[Samba] 'ldap passwd sync' not working

Adam Tauno Williams awilliam at whitemice.org
Mon Feb 7 13:06:28 GMT 2005


> > Hope this helps someone, it cost me enough pain before it worked properly
> >  for me.
> Oh yes - regular (existing or new) Posix group users can be anywhere in
> your DSA, 

I think you mean "anywhere in your Dit";  "anywhere in your DSA" doesn't
make much sense,

> in any group (though it makes sense to put computer trusts under
> ou=smb).

I think you mean "in any container".

And you're wrong, they need to be below the search base used by NSS for
the appropriate object type - groups, person, etc...  You can only put
them anywhere if you are using the root of the Dit as your search base
which is generally inadvisable for a number of reasons.

> Simply run smbpasswd or pdbedit (can be done from a script) on each one to
> add them to the domain. Personally I don't use the IDEALX scripts, I write
> my own awk and shell scripts.

Same, we've written .NET (Mono) 'scripts' for doing this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050207/a71a9e1d/attachment.bin


More information about the samba mailing list