[Samba] Re: Re: Good News, ou=computer works! :-)

Beast indorama at rad.net.id
Fri Jan 16 09:42:14 GMT 2004

On Thu, 15 Jan 2004 22:54:54 -0400
Vegeta <lord.vegeta at ica.luz.ve> wrote:
> No, the key is not the smb.conf file but the ldap.conf file. Samba seems to
> look for machine accounts among users returned by the Name Service Switch
> (what you get when you run the command 'getent passwd').

Thats why i ask whether id machinename$ work or not first, even it's work for me, samba still can't add machine in domain if ldap filter in smb.conf is default.

> Most people has the "nss_base_passwd" property in ldap.conf set as 
> "ou=People, dc=domain,dc=com" and the "scope" property set as "one".
> If ldap.conf is configured this way NSS only returns entries in the
> ou=People subtree.

Afaik, no. the default is commented, let me know your os if its not.
Its there to speedup the queries, you can tweak it as you need but not by default. The value will overwrite any base and sub mentioned before.

Btw, setting this value correctly will *greatly* reduce the load of ldap server, esp. under heavy load and thousands entries in ldap. OL can lockup the machine under heavy load, so beware...

> If "scope" is set to "sub" and "nss_base_passwd" is set to
> "dc=domain,dc=com" then NSS switch will return as users all entries in
> subtrees of "dc=domain,dc=com", including both the ou=Computers and the
> ou=People subtree.

If you did not set, default is sub (nss_ldap from padl)
I've set it just to make it more readable.

So, the key is in ldap filter (smb.conf) until you can prove it was wrong :-)


More information about the samba mailing list