[Samba] NSS and machine accounts (was: vampire fails...)

tom burkart samba at aussec.com
Fri Nov 26 03:46:39 GMT 2004

On Nov 24, John H Terpstra wrote:

> You are completely correct that Samba can do an LDAP lookup to get user and
> group ID information, but that is not the issue. How do you propose to
> resolve IDs within the OS if not through NSS?
Ok, I still have difficulties with this one.
Why is it necessary for all and every *nix application to be able to 
get information about machine accounts as well as the obvious actual 
users?  I can see and understand why for the normal users but why machine 
accounts?  Shouldn't that be something that samba quietly looks up and 
makes no fuss about.  Why else would we need to provide a ldap 
user/group/machine suffix in the smb.conf?  This is probably where I got 
the mistaken notion of separating them out and then it didn't work without 
modifying the nss configuration.


More information about the samba mailing list