[Samba] Solution to smbldap-tools not adding sambaSAMAccount

Geoff Scott geoffs at guestshire.com
Thu Jun 16 00:15:07 GMT 2005 

Tony Earnshaw wrote:
> ons, 15.06.2005 kl. 21.53 skrev Ryan Braun:
> 
>> Now the problem was that the nss_ldap library was searching in Users
>> only, and apparently the samba server needs to be able to resolve the
>> Computers tree aswell to add the sambaSAMAccount objectclass.
> 
> <rant>
> I don't want to upset you unduly, but nss has nothing to do with this
> and it's not necessary to have the computers dn under the users dn to
> make things work. It's all those "/&@¥{# idealx scripts and peoples'  
> basic ignorance of how LDAP works at all that fsck up the otherwise
> brilliant Samba daemon, ldapsam and command line utilities.How on
> earth something so banal as the idealx scripts can have been packaged
> together with these brilliant utilities stupefies me.   
>
Bullshit Tony.  Utter bullshit.  You spread FUD about the smbldap tools.
The smbldap tools now handle user accounts (which includes computer
accounts)  in multiple ou's  but nss has to know where the base starts
that's the problem.  The solution supplied by Ryan is fine.

> At my site (3.0.14a) I have masses (5) of different user dns in
> different places in my tree, 

And how have you configured nss?  Do you point it at a common root for those
accounts?

> goodness knows how many group dns and a
> single computers dn way down deep in the tree, far apart from the
> users.   

So does Adam Tuano Williams.  But we don't hear him ranting on this list
every five seconds about how crap the smbldap tools scripts are.  He has
designed his own schema for morrison industries.  Written his own scripts.
He is more competant than you, yet we don't hear him cramming his own
opinion down other peoples throats.  In fact I've noticed traffic on this
list go down since you came onto it.  If you want to know anything about how
cyrus, or xfs, or quite a few other useful things work you can find it on
Adam's site.

Not everyone gets an erection about how good GQ is either.  Even if it is
that good.
     
> 
> It's the way the Samba people treat LDAP, as if it were a breeding
> ground for morons. LDAP is a never-empty Pandora's box,

It is if you are only using it for samba.  

> It is the basis of a network-wide authentication system that
> should be installed and understood long before one has even begun to
> think about Samba or any other service whatsoever. 

And who has time to do that?

> I realize that the
> Samba people have attempted to, and largely attained, the aim of
> supplying an out-of-the box solution for averagely intelligent
> Windows-minded people (the Samba people have written this
> themselves), but it would perhaps be as well if they drew peoples'
> attention to the importance of, and wealth of possibilities of, LDAP
> as a basic sovereign multi-OS, multi-vendor service on which Samba is
> dependent, rather than the idea they convey at the moment that it is
> some kind of an add-on purely present to satisfy samba's needs.
> </rant>             
> 
Yudda, yudda, yudda.  So it goes every fortnight.  Smbldap tools are crap.
You are far more intelligent than anyone else.  Yet have we seen you post an
alternative toolset?  Nope.  When you are challenged to do something about
your claims you withdraw and say things about how disjointed your user
management scripts are, and that you wouldn't post them onto the web.  Etc,
etc

I for one, am sick and tired of it.  Please stop it.

Geoff

More information about the samba mailing list