Container for computer account [WAS Re: [Samba] Re: Transfering Machine Accounts / MACHINE.SID

Beast indorama at
Tue Dec 30 04:45:32 GMT 2003

Tuesday, December 30, 2003, 11:19:48 AM, Craig wrote:

> On Mon, 2003-12-29 at 11:37, Sharp, Clint wrote:
>> Quotes are required around the two ldap:// URIs AFAIK.  I've not used AS
>> 3, but on 8 I've always built from Source RPM as I've also added ACL
>> support (pretty easy with the Redhat kernels, and even though they say
>> it's not stable, I've yet to have any problems with it).  I'd go grab
>> Samba 3.0.1 source RPMs from the Samba website and build from there, or
>> even upgrade to 3.0.1 from the Redhat RPMs on the Samba site, as those
>> are known to have proper LDAP support included.
> ---
> It's a bit vague (changelog's for various changes since 3.0.0) but
> apparently they've fixed 'more' ldap group mappings
> searches...undoubtedly good - does that mean that it would be safe to
> have Computers in their own ou or even with 3.0.1 would they still have
> to be in ou=People?

I'm using separate container for computer account and it works with
samba 3.x.
With ldap, it don't matter where you put the entry as long as you user
correct base and filter you'll find that object, is it correct?
   ldap machine suffix = ou=computer
   ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))

also in /etc/ldap.conf, dont put filter on nss_base_passwd and


More information about the samba mailing list