[Samba] LDAP PDC question
Derek Harkness
dharknes at umd.umich.edu
Fri Sep 30 13:37:02 GMT 2005
When setting up an LDAP PDC do I have to have both user and machines
in the ou=People container? Here's what I've got.
LDAP Tree
ou=People,o=umd.umich.edu
ou=NIS,ou=Groups,o=umd.umich.eud
ou=machines,ou=Samba,ou=Services,o=umd.umich.edu
ou=Idmap,ou=Samba,ou=Services,o=umd.umich.edu
smb.conf (ldap stuff)
ldap delete dn = no
ldap suffix = o=umd.umich.edu
ldap user suffix = ou=People
ldap group suffix = ou=NIS,ou=Groups
ldap machine suffix = ou=machines,ou=Samba,ou=Services
ldap idmap suffix = ou=Idmap,ou=Services
ldapsam:trusted = yes
idmap backend = ldap:ldap://tien.its.umd.umich.edu
passdb backend = ldapsam:ldap://tien.its.umd.umich.edu
NSS setting
nss_base_passwd ou=People
nss_base_groups ou=NIS
When I attempt to join a workstation to the domain the smbldap-
useradd script works and creates the posix entry, but the samba
attributes are never add and the workstation returns the error user
can not be found. If I try adding the workstation using smbpasswd -a
-m I get "Failed to initialise SAM_ACCOUNT for user its-1150d$. Does
this user exist in the UNIX password database" which would be correct
since machine accounts aren't under ou=People the local workstation
won't be able to look them up. I don't want my unix users seeing all
the windows workstations.
Thanks,
Derek
More information about the samba
mailing list