[Samba] My experience with samba/ldap and machine accounts
Arturo Busleiman
arturo.busleiman at intraredes.com
Wed Nov 26 15:46:41 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a snippet of an email I sent to Mark Taylor (who I contacted thru
this list) today. I thought I should share this with you...
I am the double >> and zero-> typer.
> > On the other side, we've developed a new version of our DDS software
> > (remember the novell+NT to Linux+openldap+samba migration?) and theyre
> > going into production line today :)
>
> Cool, let me know how it goes...
I stayed till 3am in the company that day. From 3pm to 3am :P - Everything
went cool (over 3000 machine accounts), BUT I found a samba/ldap bug or
something regarding machine accounts. DO ALWAYS BACKUP MACHINE ACCOUNTS
THE FIRST TIME THEY ARE CREATED. (I mean, when an XP/2000 box joins the
ldap domain, go and dump the ldif entry and keep it safe). If you update
samba or ldap, XP/2000 can't join because something happens with the ldif
entry, which invalidates it. Restoring the old set of ldif-machine-entries
will solve the problem.
Actually, the lmPassword and ntPassword attributes are scrambled and their
values are no longer those of Domain Join-time. Dunno why it happens, this
is somewhat documented (When updating blablabla, this may happen
smbldap-howto I believe... but I'm not sure).
Bye
- --
Arturo Busleiman - [ i n t r a R e d e s s r l ]
Piedras 264 - 2 A (C1070AAF) - Buenos Aires - ARGENTINA
Te.: (54 11) 4342-0049 - http://www.intraredes.com/
mailto:arturo.busleiman at intraredes.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/xMrk04qvPI/BRvQRAoRzAJ4oSJ3exAOWbBkHtQYgQETc7bbuBgCfchJb
PZwll1lvpx9soW6Q+JKuR4Y=
=d4u0
-----END PGP SIGNATURE-----
More information about the samba
mailing list