[Samba] Re: Re: Re: Good News, ou=computer works! :-)
lord.vegeta at ica.luz.ve
Fri Jan 16 14:44:28 GMT 2004
> On Thu, 15 Jan 2004 22:54:54 -0400
> Vegeta <lord.vegeta at ica.luz.ve> wrote:
>> No, the key is not the smb.conf file but the ldap.conf file. Samba seems
>> to look for machine accounts among users returned by the Name Service
>> Switch (what you get when you run the command 'getent passwd').
> Thats why i ask whether id machinename$ work or not first, even it's work
> for me, samba still can't add machine in domain if ldap filter in smb.conf
> is default.
>> Most people has the "nss_base_passwd" property in ldap.conf set as
>> "ou=People, dc=domain,dc=com" and the "scope" property set as "one".
>> If ldap.conf is configured this way NSS only returns entries in the
>> ou=People subtree.
> Afaik, no. the default is commented, let me know your os if its not.
> Its there to speedup the queries, you can tweak it as you need but not by
> default. The value will overwrite any base and sub mentioned before.
> Btw, setting this value correctly will *greatly* reduce the load of ldap
> server, esp. under heavy load and thousands entries in ldap. OL can lockup
> the machine under heavy load, so beware...
>> If "scope" is set to "sub" and "nss_base_passwd" is set to
>> "dc=domain,dc=com" then NSS switch will return as users all entries in
>> subtrees of "dc=domain,dc=com", including both the ou=Computers and the
>> ou=People subtree.
> If you did not set, default is sub (nss_ldap from padl)
> I've set it just to make it more readable.
> So, the key is in ldap filter (smb.conf) until you can prove it was wrong
The key is not ldap filter. If ldap filter includes
'objectclass=sambaSamAccount' you can only modify existing entries with
You cannot add samba attributes to existing entries because they do not have
The first time I could sucessfully use smbpasswd -a was when I removed
'objectclass=sambaSamAccount' from the ldap filter. At that time, I could
not add machines to ou=Computers.
If you don't believe me, try setting 'scope one' and 'nss_base_passwd
ou=People,...' in nsswitch.conf.
More information about the samba