[Samba] Migrating NT4 Domain with Idealx tools

Bill MacAllister bill at macallister.grass-valley.ca.us
Wed Nov 24 18:21:49 GMT 2004 


--On Wednesday, November 17, 2004 05:09:19 PM +0100 Paul Coray 
<paul.coray at unibas.ch> wrote:

> Marcel de Riedmatten schrieb:
>
>
>>>
>>> Now I realize this works when i configure LDAP and Idealx-Tools to
>>> store  machine accounts in the same container as useraccounts. Although
>>> this  makes my directory look somewhat messy, I can live with it if I
>>> have to.  Still I can't add machines doing smbldap-useradd -w, nor when
>>> I try to  join the domain from a client.
>>
>>
>> you can have them separated. What count is that the machines account are
>> visible on domain controllers (PDC BDC) ie getent passwd must show the
>> machine (posix) account. This is nss_ldap configuration. If samba
>> doesn't see the machine (posix) account it won't work .
>
> So can I specify more then one nss base for passwd in libnss-ldap.conf?
>
> i.e.
>
> nss_base_passwd	ou=Users,dc=mydomain,dc=ch
> nss_base_passwd ou=Computers,dc=mydomain,dc=ch

Rather than specify this twice why don't you just move the base up?  For 
example:

  nss_base_passwd dc=mydomain,dc=ch

Bill

> nss_base_group	ou=Groups,dc=mydomain,dc=ch
>
>>
>>>  So I would suspect some problem in the communication with the
>>>
>>>> PDC and double check that on the samba box
>>>>
>>>> 1) you have the domain SID as local SID
>>>
>>> Do SIDS for the PDC and for the domain have to be the same?
>>
>>
>> yes the domain SID _is_ the (local) SID of the PDC and all domain
>> controllers must have the same SID.
>
> Thanks Marcel, this is very valuable information to me! I think these
> should be pointed out more clearly in the docs.
>
>
> Cheers
>
> Paul
>
>
> --
> Paul Coray
> Administrator Server und Netzwerk
>
> Oeffentliche Bibliothek der Universitaet Basel
> EDV-Abteilung
> Schoenbeinstrasse 18-20
> CH-4056 Basel
>
> Tel: +41 61 267 05 13
> Fax: +41 61 267 31 03
>
> mailto:paul.coray at unibas.ch
> http://www.ub.unibas.ch



+---------------------------------------------------
| Bill MacAllister
| 14219 Auburn Road
| Grass Valley, CA 95949
| 530-272-8555

More information about the samba mailing list