[Samba] UNIX accounts needed for machine accounts?
Lukas Haase
lukashaase at gmx.at
Wed Dec 16 08:34:57 MST 2009
Ralf Hornik Mailings schrieb:
> Lukas Haase <lukashaase at gmx.at> schreibte:
>
>> Yes I think that is the one solution. But the reason why I did not yet
>> do it is simple: Because the machine Accounts are not users!
>
> Machine accounts are very well users! ;-)
> Respective samba users. So by design they have to reside your samba
> containers.
> However you can seperate them by name (as in my suggestion of your LDAP
> design) but getent will (and should) always find them.
Yes.
Are you familiar with LDAP?
I created an alias now:
ou=machines,ou=int,ou=users,dc=example,dc=com -->
ou=machines,dc=example,dc=com
That works really good on the fly ... if I enable dereference aliases in
my LDAP browser I there is even no difference.
libnss-ldap seems to support "dereferencing aliases".
So it should work...BUT is this a good idea or is it better to "move"
the machines there instead of linking?
Regards,
Luke
More information about the samba
mailing list