[Samba] Joining PDC w/LDAP Question
Buchan Milne
bgmilne at cae.co.za
Wed Feb 12 16:08:12 GMT 2003
Peak, John wrote:
> Buchan,
>
> I really appreciate the help as this has pointed me in the right
> direction. The "getent passwd asa$" does not show anything unless I add
> the machine manually. Should I be putting the following directive in my
> nsswitch.conf file to be able to perform host lookups from LDAP properly?:
>
> hosts: files ldap dns
No, samba currently needs a user account for the machine (since it uses
the uid to generate an rid and ensure the rid's don't conflict, since we
assume the uid's don't).
So, you need at least:
passwd: files ldap
A common error is to set
nss_base_passwd ou=People,<basedn>
in /etc/ldap.conf, and then have the machine accounts in something like
ou=Computers,<basedn>, where (if you have machines in seperate OUs) at
least on the DC you need to have something like:
nss_base_passwd <basedn>?sub
(on non-DCs, you can leave it with ou=People, to prevent computers
showing on client machines, which is what we do).
>
> I've noticed that some people do this and some do not in their
> configurations. I would think that after a Computer record is inserted
> in my LDAP directory by Samba that NSS needs this directive to actually
> lookup the computer. When I try this it gives me a "Segmentation
> Fault". Any additional thoughts or suggestions for me at this point?
>
It might be useful posting the ldap record for an example machine here
(sans lmpassword and ntpassword attributes of course ...) so we can see
if you have the correct object classes (sambaAccount and posixAccount IIRC).
Buchan
--
|--------------Another happy Mandrake Club member--------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
More information about the samba
mailing list