[Samba] LDAP PDC question
Marcel de Riedmatten
mdr at dotforge.ch
Tue Oct 4 12:52:22 GMT 2005
Le ven 30/09/2005 à 15:37, Derek Harkness a écrit :
> When setting up an LDAP PDC do I have to have both user and machines
> in the ou=People container? Here's what I've got.
>
> LDAP Tree
>
> ou=People,o=umd.umich.edu
> ou=NIS,ou=Groups,o=umd.umich.eud
> ou=machines,ou=Samba,ou=Services,o=umd.umich.edu
> ou=Idmap,ou=Samba,ou=Services,o=umd.umich.edu
>
> -m I get "Failed to initialise SAM_ACCOUNT for user its-1150d$. Does
> this user exist in the UNIX password database" which would be correct
> since machine accounts aren't under ou=People the local workstation
> won't be able to look them up. I don't want my unix users seeing all
> the windows workstations.
The domain controllers have to see machine account. I have a setup like
yours but on the pdc my nss setup is:
base o=umd.umich.edu
#nss_base_passwd ou=People
so the whole tree is searched while on other machines it is:
base o=umd.umich.edu
nss_base_passwd ou=People
and here the machines account are not seen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
Url : http://lists.samba.org/archive/samba/attachments/20051004/8c9edc87/attachment.bin
More information about the samba
mailing list