[Samba] By Example Chapter 9 question

Craig White craigwhite at azapple.com
Mon Mar 14 07:21:10 GMT 2005

On Mon, 2005-03-14 at 00:24 -0600, John Schmerold wrote:
> Pardon my confusion:
> Does this mean the Samba guide is correct?  If so why the difference 
> between p 242 & 252?
The only thing that is correct is what you have chosen when you got it
all working.

I have setups (early) where computers and people are in

I just completed a setup where computers are in
ou=Computers,ou=Accounts,dc=example,dc=com and people are in
ou=People,ou=Accounts,dc=example,dc=com and use a 'sub' search in
ou=Accounts,dc=example,dc=com in padl stuff

I intend to play with methodologies to combine the two into a virtual ou
for samba and have my cake and eat it too.

The problem is really samba - it treats computers much as it does people
since computer accounts change passwords but there is little interest in
posixAccount stuff beyond what is absolutely necessary (I think the
current versions would have you set userHome to /dev/null)

So in answer to your question - there is no absolute one correct way.
There is only the way you make it work on your network.

Samba documentation tends to view these things with a tunnel vision -
what is best for samba - that would be to dump computers and people in
the same container. I tend to use LDAP for things other than samba and
thus, when JHT suggests a 'huge performance hit' for searching two
containers, it neglects the notion that I have
lmtp/mod_authzldap/imap/ftp/etc. searching going on in LDAP continually
and (neglecting optimized, cached LDAP setup for a moment), that 'huge
performance hit' for samba looks like a big win for everything else.
It's likely to be a matter of assessing your priorities and evaluating
your needs.


More information about the samba mailing list