Assistance with OU vs. CN Please?
jason.gerfen at scl.utah.edu
Wed Nov 2 14:27:12 GMT 2005
I am not sure why I cannot get anyone's assistance with this problem,
but I am going to repost in the hopes someone can help me out.
I am setting up Samba as a ADS Member server. The krb5.conf and the
smb.conf are configured correctly, I can use getent passwd to retrieve
users, wbinfo -t, wbinfo -m, wbinfo -u & wbinfo -g all perform the
The problem I am having is when I run the command `getent passwd` I am
only able to view/authentication users from a container I chose using
the instructions from the samba-howto chapter 6 section II;
For example, you may want to create the machine trust account in a
container called “Servers” under the organizational directory
“Computers\BusinessUnit\Department,” like this:
|root# | *|net ads join "Computers\BusinessUnit\Department\Servers"|*
This command will place the Samba server machine trust account in the
container |Computers\BusinessUnit\Department\Servers|. The container
should exist in the ADS directory before executing this command.
Once I did that I can no longer set it back to the default OU, which is
more specifically CN=Users,DC=domain,DC=com.
I have tried the following attempting to alleviate the problem:
1. Ran `net ads leave`
2. Removed samba and winbind packages
3. Removed tempoary files related to samba and winbind
4. Ensured the AD object was removed from the domain computers OU
5. Reinstalled the samba and winbind packages (using SuSE YaST, OS is
6. Reconfigured the smb.conf, krb5.conf and nsswitch.conf
7. Re-joined the domain using the command `net ads join -U <username>
After all of that I am still only able to view objects from the AD which
reside in the OU I chose stated previously `net ads join -U<username>
"campus"`. Any help is definately appreciated.
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
More information about the samba-technical