Ldap machine suffix
andreas at conectiva.com.br
Mon Nov 1 12:44:18 GMT 2004
On Sun, Oct 31, 2004 at 10:08:39AM -0700, John H Terpstra wrote:
> It is well known that Samba-3 with LDAP requires the use of nss_ldap to
> resolve UIDs and GIDs for machine accounts as well as for users and groups.
> There are two solutions to being able to resolve them correctly. The first is
> to put all machine accounts in ou=Users (that is the simple and efficient
> solution), the other is to set the search path for nss_base_passwd and
> nss_base_shadow to point to the level of your directory from which both Users
> and Machines can be found by recursively searching the directory. In this
> case you must also use the "?sub" parameter in place of the "?one" parameter.
There is a third option: just supply two nss_base_passwd directives. Starting with
version 204, nss_ldap will search the first one and, if not found, the second one
(and so on).
More information about the samba-technical