[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
José Ildefonso Camargo Tolosa
icamargo at merkurio.com.ve
Tue Jul 20 15:31:46 GMT 2004
Mohammad Reza wrote:
>Dear lists...
>
>But this still un-solved the real problem to join w2k to samba3-ldap .
>I'm here with the same situation.
>I even switch my distro to SuSe with same result, still cant join domain.
>Please give us hint how to solve or debug this problem.
>
>
Sorry, I looked at the thread, and I don't have info about your problem
with w2k. According to what I read at the link posted by Abebe, I think
it may be a problem with the unix system not "seeing" the machine
account created automatically by samba (ie, the smbldap-useradd
script). You should be able to do a "su - winxp\$" as root, and it
should log in:
obelix:~# su - virtualxp\$
No directory, logging in with HOME=/
Off course, it will not give you a prompt as virtualxp\$, because the
shell is /bin/false, but If the user didn't existed, it would answered:
Unkown ID, or something like that.
>
>regards
>reza
>
>-----Original Message-----
>From: Craig White [mailto:craigwhite at azapple.com]
>Sent: Tue 7/20/2004 9:48 AM
>To: samba at lists.samba.org
>Cc:
>Subject: Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
>On Mon, 2004-07-19 at 19:34, José Ildefonso Camargo Tolosa wrote:
>
>
>
>>>http://samba.idealx.org/smbldap-howto.fr.html as you
>>>recommended. I have one big question, which one do I
>>>put in '/etc/ldap.conf'
>>>
>>>nss_base_passwd dc=wbcoll,dc=edu?one
>>>nss_base_shadow dc=wbcoll,dc=edu?one
>>>nss_base_group ou=Groups,dc=wbcoll,dc=edu?one
>>>
>>>or
>>>
>>>nss_base_passwd ou=Users,dc=wbcoll,dc=edu?one
>>>nss_base_shadow ou=Users,dc=wbcoll,dc=edu?one
>>>nss_base_group ou=Groups,dc=wbcoll,dc=edu?one
>>>
>>>
>>>
>>>
>>Neither, use this:
>>
>>nss_base_passwd dc=wbcoll,dc=edu?sub
>>nss_base_shadow dc=wbcoll,dc=edu?sub
>>nss_base_group ou=Groups,dc=wbcoll,dc=edu?one
>>
>>Look at the sub, it tells the system to descend to all the sub-objects it may have.
>>
>>
>>
>---
>It is pertinent to consider that this suggestion waives any efficiency
>for ease of use as it will tell all user lookups to search the entire
>LDAP tree.
>
>I already told him to use his second choice as that is most efficient. I
>recognize that your option would permit the option of trying to use a
>separate organizational unit for Computers but this guy is endlessly
>confused, and simple is clearly better for his purposes, without
>considering the impact of excessive searching of the LDAP db.
>
>Craig
>
>
>
More information about the samba
mailing list