Lukas Haase schrieb:
Ralf Hornik Mailings schrieb:
Lukas Haase <[email protected]> schreibte:
Yes I think that is the one solution. But the reason why I did not
yet do it is simple: Because the machine Accounts are not users!
Machine accounts are very well users! ;-)
Respective samba users. So by design they have to reside your samba
containers.
However you can seperate them by name (as in my suggestion of your
LDAP design) but getent will (and should) always find them.
Yes.
Are you familiar with LDAP?
I created an alias now:
ou=machines,ou=int,ou=users,dc=example,dc=com -->
ou=machines,dc=example,dc=com
That works really good on the fly ... if I enable dereference aliases in
my LDAP browser I there is even no difference.
libnss-ldap seems to support "dereferencing aliases".
So it should work...BUT is this a good idea or is it better to "move"
the machines there instead of linking?
Sorry to quote myself...but I think that would have another big
advantage: I would only need to dereference the aliases on the PDC
machine and nowhere other I would have the ugly machine accounts in the
system :)
Regards,
Luke
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
