Line 8: |
Line 8: |
| | | |
| | | |
− | Use <code>pwgen 64</code> to generate a password. Then create your user. | + | Use <code>pwgen 64</code> to generate a password. Then create your user. |
| | | |
| samba-tool user create ps1-sa-servicename | | samba-tool user create ps1-sa-servicename |
Line 66: |
Line 66: |
| | | |
| | | |
− | * Depending on how the filter is applied, you may need to put a <code>!</code> in front to negate it. The current format filters on users that are not disabled. | + | * Depending on how the filter is applied, you may need to put a <code>!</code> in front to negate it. The current format filters on users that are not disabled. |
− | * You almost always want to get debug info for ldap when setting up. There are a lot of things that can go wrong. | + | * You almost always want to get debug info for ldap when setting up. There are a lot of things that can go wrong. |
− | * Start without the filter field, add it later. | + | * Start without the filter field, add it later. |
− | * When a service checks a password, it usually attempts to bind to samba as that user. To bind successfully, it needs to bind as user@PS1 | + | * When a service checks a password, it usually attempts to bind to samba as that user. To bind successfully, it needs to bind as user@PS1 |
| ** Some services apply setting different e.g. as a regex on the user, or as a template setting. | | ** Some services apply setting different e.g. as a regex on the user, or as a template setting. |
− | * If you try and bind to ldap with a 0 length password, it "works", sort of. There is no error, but you can't access anything substantial. This is enough to fool services into thinking that the password was correct. | + | * If you try and bind to ldap with a 0 length password, it "works", sort of. There is no error, but you can't access anything substantial. This is enough to fool services into thinking that the password was correct. |