From TBP
Jump to: navigation, search

We have ldap/kerberos-accounts, so we use a somewhat other way for managing accounts. Unfortunately kerberos is not well integrating into openldap, so we need to create or edit the account twice (samba isn't a problem) The main group of our user is klipp, so don't forget this...

ivo@IThink:/$ ssh jaguar
ivo@jaguar:~$ sudo -i
jaguar:~# cd /root/bin/krbldap
jaguar:~/bin/krbldap# ./ $loginname $forename $lastname $main_group    
                               e.g. ./ test Only Test klipp

This script creates at first a KERBEROS-Principal, and then the LDAP-Account with samba, that's why you will be asked four times for the password. If something went's wrong, you must delete the contingently present and half-configured KERBEROS and LDAP-Accounts (you can use the scripts in /root/bin/krbldap/). If nothing helps, you can delete the accounts manually:

jaguar:~# kadmin --local
kadmin> list
kadmin> del $user
kadmin> exit
Personal tools