            = /usr/local/sbin/smbldap-userdel %u
      add group script              = /usr/local/sbin/smbldap-groupadd -p %g
      delete group script           = /usr/local/sbin/smbldap-groupdel %g
      add user to group script      = /usr/local/sbin/smbldap-groupmod -m %u %g
      delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
      set primary group script      = /usr/local/sbin/smbldap-usermod -g %g %u
      add machine script            = /usr/local/sbin/smbldap-useradd -w %m
```

So the following comman will add the user illex to the system

```
/usr/local/sbin/smbldap-useradd -m illex
```

The following command will add a new group named experts


```
/usr/local/sbin/smbldap-groupadd -p experts
```

The following command will add the user illex to the group experts

```
/usr/local/sbin/smbldap-groupmod -m illex experts
```

So there are many ways 

regards
Johan


----------



## Daren (Jan 4, 2012)

Hi

I know it's been a while since this has been updated, but firstly: thanks!

I am having a small issue regarding certain aspects of the "net rpc" command though.

If I do:

```
# net rpc info -U root%password
```

I get output as expected (listing domain name, sid, number of users etc.), however the following happens if I try to list groups, for instance:


```
# net rpc group list -U root%password
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_INVALID_PARAMETER
```

I get something similar if I try the command relating to users, but with an additional error:

```
# net rpc user info darenr -U root%password
Connection to localhost failed (Error NT_STATUS_INVALID_PARAMETER)
Failed to get groups for 'darenr' with error: Failed to connect to IPC$ share on localhost.
```

I have tried a bit of googling, but nothing seems to come up (or I'm going blind )

I have been able to successfully join a workstation to the domain, and login as a user I added via LAM, as well as successfully adding files to the test share I have set up.

If you could give any pointers or hints as to what I may have missed, I'd much appreciate it.

Thanks
Daren


----------



## Daren (Jan 6, 2012)

I found out my issue.  Although I had looked at it so many times, I had missed a "0" on the end of the lo0 interface in smb.conf.

What an idiot I feel :r


----------



## bmmcwhirt (Jun 25, 2012)

I followed this and everything goes great. However in Win7pro64 you cant run usermgr.exe.  So I use the [cmd=]/usr/local/sbin/smbldap-useradd -m %u[/cmd] command with my intended user name, then I use smbldap-passwd to set the password. The user remains unable to log into the domain. I can join a machine to the domain just fine and I can even login with "root" on the domain.

Samba error log for the machine:

```
[2012/06/25 19:56:46.381799,  0] lib/util_sock.c:474(read_fd_with_timeout)
[2012/06/25 19:56:46.382697,  0] lib/util_sock.c:1441(get_peer_addr_internal)
  getpeername failed. Error was Socket is not connected
  read_fd_with_timeout: client 0.0.0.0 read error = Socket is not connected.
```

and this is in slapd.conf:

```
Jun 25 19:56:17 services slapd[723]: conn=1155 fd=23 ACCEPT from IP=192.168.11.7:44708 (IP=192.168.11.7:389)
Jun 25 19:56:17 services slapd[723]: conn=1155 op=0 BIND dn="cn=Manager,dc=kb9yen,dc=com" method=128
Jun 25 19:56:17 services slapd[723]: conn=1155 op=0 BIND dn="cn=Manager,dc=kb9yen,dc=com" mech=SIMPLE ssf=0
Jun 25 19:56:17 services slapd[723]: conn=1155 op=0 RESULT tag=97 err=0 text=
Jun 25 19:56:17 services slapd[723]: connection_input: conn=1155 deferring operation: binding
Jun 25 19:56:17 services slapd[723]: conn=1155 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=1 SRCH attr=supportedControl
Jun 25 19:56:17 services slapd[723]: conn=1155 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 25 19:56:17 services slapd[723]: conn=1155 op=2 SRCH base="dc=kb9yen,dc=com" scope=2 deref=0
 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=2 SRCH attr=gidNumber sambaSID sambaGroupType
 sambaSIDList description displayName cn objectClass
Jun 25 19:56:17 services slapd[723]: conn=1155 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 25 19:56:17 services slapd[723]: conn=1155 op=3 SRCH base="sambaDomainName=KB9YEN,dc=kb9yen,dc=com"
 scope=0 deref=0 filter="(objectClass=sambaDomain)"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=3 SRCH attr=sambaPwdHistoryLength
Jun 25 19:56:17 services slapd[723]: conn=1155 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SRCH base="dc=kb9yen,dc=com" scope=2 deref=0
 filter="(&(uid=bmmcwhirt)(objectClass=sambaSamAccount))"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SRCH attr=uid uidNumber gidNumber homeDirectory
 sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
 sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
 sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
 objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
 sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SRCH attr=homeDirectory loginShell gecos
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 25 19:56:46 services slapd[723]: conn=1155 op=5 UNBIND
Jun 25 19:56:46 services slapd[723]: conn=1155 fd=23 closed
```

And the relevant output of *ldapsearch*:

```
# bmmcwhirt, People, kb9yen.com
dn: uid=bmmcwhirt,ou=People,dc=kb9yen,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
cn: bmmcwhirt
sn: bmmcwhirt
uid: bmmcwhirt
uidNumber: 10003
gidNumber: 513
homeDirectory: /home/bmmcwhirt
loginShell: /bin/sh
gecos: System User
givenName: bmmcwhirt
userPassword:: {deleted for security}
shadowLastChange: 15516
shadowMax: 10000
```

Any help or advice would be greatly appreciated.


----------



## gkontos (Oct 16, 2012)

Excellent how-to, works like a charm with some modifications for net/samba36

Thumbs up!


----------

