[Samba] Adding a machine; I think I am onto something
Jim C
jcllings at tsunamicomm.net
Sun Jan 19 11:12:00 GMT 2003
<chuckle>OK, I got this one figured. The reason this took so long for
me to figure out is because there weren't any good scripts for adding
users so I had to write and debug my own. I couldn't debug the other
issues until I had good users. Anyway, it turns out my ACL's were not
properly set up for ou=Computers yet and I did still have a few bugs in
my scripts. So I fixed those and then changed two lines in /etc/ldap.conf:
> #nss_base_passwd ou=People,dc=microverse,dc=net?one
> #nss_base_shadow ou=People,dc=microverse,dc=net?one
> nss_base_passwd dc=microverse,dc=net?sub
> nss_base_shadow dc=microverse,dc=net?sub
...and now it works fine. :):):):):):)
I guess the real trouble is learning how to think 3 dimensionaly through
a tree instead of thinking in SQL db tables.
Dariush Forouher wrote:
> Am Sam, 2003-01-18 um 23.56 schrieb Jim:
>
>>So anyway I have some theories I would like verified.
>>I've found that I can add a posix based machine name and that works fine
>>BUT it only works in ou=People. The system cannot find a machine
>>account in ou=Computers.
>
>
> Is ou=Computers below ou=People? If not, neither Samba nor pam will
> notice it.
>
>
>>Theoretically, it did not find one because there is no objectClass
>>sambaAccount in the entry HOWEVER, I know from previous attempts it does
>>find the posix only Computer account when it is placed in ou=People. Is
>>there perhaps a different search performed the fist time around despite
>>the log entry or is my understanding of
>>"(&(uid=spartack_)(objectclass=sambaAccount))" flawed?
>
>
> Samba itself doesn't lookup posix things in LDAP. That is the job of
> nsswitch/pam. You have to configure in your libnss-ldap.conf a
> searchbase that includes ou=People and ou=Computers as well.
>
> regards
> Dariush
More information about the samba
mailing list