AW: Ldap machine suffix
Guus Leeuw jr.
Guus-Leeuw at gmx.de
Sun Oct 31 18:09:19 GMT 2004
> -----Ursprüngliche Nachricht-----
> Von:
> samba-technical-bounces+guus-leeuw=gmx.de at lists.samba.org
> [mailto:samba-technical-bounces+guus-leeuw=gmx.de at lists.samba.
> org] Im Auftrag von John H Terpstra
>
> On Sunday 31 October 2004 08:51, Guus Leeuw jr. wrote:
> > Folks,
> >
> > I´ve been setting up Samba 3.0.7 on a test network to play since I
> > heard that Samba outperforms Windows as a File Server. Anyways, I
> > tried to do the PDC stuff (Happy users chapter in Terstra´s
> Samba by
> > Example).
> >
> > Anyways, all works fine up to the point where you join the
> PDC to the
> > domain. Neither LDAP nor samba really complain about anything. The
> > only odd thing was that samba tried to look up the computer
> name under
> > ou=Users all the time, and not finding data, allthough the computer
> > account had been created under ou=Computers. Hence, I could
> not join
> > my domain.
>
> Please point me to the errors I made in the chapter you took
> this from so I
> can fix it. I really do apologize for leading you astray if
> in any place I
> recommended using the ou=Computers in the Samba-3 by Example
> (Samba-Guide)
> book.
Ah... You mention
$computersou = q(People);
$computersdn = "ou=$computersou,$suffix";
For the smbldap_conf.pm, and later when you show the output
For smbldap-populate.pl it says:
Adding new entry: ou=Computers,dc=abmas,dc=biz
And this line probably ticked me off.
So in the end, your documentation is correct...
Further, it is only a test network, and I do have a weekend off (1st
of November) so it is more like playing around from my side.
> It is well known that Samba-3 with LDAP requires the use of
> nss_ldap to
> resolve UIDs and GIDs for machine accounts as well as for
> users and groups. There are two solutions to being able to
> resolve them correctly. The first is
> to put all machine accounts in ou=Users (that is the simple
> and efficient
> solution), the other is to set the search path for
> nss_base_passwd and
> nss_base_shadow to point to the level of your directory from
> which both Users
> and Machines can be found by recursively searching the
> directory. In this
> case you must also use the "?sub" parameter in place of the
> "?one" parameter.
>
> >
> > Now, after telling samba that ldap machine suffix: ou=Users, it all
> > works fine.
>
> As it should. Again, apologies if I misled you in any way.
> Please point me to
> the section in Chapter 6 where the errors are so I can fix them.
>
> PS: If you would care to suggest better wording please give me your
> documentation patch - I really do appreciate contributions. :)
See above. Zou might as well stress the point that computers and users
Should go in the same subtree.
> >
> > Looking at the code, I see ldapsam_getsampwnam initializes
> attr_list
> > from get_userattr_list, and is looking through
> > ldapsam_search_suffix_by_name apparently in the ldap user suffix
> > branch. Now while this works for normal users, it may not work if
> > machines are on a different branch.
>
> Correct.
>
> >
> > Is this a known issue, and is somebody already working on
> it? If not,
> > what would be the best solution?
>
> This is a VERY well known issue.
What if we have ldapsam_getsampwnam not only look at the user_attr but
at others as well, and return on the first hit? Would this be feasible?
Thanks, John.
Regards,
Guus
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.784 / Virus Database: 530 - Release Date: 27/10/2004
More information about the samba-technical
mailing list