Samba LDAP initial group/user setup

According to the group mapping section of the Samba HOWTO Collection you need to set up the default groups if you are setting up Samba for LDAP. Remember to set up your smbldap_conf.pm file first and then do something like this:

/usr/share/samba/scripts/smbldap-groupadd.pl -g 512 domadm
/usr/share/samba/scripts/smbldap-groupadd.pl -g 513 domuser
/usr/share/samba/scripts/smbldap-groupadd.pl -g 514 domguest
/usr/share/samba/scripts/smbldap-groupadd.pl -g 515 domcomps
/usr/share/samba/scripts/smbldap-groupadd.pl -g 516 domconts
net groupmap add rid=512 ntgroup="Domain Admins" UNIXgroup=domadm
net groupmap add rid=513 ntgroup="Domain Users" UNIXgroup=domuser
net groupmap add rid=514 ntgroup="Domain Guests" UNIXgroup=domguest
net groupmap add rid=515 ntgroup="Domain Computers" UNIXgroup=domcomps
net groupmap add rid=516 ntgroup="Domain Controllers" UNIXgroup=domconts
/usr/share/samba/scripts/smbldap-useradd.pl -a -u 500 -g domadm -n -A 1 -N Domain -S Administrator Administrator
/usr/share/samba/scripts/smbldap-passwd.pl Administrator

Please note that this does not set up the complete groups that Windows DC’s provide, but gives enough to start with a basic system and you can build it from there.

Samba 3.0 and LDAP

I am currently setting up a new Samba 3.0 server with an LDAP backend both for the POSIX (UNIX) accounts and for the samba accounts. The aim is to enable the less technical back office staff to be able to deal with user administration from a windows client, leaving me to do more web brow^H^H^H^H^H^H^H^H work on the servers. This section of the blog will mainly be a write up of all the stuff I find that helps me on the way… To start with here are some useful links:

Setting up LDAP authentication
Setting up samba as a PDC
Advanced samba / LDAP

Although the samba entries seem to apply to samba 2 which has some differences with LDAP compared to samba 3.