[Samba] LDAP PDC question

Derek Harkness dharknes at umd.umich.edu
Fri Sep 30 13:37:02 GMT 2005


When setting up an LDAP PDC do I have to have both user and machines  
in the ou=People container?  Here's what I've got.

LDAP Tree

ou=People,o=umd.umich.edu
ou=NIS,ou=Groups,o=umd.umich.eud
ou=machines,ou=Samba,ou=Services,o=umd.umich.edu
ou=Idmap,ou=Samba,ou=Services,o=umd.umich.edu

smb.conf (ldap stuff)
         ldap delete dn = no
         ldap suffix = o=umd.umich.edu
         ldap user suffix = ou=People
         ldap group suffix = ou=NIS,ou=Groups
         ldap machine suffix = ou=machines,ou=Samba,ou=Services
         ldap idmap suffix = ou=Idmap,ou=Services
         ldapsam:trusted = yes
         idmap backend = ldap:ldap://tien.its.umd.umich.edu
         passdb backend = ldapsam:ldap://tien.its.umd.umich.edu

NSS setting
nss_base_passwd ou=People
nss_base_groups  ou=NIS

When I attempt to join a workstation to the domain the smbldap- 
useradd script works and creates the posix entry, but the samba  
attributes are never add and the workstation returns the error user  
can not be found.  If I try adding the workstation using smbpasswd -a  
-m I get "Failed to initialise SAM_ACCOUNT for user its-1150d$. Does  
this user exist in the UNIX password database" which would be correct  
since machine accounts aren't under ou=People the local workstation  
won't be able to look them up.  I don't want my unix users seeing all  
the windows workstations.

Thanks,
Derek


More information about the samba mailing list