[Samba] Solution to smbldap-tools not adding sambaSAMAccount

Tony Earnshaw tonye at billy.demon.nl
Wed Jun 15 22:38:26 GMT 2005

ons, 15.06.2005 kl. 21.53 skrev Ryan Braun:

> Now the problem was that the nss_ldap library was searching in Users only,  
> and apparently the samba server needs to be able to resolve the Computers 
> tree aswell to add the sambaSAMAccount objectclass.

I don't want to upset you unduly, but nss has nothing to do with this
and it's not necessary to have the computers dn under the users dn to
make things work. It's all those "/&@¥{# idealx scripts and peoples'
basic ignorance of how LDAP works at all that fsck up the otherwise
brilliant Samba daemon, ldapsam and command line utilities.How on earth
something so banal as the idealx scripts can have been packaged together
with these brilliant utilities stupefies me.

At my site (3.0.14a) I have masses (5) of different user dns in
different places in my tree, goodness knows how many group dns and a
single computers dn way down deep in the tree, far apart from the users.
The basic Samba utilities (smbd, ldapsam, smbpasswd, pdbedit) can cope
with all of these just fine. But I don't use the idealx scripts, I use
my own awk script to make the initial custom posixAccounts (have to have
masses of special stuff that the idealx scripts have never heard of) and
shell scripts for administering the rest of the Samba stuff.

It's the way the Samba people treat LDAP, as if it were a breeding
ground for morons. LDAP is a never-empty Pandora's box, that is there
for a totally different purpose than that to which the samba people
allude. It is the basis of a network-wide authentication system that
should be installed and understood long before one has even begun to
think about Samba or any other service whatsoever. I realize that the
Samba people have attempted to, and largely attained, the aim of
supplying an out-of-the box solution for averagely intelligent
Windows-minded people (the Samba people have written this themselves),
but it would perhaps be as well if they drew peoples' attention to the
importance of, and wealth of possibilities of, LDAP as a basic sovereign
multi-OS, multi-vendor service on which Samba is dependent, rather than
the idea they convey at the moment that it is some kind of an add-on
purely present to satisfy samba's needs.

> (Now my new problem to follow in the next message :P )

Well, that was my problem.



mail: tonye at billy.demon.nl

More information about the samba mailing list