Assistance with OU vs. CN Please?

Jason Gerfen jason.gerfen at
Wed Nov 2 14:27:12 GMT 2005


I am not sure why I cannot get anyone's assistance with this problem, 
but I am going to repost in the hopes someone can help me out.

I am setting up Samba as a ADS Member server. The krb5.conf and the 
smb.conf are configured correctly, I can use getent passwd to retrieve 
users, wbinfo -t, wbinfo -m, wbinfo -u & wbinfo -g all perform the 
operations correctly.

The problem I am having is when I run the command `getent passwd` I am 
only able to view/authentication users from a container I chose using 
the instructions from the samba-howto chapter 6 section II;

For example, you may want to create the machine trust account in a 
container called “Servers” under the organizational directory 
“Computers\BusinessUnit\Department,” like this:

|root# | *|net ads join "Computers\BusinessUnit\Department\Servers"|*

This command will place the Samba server machine trust account in the 
container |Computers\BusinessUnit\Department\Servers|. The container 
should exist in the ADS directory before executing this command.

Once I did that I can no longer set it back to the default OU, which is 
more specifically CN=Users,DC=domain,DC=com.

I have tried the following attempting to alleviate the problem:

1. Ran `net ads leave`
2. Removed samba and winbind packages
3. Removed tempoary files related to samba and winbind
4. Ensured the AD object was removed from the domain computers OU
5. Reinstalled the samba and winbind packages (using SuSE YaST, OS is 
version 9.3)
6. Reconfigured the smb.conf, krb5.conf and nsswitch.conf
7. Re-joined the domain using the command `net ads join -U <username>

After all of that I am still only able to view objects from the AD which 
reside in the OU I chose stated previously `net ads join -U<username> 
"campus"`. Any help is definately appreciated.


Jason Gerfen

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."

More information about the samba-technical mailing list