[Samba] Why need to add a machine account to /etc/passwd first with Samba+LDAP

John H Terpstra jht at samba.org
Thu Mar 10 23:26:24 GMT 2005 

On Thursday 10 March 2005 13:56, Steve Zeng wrote:
> Hi,
>
> I am using Samba 3.0.10 PDC with LDAP as password DB. Before we use
> smbpasswd as passwd DB and every time I need to add a machine account
> into /etc/passwd so that the mahcine can join the domain. My
> understanding for LDAP is, this step is not needed any more since we
> will put all machine account into "ou=Computers". But I am proved to be
> wrong.
>
> Is this the way Samba works? I mean, samba has to make sure a machine
> account exist in the /etc/passwd file of Samba PDC, doesn't it?

Nope. If you use LDAP, then both the POSIX account and the SambaSAMAccount 
infromation should be in LDAP. On the other hand, if you put your machine 
accounts into the ou=Computers container and user accounts in ou=Users 
your /etc/ldap.conf file needs to point to the directory tree above the 
ou=Users and above ou=Computers. Additionally the loookup for user accounts 
will have to be a 'sub' type so look-ups will descend both trees.

In other words, I am guessing that in your /etc/ldap.conf you have:

nss_base_passwd ou=People,dc=abmas,dc=biz?one

Instead of:

nss_base_passwd dc=abmas,dc=biz?sub

If my assumptions are correct, then if you set /etc/nsswitch.conf to have:

passwd: ldap
shadow: ldap
group: ldap

and then you execute:

	getent passwd

You will not see a listing of accounts that includes the machine accounts. If 
this what you see, then making the change in /etc/ldap.conf so that:

nss_base_passwd dc=abmas,dc=biz

(of course substituting your directory domain component info) will list the 
machine accounts and you will no longer need them in your /etc/passwd.

In summary, by putting the machine accounts into your /etc/passwd you are 
using a work-around for a broken LDAP/NSS environment.

Does that answer your question and solve the problem?

- John T.


>
> --
> Regards,
>
> Steve Zeng
> Systems Administrator
> Mainframe Entertainment Inc
> T: (604) 628-1000 ext 5293

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list