Fork me on GitHub
mandriva

Mandriva Directory Server FAQ

How do I log in to the MMC web interface ?

The web interface is available at  http://your_server_name/mmc.

You can always log in to the MMC web interface using the root login and the LDAP administrator password.

After you installed the MMC, this is the only user you can use to log in to, because the LDAP directory is empty.

When I add a user, I get this error: "smbpasswd failed to change your password entry".

When adding a user with SAMBA properties, the MMC is using the SAMBA smbpasswd command. This error means smbpasswd could not contact the LDAP directory to properly add the SAMBA attributes to the user.

A good way to check that your SAMBA/LDAP setup is correctly configured is to create a user in the MMC web interface (called "usertest" for example) without the SAMBA properties checked, and then run this command: 

# smbpasswd -a usertest
New SMB password: [type a password]
Retype new SMB password: [type the same password again]

This command tries to add the SAMBA LDAP attributes to the "usertest" account. If there is a setup problem, the smbpasswd output should help you to diagnose it.

The most common problem is that NSS/LDAP has not been configured. Check  this part of the installation.

How do I automatically set ACL on new user ?

The user's ACL is the value of the lmcACL LDAP field of the user's LDAP entry. To set it automatically, use the userdefault section of the /etc/mmc/plugins/base.ini configuration file: 

[userdefault]
objectClass = +lmcUserObject
lmcACL = :base#users#passwd/

The ACL string of this example will allow the user to log in to the MMC web interface and change her/his password. To get an ACL string, go to the MMC ACL edition page of a user (key icon on the user list), switch to expert mode, and click on "Download ACL string".

How do I write scripts with the MMC API ?

All that you can do from the web interface can be scripted. It allows you for example to massively populate a LDAP directory with new users and groups. Some script examples are available on the Scripting page.

How to convert a Windows local profile to a SAMBA domain profile ?

You can use the "Moveuser.exe" utility available  from the Windows 2003 Resource Kit. 

C:\>moveuser/?

Command Line Syntax:

moveuser <user1> <user2> [/y] [/c:computer] [/k]

Arguments:

user1 Specifies a user who has a local profile.
user2 Specifies the user who will own user1's profile. This account must exist.
/y Allow overwrite of existing profile.
/c Specifies the computer to make the changes to.
/k Specifies if user1 is a local user, then the user account should be kept.

For example, type this on the Windows machine which owns the user1 local profile: 

moveuser user1 DOMAIN\user1 /y /k

Which Windows version do you support as a domain member ?

It depends on the SAMBA version you are using on the MDS server.

The latest SAMBA version has support for Windows 7, but you'll need to tweak the Windows registry setting. More informations are available at  the SAMBA Wiki.

My users can't login on the server (ftp, ssh ... via pam_ldap)

Remove the shadowMin and shadowExpires attributes on existing users.

Don't populate this attributes for new users in /etc/mmc/plugins/base.ini 

[userdefault]
shadowMin = DELETE
shadowExpire = DELETE

Why should I not use NSCD ?

NSCD is an caching system for OpenLDAP. It is bad to use NSCD on MDS because the changes done on MDS won't be available immediately since NSCD will provide a cached result.

If NSCD is running you should get this warning message :

- WARNING Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server.