The Users page displays the eDirectory users that have been granted access to this Samba server, along with their context and group membership information.
This section covers the following user-related tasks that are performed via the Samba management plug-in in iManager:
Adding a user enables Samba access by making the user a member of the default Samba Users Group.
IMPORTANT:Before you add eDirectory users to give them access to this Samba server, make sure that the users have been created in a container with a Samba-compliant password policy and that they have Universal Passwords. You cannot assign a password policy to a group; only to containers, partitions, and individual users.
Adding users automatically LUM enables them if they are not already LUM-enabled and Samba enables them if they are not already Samba-enabled. It also makes each user a member of the default Samba group for this server (server_name-W-SambaUserGroup) and makes that group the primary group.
NOTE:The default Samba group denies access to the ssh service even if it has been LUM-enabled. It grants access to all other LUM-enabled services running on this server. The exact list depends on which services you selected when you configured Linux User Management. You can enable or disable access to these services by editing the Linux profile of the group (Groups > Modify Group > specify group > Linux Profile > Linux Services).
The Samba plug-in only adds and removes users from the default Samba group. If you want to use another group specifically for enabling Samba access, create a new group with the desired Samba users as members, then use the Linux User Management plug-in to enable the group for Linux. You can also modify the new group’s Linux profile to enable access to LUM-enabled services. Then use the smbbulkadd command-line tool, referencing the users in the new group, to Samba-enable the users.
If a user is already a member of another LUM-enabled group, adding the user as a Samba user changes the user’s primary group to the default Samba group. Depending on how you have set up group access to Linux services on this particular workstation, the user might lose access to Linux services that were previously allowed.
Create the Samba domain object:
Obtain the Netbios Name from iManager > Role and Tasks > File Protocols > Samba > Server Object > General tab > NetBios Name:.
Obtain th Samba domain SID from iManager > Role and Tasks > File Protocols > Samba > <Server Object> > General tab > Domain SID:.
Obtain the proxy user information for novell-samba from the parameter CONFIG_SAMBA_PROXY_USER_CONTEXT in /etc/sysconfig/novell/nvlsamba_oes2018.
Create the ldif file
dn: sambaDomainName=<netbios name>,o=novell changetype: add sambaLockoutObservationWindow: 30 sambaLockoutDuration: 30 sambaMinPwdAge: 0 sambaMaxPwdAge: -1 sambaLogonToChgPwd: 0 sambaPwdHistoryLength: 0 sambaMinPwdLength: 5 sambaAlgorithmicRidBase: 1000 sambaNextUserRid: 1000 sambaSID: <domain SID> sambaDomainName: <server name> objectClass: sambaDomain objectClass: Top ACL: 16#subtree#<proxy user>#[Entry Rights]
Execute the command /usr/bin/ldapadd -D <tree admin> -w <tree admin password> -f ./sambadomain.ldif -Z
Modify the password of the proxy user obtained from step 1c using iManager > Roles and Tasks > Users > Modify User > Search the User> > NMAS > Set Password.
Add the secrets.tdb entry for the proxy user:
Execute the command /opt/novell/xad/samba/bin/tdbtool /etc/samba/secrets.tdb
In tdb shell launched, run the command tdb> insert SECRETS/LDAP_BIND_PW/<FQDN of the proxy user> <modified password of the proxy user>
Confirm that the entry is added by running dump command in tdb shell.
Select the Users tab.
Click Add.
Use one of the following methods to select the users you want to give access to this server:
To select a single User object to add, click Select a Single Object.
To select multiple User objects to add, click Select Multiple Objects.
To select User objects to add from a list, click Simple Selection.
Click the Search icon to open the Object Selector and browse or search the list to locate the User objects you want to add.
Click the Object History icon to select User objects you have recently managed.
Click OK to finish adding the users.
Or click Cancel to return to the previous page without adding the selected users.
Removing a user revokes that user’s membership in the default Samba group, which disables that user’s Samba access. It does not delete the User object in eDirectory or remove the user’s UID.
IMPORTANT:Removing users does not disable Samba access if the users are members of other LUM-enabled groups associated with this Samba server. If a user is a member of only the default Samba Users Group, removing the user disables that user’s access to any Linux services that were enabled for the group. If the user is a member of other groups, the user retains LUM access to Linux services enabled for those groups.
To remove one or more users as Samba users for this server:
Select the Users tab.
Select the users you want to remove.
Click Remove.