[Samba] UNIX accounts needed for machine accounts?
Lukas Haase
lukashaase at gmx.at
Wed Dec 16 08:38:14 MST 2009
Lukas Haase schrieb:
> Ralf Hornik Mailings schrieb:
>> Lukas Haase <lukashaase at gmx.at> schreibte:
>>
>>> Yes I think that is the one solution. But the reason why I did not
>>> yet do it is simple: Because the machine Accounts are not users!
>>
>> Machine accounts are very well users! ;-)
>> Respective samba users. So by design they have to reside your samba
>> containers.
>> However you can seperate them by name (as in my suggestion of your
>> LDAP design) but getent will (and should) always find them.
>
> Yes.
>
> Are you familiar with LDAP?
>
> I created an alias now:
>
> ou=machines,ou=int,ou=users,dc=example,dc=com -->
> ou=machines,dc=example,dc=com
>
> That works really good on the fly ... if I enable dereference aliases in
> my LDAP browser I there is even no difference.
>
> libnss-ldap seems to support "dereferencing aliases".
>
> So it should work...BUT is this a good idea or is it better to "move"
> the machines there instead of linking?
Sorry to quote myself...but I think that would have another big
advantage: I would only need to dereference the aliases on the PDC
machine and nowhere other I would have the ugly machine accounts in the
system :)
> Regards,
> Luke
More information about the samba
mailing list