[Samba] Migrating NT4 Domain with Idealx tools

Paul Coray paul.coray at unibas.ch
Wed Nov 17 16:09:19 GMT 2004

Marcel de Riedmatten schrieb:

>>Now I realize this works when i configure LDAP and Idealx-Tools to store 
>>machine accounts in the same container as useraccounts. Although this 
>>makes my directory look somewhat messy, I can live with it if I have to. 
>>Still I can't add machines doing smbldap-useradd -w, nor when I try to 
>>join the domain from a client.
> you can have them separated. What count is that the machines account are
> visible on domain controllers (PDC BDC) ie getent passwd must show the
> machine (posix) account. This is nss_ldap configuration. If samba
> doesn't see the machine (posix) account it won't work . 

So can I specify more then one nss base for passwd in libnss-ldap.conf?


nss_base_passwd	ou=Users,dc=mydomain,dc=ch
nss_base_passwd ou=Computers,dc=mydomain,dc=ch
nss_base_group	ou=Groups,dc=mydomain,dc=ch

>>  So I would suspect some problem in the communication with the
>>>PDC and double check that on the samba box 
>>>1) you have the domain SID as local SID
>>Do SIDS for the PDC and for the domain have to be the same?
> yes the domain SID _is_ the (local) SID of the PDC and all domain
> controllers must have the same SID.

Thanks Marcel, this is very valuable information to me! I think these 
should be pointed out more clearly in the docs.



Paul Coray
Administrator Server und Netzwerk

Oeffentliche Bibliothek der Universitaet Basel
Schoenbeinstrasse 18-20
CH-4056 Basel

Tel: +41 61 267 05 13
Fax: +41 61 267 31 03

mailto:paul.coray at unibas.ch

More information about the samba mailing list