[Samba] Manual creation of machine account in LDAP
Gaiseric Vandal
gaiseric.vandal at gmail.com
Fri Oct 30 15:35:00 MDT 2009
On 10/30/09 15:33, M. Rodrigo Monteiro wrote:
> Hi all!
>
> I wanna know how to create the LDIF to import in OpenLDAP to create a
> machine account.
> Anyone can help?
>
> Regards,
> Rodrigo.
>
>
In my environment, people and machines have preexisting "unix" accounts
in ldap, since we also have linux network clients. Samba does not
automatically create the unix accounts.
You only need a basic "unix person" account. It can be in the same OU
as actual people or in a sub-ou- but typically (at least with my
setup) it needs to be where the underlying unix OS will find it (getent
passwd.) When an XP machine joins a domain (or if you create the samba
account with (smbpasswd -m -a MACHINE) the samba attributes get added.
E.g- basic "unix" account
dn: uid=MACHINE$,ou=machines,ou=people,o=mydomain.com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
cn: MACHINE$
displayName: MACHINE$
gecos: MACHINE$
gidNumber: 515
uid: MACHINE$
uidNumber: 567
userPassword:: *LK*
Following automatically gets added when the machine joins domain:
objectClass: shadowAccount
objectClass: sambaSamAccount
sambaAcctFlags: [W ]
sambaNTPassword: AD40F************************
sambaPrimaryGroupSID: S-1-**********************
sambaPwdLastSet: 1254523222
sambaSID: S-1--**********************
More information about the samba
mailing list