[Samba] UNIX accounts needed for machine accounts?
Lukas Haase
lukashaase at gmx.at
Wed Dec 16 03:45:00 MST 2009
Hi,
I have the following problem: My structure is stored in LDAP that way:
dc=example,dc=com
+ ou=groups
| + cn=Account Operators
| + ...
+ ou=machines
| + uid=workstation1$
| + uid=workstation2$
| + ...
+ ou=users
+ ou=int
| + uid=user1
| + uid=user2
| + ...
+ ou=ext
+ uid=user3
+ uid=user4
+ ...
...
Only internal users (in ou=int) branch have the samba object classes and
should be available on internal servers.
Therefore I set the in the libnss-ldap the search scope for the users to
ou=int,ou=users,dc=example,dc=com.
But this also means that the machine accounts are not available on the
UNIX server.
Is this necessary? Does it cause any problems?
If yes, is there a solution for that (except putting the machine
accounts into the ou=int branch)?
Regards,
Luke
More information about the samba
mailing list