[Samba] Samba 3 + PDC + LDAP machine accounts
System_Administrator at koppersarch.co.nz
System_Administrator at koppersarch.co.nz
Tue Aug 5 05:38:15 GMT 2003
Hiya all, this should hopefully be a simple question.
I've noticed that their is a setting:
ldap machine suffix
Allowing you to put all the machine accounts in a different tree in your
ldap directory (which is a definate plus).
However, I note, that it is almost impossible to do so.
Has anyone done this (eg had machines in ou=Machines,dc=domain,dc=com and
people in ou=People,dc=domain,dc=com)?
If so, how did you add machines?
I've tried smbpasswd -a -m MACHINE
and with debugging, it shows that it tries to find a posix account for
MACHINE$ first, which obviously doesn't exist.
The actual fault is, after determining that a sambaSamAccount object
doesn't exist, it goes back to getpwnam to try and find an account.
Obviously if I am putting machines in a different tree, pam_ldap, etc
aren't going to find them there.
I've enabled "ldap trust ids", and put the machine suffix correctly.
I have also tried creating a sambaSamAccount object in the right tree, but
the sambaSamAccount requires a sambaSID, which I can't generate (its
suppose to be smbpasswd's job).
If anyone can shed some light on this, it would be most helpful, otherwise
its back to having MACHINE$'s amoungst the list of users in LDAP trees,
which seems rather stupid, considering the purpose of LDAP is to organise
everything neatly.
Thanks heaps,
Nick
More information about the samba
mailing list