Samba attribute descriptions

User attributes (objectClass sambaSamAccount):

Name			LDAP attribute		SQL field name		Values
Lanman password		sambaLMPassword		lm_pw			See NTLM hash documentation
NT password		sambaNTPassword		nt_pw			See NTLM hash documentation
Account flags		sambaAcctFlags		acct_ctrl		smbpasswd and LDAP:
									13 char string opens with [ and ends with ], padded
									with spaces.
									eg: [DU         ] = Disabled normal user
									D: disabled
									H: Home directory required
									N: No password required
									T: Temporary account
									U: is a user account
									M: MNS logon user account
									W: is a workstation account
									S: is a server trust account
									L: Locked (autolocked) account
									X: No eXpiry on password
									I: Interdomain trust account

									SQL and Samba internal:
									32-bit unsigned integer for bitmask
									eg: 17 = 16+1 = normal user account + disabled
									0x00000001	1	Disabled
									0x00000002	2	Home directory required
									0x00000004	4	Password not required
									0x00000008	8	Temporary account
									0x00000010	16	Normal user account
									0x00000020	32	MNS logon user account
									0x00000040	64	Interdomain trust account
									0x00000080	128	Workstation trust account
									0x00000100	256	Server trust account (BDC)
									0x00000200	512	Password never expires
									0x00000400	1024	Account auto-locked
									Windows 2000 and newer:
									0x00000800	2048	Text-password encrypted
									0x00001000	4096	Smart card required
									0x00002000	8192	Trusted for delegation
									0x00004000	16384	Not delegated
									0x00008000	32768	Use DES key only
									0x00010000	65536	Preauth not required
									0x00020000	131072	Password is expired
									0x00040000	262144	???
									0x00080000	524288	No auth data required
Password last set	sambaPwdLastSet		pass_last_set_time	UNIX timestamp of last password change
Pass can change time 	sambaPwdCanChange	pass_can_change_time	UNIX timestamp of when the user is allowed to change
									his password again.
Pass must change time	sambaPwdMustChange	pass_must_change_time	UNIX timestamp of when the user password expires
Last logon time		sambaLogonTime		logon_time		UNIX timestamp of last logon
Last logoff time	sambaLogoffTime		logoff_time		UNIX timestamp of last logoff
Kickoff time		sambaKickoffTime	kickoff_time		UNIX timestamp of when the user is automatically 
									logged off
Bad password count	sambaBadPasswordCount	bad_password_count	Number of failed logon attempts
Bad password time	sambaBadPasswordTime	(???)			UNIX timestamp of last failed logon attempt
Logon hours		sambaLogonHours		logon_hours		Hours one is allowed to logon
									Bitmask in 21-byte blob, every bit is one hour of a
									week, the first bit is Sunday 00:00h to 01:00h GMT
Logon hours len		NOT APPLICABLE		hours_len		Length of the logon hours blob in bytes
Home drive		sambaHomeDrive		home_drive		Windows drive letter of home drive
Logon script		sambaLogonScript	logon_script		relative path (from \\%L\netlogon) to the logon
									script
Profile path		sambaProfilePath	profile_path		Path (UNC) where the user's profile is stored
Logon workstations	sambaUserWorkstations	workstations		List of workstations the user is allowed to logon to
									in string format
Home path		sambaHomePath		home_dir		Path (UNC) to the users home directory (in Win9x/ME
									this is where the profile is stored)
Domain name		sambaDomainName		domain			NT Domain to which the user belongs
Munged dial		sambaMungedDial		munged_dial		Munged data string containing dialback information
Password history	sambaPasswordHistory	password_history	String value of concatenated MD4 password and salt 
									hashes used on this account. Amount of hashes 
									depends on the password history policy.
									
User SID		sambaSID		user_sid		This users SID (domain SID plus unique relative ID)
Group SID		sambaPrimaryGroupSID	group_sid		Group SID of the user's primary group


Domain attributes (objectClass sambaDomain):
Domain name		sambaDomainName		NOT AVAILABLE YET	The windows domain name
Next available groupRID	sambaNextGroupRid	NOT AVAILABLE YET	Next relative id which can be used by a group (map)
Next available user RID sambaNextUserRid	NOT AVAILABLE YET	Next relative id which can be used by a user account
Next available RID	sambaNextRid		NOT AVAILABLE YET	Next relavite id which can be used by anything else
Domain SID		sambaSID		NOT AVAILABLE YET	Samba domain SID
Algorithmic RID base	sambaAlgorithmicRidBase	NOT AVAILABLE YET	Lowest possible RID for algorithmic RID calculation
									for calculation from UID/RID. If used, this must be
									equal to the algorithmic rid base parameter in 
									smb.conf.

Account policy attributes (objectClass sambaAccountPolicy):
Policy name		sambaAccountPolicyName	NOT AVAILABLE YET	Name of the account policy as used with pdbedit -P.
Policy value		sambaAccountPolicyValue	NOT AVAILABLE YET	Integer value of this account policy.

Samba domain trust accounts (apparently unused, trusts are stored as user?):
Domain name		sambaDomainName		(Contained as user?)	The domain name that is trusted
SID			sambaSID		(???)			SID of the domain
Trust password		sambaNTPassword		(???)			The domain trust password
Trust password last set	sambaPwdLastSet		(???)			UNIX timestamp of last trust password change
Trust flags		sambaTrustFlags		(???)			Flags of the domain trust