[Samba] Why need to add a machine account to /etc/passwd first
with Samba+LDAP
John H Terpstra
jht at samba.org
Fri Mar 11 01:08:31 GMT 2005
On Thursday 10 March 2005 17:55, Steve Zeng wrote:
> > On Thursday 10 March 2005 17:13, Steve Zeng wrote:
> >>John,
> >>
> >>You are the man. problem sovled. I change /etc/ldap.conf as you
> >> suggested:
> >>
> >>nss_base_passwd dc=mfelc?sub
> >>nss_base_group dc=mfelc?sub
> >>nss_base_hosts dc=mfelc?sub
> >
> > Why do you have the nss_base_hosts entry set in /etc/ldap.conf? Samba
> > does not need/use that. Unless you know precisely how to use that I'd
> > suggest commenting it out.
>
> Good point.
>
> >>and I have "add machine script=/usr/sbin/smbldap-useradd -w %u" included
> >>in smb.conf. Now it works perfectly. machine account is created on the
> >> fly!
> >>
> >>One more question for you. if I use LDAP only for hosts lookup in
> >>nsswitch, all the machine names come with a "$". In this case, how can I
> >>resolve hostname?
> >
> > Please explain. Host entries are of the form:
> >
> > 192.168.0.1 hostname.domain.tld hostname
>
> I don't have a local /etc/hosts file in the Samba PDC. So I need to
> resolve hostname with LDAP. My nsswitch.conf looks like this:
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
> hosts: files ldap
>
> > Where is the '$' in that?
>
> It is from LDAP when machine account was created on the fly. I checked
> the LDAP DIT, the dn for machine account is as follows:
>
> uid=ajatar$,ou=Computers,dc=mfelc
>
OK, but that is not a hosts entry! That is just a Windows NT domain security
account for the machine. That is not resolved through the hosts facility in
NSS.
- John T.
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba
mailing list