On Wed, 2006-01-18 at 18:57 -0600, Oscar A. Valdez wrote: > El mi?, 18-01-2006 a las 15:24 -0600, Oscar A. Valdez escribi?: > > El lun, 16-01-2006 a las 18:01 -0600, Oscar A. Valdez escribi?: > > > El s?b, 14-01-2006 a las 23:08 -0700, Craig White escribi?: > > > > If you are going to use a tool like the PADL migration tool > > > > (migrate_passwd.pl), obviously you aren't going to get attributes beyond > > > > the posixAccount stuff. Samba has some tools - smbldap-tools which can > > > > attributes for the samba-schema... > > > > > > Thanks for your response. I'm going to read the "SMB LDAP PDC Howto" > > > found at http://samba.idealx.org/samba-ldap-howto.pdf. It's by the folks > > > who put together the smbldap-tools. > > > > Do the smbldap-tools work "out of the box" with the Fedora Directory > > Server? They're not tailored too tightly to OpenLDAP? > > To answer my own question: they seem to work with FDS. I just installed > them, and tried the smbldap-passwd command on a test account. The error > I get seems to be a permissions error: > > Unable to change password: Insufficient 'write' privilege to the > 'userPassword' attribute of entry > 'uid=ovaldez,ou=people,dc=duraflex,dc=com,dc=sv' > > Any ideas on how to fix this? ---- sure - you need to use a dn with sufficient access... i.e. cn=Directory Manager or by default, uid=ovaldez,ou=people,dc=duraflex,dc=com,dc=sv should have sufficient access to the userPasswd attribute you probably want to create a 'super user' account which can change all entries in 'dc=duraflex,dc=com,dc=sv' tree (see ACi) and set that to be the user that is 'ldap admin' in smb.conf and in smbldap-tools. Craig
