[Samba] Solution to smbldap-tools not adding sambaSAMAccount
Ryan Braun
ryan.braun at ec.gc.ca
Wed Jun 15 19:53:20 GMT 2005
Well I finally managed to get my machines added to my ldap/samba domain.
The problem was that I had defined an ou each for Computers and Users. ie
dc=base,dc=org
|
------ ou = Users
|
------ ou = Computers
Now the problem was that the nss_ldap library was searching in Users only,
and apparently the samba server needs to be able to resolve the Computers
tree aswell to add the sambaSAMAccount objectclass.
Not wanting to have a mess of computer and user accounts in one tree, I added
a ou for Computers under Users. So now it looks like
dc=base,dc=org
|
----- ou = Users
|
------- ou = Computers
After making that addition and changing the smb.conf entry
ldap machine suffix = ou=Computers,ou=Users
and the smbldap.conf entry
computersdn="ou=Computers,ou=Users,${suffix}"
and lastly changing the search scope for nss_ldap by changing libnss-ldap.conf
(debian) (not 100% sure how each search scope works but this worked for me)
scope sub
And then just make sure that getent passwd is resolving all the way down the
Computers branch by copying an account into there just to make sure. If you
see the account when you run getent passwd you should be ok. Restart samba
aswell.
Many thanks to John H Terpstra for the excellent sidebar in Ch 5 of Samba3 by
example stating the nss_ldap resolving issue.
Ryan Braun
(Now my new problem to follow in the next message :P )
More information about the samba
mailing list