[Samba] Samba 3 + PDC + LDAP machine accounts

[System_Administrator at koppersarch.co.nz]

> As you probably know: you have to create a Linux-User first
> which resides in ou=Machines.In order to have the system
> find it when doing the lookup, you'll need to tell
> your NSS to also search in the Machines-tree for users:
> In /etc/ldap.conf (e.g. Mandrake) or /etc/libnss-ldap.conf
> (Debian),change as follows:
> # nss_base_passwd ou=People,dc=domain,dc=net  nss_base_passwd
dc=domain,dc=net?sub

Much thanks, by simply add'ing the machine as a user account (with
posixAccount objectType) to the ou=Machines tree, samba found it.


> The problem I had while trying this with Debian's 2.2.3a
> yesterday was that I _could_ get the system (and Samba) to
> find the Linux user, but"smbpasswd -m -a " created an entry
> in "ou=People" nevertheless. This means, I got two entries
> for one machine: the Linux-User"machine$" in ou=Machines,
> and the Samba-part in ou=People.Any idea how to fix this?

Interestingly enough, using Debian woody (3.0) with Samba 3beta3 self
compiled, plus some blood, sweat, and a whole lot of tears, a few other
packages back ported or self-packaged... It worked fine once I added the
user/machine to the ou=Machines tree (as above).

The next step is to see if I can get Samba to autoadd machines to the
domain on demand. I think I'll have to use a custom script which inserts a
custom ldiff into the machines tree, modified with the machine name. Should
be a pretty straight forward awk+base or perl script.

Oh, on one other side note, why do you need a posix/unix account for a
machine? It never "accesses" files on the server.. or does it?

Nick