[Samba] LDAP PDC question
Derek Harkness
dharknes at umd.umich.edu
Tue Oct 4 12:57:55 GMT 2005
Thanks! I was doing some testing this morning and found that on the
pdc I was setup nss like this
nss_base_passwd ou=People
nss_base_passwd ou=machines,ou=Samba
In my 15 minutes of testing it appears to work well. With the size
of our LDAP, searching from the base could take a very long time.
Thanks again,
Derek
On Oct 4, 2005, at 8:52 AM, Marcel de Riedmatten wrote:
> Le ven 30/09/2005 à 15:37, Derek Harkness a écrit :
>
>> When setting up an LDAP PDC do I have to have both user and machines
>> in the ou=People container? Here's what I've got.
>>
>> LDAP Tree
>>
>> ou=People,o=umd.umich.edu
>> ou=NIS,ou=Groups,o=umd.umich.eud
>> ou=machines,ou=Samba,ou=Services,o=umd.umich.edu
>> ou=Idmap,ou=Samba,ou=Services,o=umd.umich.edu
>>
>>
>
>
>> -m I get "Failed to initialise SAM_ACCOUNT for user its-1150d$. Does
>> this user exist in the UNIX password database" which would be correct
>> since machine accounts aren't under ou=People the local workstation
>> won't be able to look them up. I don't want my unix users seeing all
>> the windows workstations.
>>
>
> The domain controllers have to see machine account. I have a setup
> like
> yours but on the pdc my nss setup is:
>
> base o=umd.umich.edu
> #nss_base_passwd ou=People
>
>
> so the whole tree is searched while on other machines it is:
>
> base o=umd.umich.edu
> nss_base_passwd ou=People
>
> and here the machines account are not seen.
>
>
>
>
More information about the samba
mailing list