[Samba] vampire fails because of Debian smbldap-tools problem
John H Terpstra
jht at Samba.Org
Thu Nov 25 00:16:27 GMT 2004
On Wednesday 24 November 2004 16:44, Alex Satrapa wrote:
> On 25 Nov 2004, at 10:09, John H Terpstra wrote:
> > On Wednesday 24 November 2004 15:30, tom burkart wrote:
> >> The other really useful thing I found while looking for the above
> >> reference is in the Samba-Guide/happy.html#id2536161 where in the
> >> note it
> >> says that having separate containers for users and computers does not
> >> yet
> >> work, yet examples appear to use this (hence I got the crazy idea it
> >> should just work and it didn't).
> >
> > Smile. :) It can be made to work by moving the basedn up the tree. The
> > performance impact works against that.
>
> Another option is to add a new ou into the tree - I can't remember
> where I read this idea:
>
> dc=example,dc=com
>
> + ou=Accounts
>
> + ou=People
>
> + ou=Computers
>
> That way you can limit the search to ou=Account,dc=example,dc=com, and
> still separate Computer accounts from People accounts.
Precisely how does this help? What is the benefit?
You still need to be able to resolve BOTH machine accounts AND user accounts
via NSS. There is only one vehicle that is the mechanism for user account
resolution - the NSS entry for passwd. This is achieved through ldap.conf by
specifying the nss_base_passwd entry.
No matter how you cut your cake with this, the machine accounts _AND_ the user
accounts must be listed by: getent passwd
So - why separate them? What is the gain?
- John T.
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba
mailing list