[Samba] ldap machine suffix = ou=Computers vs ou=Users
Adam Tauno Williams
adam at morrison-ind.com
Thu Dec 9 17:17:50 GMT 2004
> The SBMLDAP howto (
> http://www.idealx.org/prj/samba/smbldap-howto.en.html ) states that:
> ldap machine suffix = ou=Computers
> Is the correct approach to defining machines in the LDAP directory. Yet
> the advise offered by this group seems to be that, no we should be using :
> ldap machine suffix = ou=Users
> We are having problems with a new server that have been attributed to
> our use of the FAQ's approach & will change back to this group's
> approach, however I'd like to know if anyone know's why there's a
> discrepancy & why the FAQ says one thing the group another. Not trying
> to start any kind of holy war, just seeking to understand so my systems
> work correctly.
We operate with -
ldap suffix = ou=SAM,o=Morrison Industries,c=US
ldap group suffix = ou=Groups
ldap user suffix = ou=Entities
ldap machine suffix = ou=System Accounts,ou=Entities
Works fine. We also seperate root, wheel, guest, etc... out from the 'true' users,
But I don't know anything about the idealx scripts since we don't use them. We
have our own scripts.
Basically your add user / add machine scripts create a posixAccount objectclass,
and then Samba finds that via a search and does its thing.
More information about the samba
mailing list