Hiya all, this should hopefully be a simple question.
I've noticed that their is a setting:
ldap machine suffix
Allowing you to put all the machine accounts in a different tree in your
ldap directory (which is a definate plus).
However, I note, that it is almost impossible to do so.
Has anyone done this (eg had machines in ou=Machines,dc=domain,dc=com and
people in ou=People,dc=domain,dc=com)?
If so, how did you add machines?
I've tried smbpasswd -a -m MACHINE
and with debugging, it shows that it tries to find a posix account for
MACHINE$ first, which obviously doesn't exist.
The actual fault is, after determining that a sambaSamAccount object
doesn't exist, it goes back to getpwnam to try and find an account.
Obviously if I am putting machines in a different tree, pam_ldap, etc
aren't going to find them there.
I've enabled "ldap trust ids", and put the machine suffix correctly.
I have also tried creating a sambaSamAccount object in the right tree, but
the sambaSamAccount requires a sambaSID, which I can't generate (its
suppose to be smbpasswd's job).

If anyone can shed some light on this, it would be most helpful, otherwise
its back to having MACHINE$'s amoungst the list of users in LDAP trees,
which seems rather stupid, considering the purpose of LDAP is to organise
everything neatly.

Thanks heaps,

