add nss_base_passwd ou=Computers,dc=padl,dc=com?one where Computers is the organizational unit where you've got machine names stored. You'll end up with 2 nss_base_passwd entries, one for users, one for computers...
________________________________ From: "[email protected]" <[email protected]> To: ray klassen <[email protected]>; Adam Williams <[email protected]> Cc: [email protected] Sent: Monday, 11 May, 2009 8:08:49 Subject: Re: [Samba] Users can't login on Samba+Ldap Is this the section that has to be configured in ldap.conf? #nss_base_passwd ou=People,dc=padl,dc=com?one #nss_base_shadow ou=People,dc=padl,dc=com?one #nss_base_group ou=Group,dc=padl,dc=com?one #nss_base_hosts ou=Hosts,dc=padl,dc=com?one #nss_base_services ou=Services,dc=padl,dc=com?one #nss_base_networks ou=Networks,dc=padl,dc=com?one #nss_base_protocols ou=Protocols,dc=padl,dc=com?one #nss_base_rpc ou=Rpc,dc=padl,dc=com?one #nss_base_ethers ou=Ethers,dc=padl,dc=com?one #nss_base_netmasks ou=Networks,dc=padl,dc=com?ne #nss_base_bootparams ou=Ethers,dc=padl,dc=com?one #nss_base_aliases ou=Aliases,dc=padl,dc=com?one #nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one because all the directives are commented excepted the following: base dc=DOMAIN,dc=IT binddn cn=anonymous,dc=DOMAIN,dc=IT bindpw xxxxxxx ldap_version 3 nss_initgroups_ignoreusers pam_password md5 rootbinddn cn=admin,dc=dc=DOMAIN,dc=IT uri ldap://127.0.0.1/ > /etc/ldap.conf has to include a lookup for passwd in the ou=Computers section or machines have to be duplicated in /etc/passwdjust find the one for Users and add a similar one for Computers.From: "[email protected]" <[email protected]>To: Adam Williams <[email protected]>Cc: [email protected]: Monday, 11 May, 2009 7:35:01Subject: Re: [Samba] Users can't login on Samba+LdapYes, this is the [GLOBAL] section of my smb.conf[global] dos charset = 850 unix charset = ISO8859-1 workgroup = DOMAIN.IT server string = SERVERNAME map to guest = Bad User passdb backend = ldapsam:ldap://localhost/ syslog = 0 log file = /var/log/samba/%m max log size = 100000 smb ports = 3D 139 time server = Yes deadtime = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups > add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u""%g" set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" logon script = logon.bat logon path = logon drive = C: logon home = domain logons = Yes os level = 15 preferred > master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=admin,dc=DOMAIN,dc=IT ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=DOMAIN,dc=IT ldap user suffix = ou=Users create mask = 0640 directory mask = 0750 nt acl support = No case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd> > > do you have ldap machine suffix = ou=Computers> in smb.conf?> > [email protected] wrote:> &gt;> &gt; If I join a workstation (directly by the workstation) it is added toldap db> &gt; but it doesn't see the domain until I manually add an entry for it in> &gt; /etc/passwd> &gt;> &gt; > > -- To unsubscribe from this list go to the following URL and read theinstructions: https://lists.samba.org/mailman/options/samba > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
