6.1 Creating eDirectory Users for Samba

6.1.1 Creating an eDirectory Container for User Objects

IMPORTANT:Samba users must be created in a container at or below the Base Context for Samba Users that you specified when you installed Samba. By default, the base context is the container where the eDirectory admin user object resides. If you need to change the context, see the instructions in Section B.2.4, Changing the LDAP Suffix.

The eDirectory users must also be assigned a Samba-compliant password policy, such as the Samba Default Password Policy provided in OES 2. A password policy can be assigned to individual users containers, or partitions. It is generally easier to assign the policy at the container level. For more information, see the online help for the iManager Passwords task.

Step 3 below instructs you on how to assign the default Samba policy to User object containers. However, you also have two other options:

If you create your own policy or modify an existing policy, be sure to select the appropriate policy in place of the Samba Default Password Policy in Step 3.

User objects that don’t meet these requirements cannot be enabled for Samba access.

  1. In your browser, enter the iManager URL (http://IP_address_or_DNS_name/iManager.html) and log in as the eDirectory Admin user or equivalent.

  2. In the Roles and Tasks view, select Directory Administration > Create Object > Organizational Unit and create the OU object at the correct context for your Samba users.

  3. To assign the default Samba Password Policy to the new container, select Passwords > Password Policies > Samba Default Password Policy.

  4. On the Password Policy page, click the Policy Assignment tab.

  5. Browse iManager Browse icon to and select the container object you created for your Samba users, then click OK > OK.

  6. Continue with Section 6.1.2, Creating eDirectory Users in iManager.

6.1.2 Creating eDirectory Users in iManager

IMPORTANT:If you want to create home directories for your users as part of the user-creation process, you must create an NSS volume or an NCP volume for the directories before completing the following procedure. For more information, see Managing NSS Volumes in the OES 2 SP3: NSS File System Administration Guide for Linux or Creating NCP Volumes on Linux File Systems in the OES 2 SP3: NCP Server for Linux Administration Guide.

  1. In iManager’s Roles and Tasks view, select Users > Create User.

    HINT:To see whether a User object already exists, click the View Objects icon. Click the Search tab. Set the Type to User, and click Search. All currently defined User objects are listed.

  2. For Username, specify the corresponding Windows user account name. You must also specify the user’s last name in the Last Name field. Specifying the first name is optional.

  3. For Context, be sure to select the container you created for your Samba users in Section 6.1.1, Creating an eDirectory Container for User Objects.

  4. For Password, specify an eDirectory password that matches the Windows password for the user.

    IMPORTANT:Do not select Set simple password even though the interface indicates it is required for native Windows file access. As long as the Samba Password Policy has been set on the container or partition before you create the user, a Universal Password is created by default, which makes it much easier for users to keep their passwords synchronized.

  5. (Conditional) If you have an NSS or NCP volume available and you want the user’s home directory to be created automatically, select the Create Home Directory option.

    Browse iManager Browse icon to and select the volume, then specify the path to where you want the user’s home directory to be created.

    NOTE:The path you specify must already exist on the NSS or NCP volume.

  6. Type or select any other information you want associated with the user, such as Title and Location.

  7. Click OK.

  8. Click Repeat Task to create another user, or click OK to finish.

  9. After creating eDirectory users for all of your Windows workstation users that you want to have Samba access, continue with Section 6.2, Creating a Samba Group.