Ldap machine suffix

Andreas andreas at conectiva.com.br
Mon Nov 1 12:44:18 GMT 2004

On Sun, Oct 31, 2004 at 10:08:39AM -0700, John H Terpstra wrote:
> It is well known that Samba-3 with LDAP requires the use of nss_ldap to 
> resolve UIDs and GIDs for machine accounts as well as for users and groups.
> There are two solutions to being able to resolve them correctly. The first is 
> to put all machine accounts in ou=Users (that is the simple and efficient 
> solution), the other is to set the search path for nss_base_passwd and 
> nss_base_shadow to point to the level of your directory from which both Users 
> and Machines can be found by recursively searching the directory. In this 
> case you must also use the "?sub" parameter in place of the "?one" parameter.

There is a third option: just supply two nss_base_passwd directives. Starting with
version 204, nss_ldap will search the first one and, if not found, the second one
(and so on).

More information about the samba-technical mailing list