[Samba] Verification on HOW adding a machines works
wdevie at hrcsb.org
Fri Sep 18 08:43:52 MDT 2009
On my setup, I have libnss and libpam set to filter out machine POSIX accounts.
All of my machine accounts have a UID higher than 10000, so I can filter it
something like this:
Standard Linux utilities will never "see" machine accounts using NSS calls
(like getent), but the accounts do exist and Samba doesn't seem to have a
problem with them. So I think you'll be okay.
On Thursday 17 September 2009 11:46:32 pm Todd E Thomas wrote:
> I'm straddling the half-way point between samba and ldap. When adding a
> machine to the domain, functionally, it works like you would expect. You
> enter in the domain, enter your credentials, and reboot. The computer is
> able to function as a machine on the domain.
> I'm using the smbldap-tools as suggested in the wiki. Here's the script:
> add machine script = /usr/sbin/smbldap-useradd -w -g 100 -c "Workstation
> (%u)" -d /dev/null -s /sbin/nologin "%u"
> When checking on details of the process:
> # getent passwd
> biggie$:x:1008:100:Workstation (biggie$):/nohome:/sbin/nologin
> (works for me)
> # getent group | grep users
> (the machine is not listed as a member of the group)
> Should machines be displayed as a member of the group they are added to
> like users?
> ldapsearch -x -b "dc=ptest,dc=us" "(objectclass=*)" | less
> # machines, ptest.us
> dn: ou=machines,dc=ptest,dc=us
> ou: machines
> objectClass: organizationalRole
> cn: machines
> (the ou that biggie is added to)
> # BIGGIE$, machines, ptest.us
> dn: uid=BIGGIE$,ou=machines,dc=ptest,dc=us
> uid: BIGGIE$
> objectClass: sambaSamAccount
> objectClass: account
> displayName: BIGGIE$
> (biggie's ldap entry)
> Thanks for the assist,
> Todd E Thomas
> C: 515.778.6913
> "It's a frail music knits the world together."
> -Robert Dana
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba