[Samba] NSS and machine accounts (was: vampire fails...)
samba at aussec.com
Fri Nov 26 03:46:39 GMT 2004
On Nov 24, John H Terpstra wrote:
> You are completely correct that Samba can do an LDAP lookup to get user and
> group ID information, but that is not the issue. How do you propose to
> resolve IDs within the OS if not through NSS?
Ok, I still have difficulties with this one.
Why is it necessary for all and every *nix application to be able to
get information about machine accounts as well as the obvious actual
users? I can see and understand why for the normal users but why machine
accounts? Shouldn't that be something that samba quietly looks up and
makes no fuss about. Why else would we need to provide a ldap
user/group/machine suffix in the smb.conf? This is probably where I got
the mistaken notion of separating them out and then it didn't work without
modifying the nss configuration.
More information about the samba