When you join the machine to the domain you should be prompted for credentials of someone who has permissions to join the computer to the domain - this is normally the domain administrator or someone in the domain administrators group. Users who are not domain administrators should not be able to join machines to the domain.
You may also want to change your LDAP structure to get a little more control , e.g "ou=systeme" and "ou=temppeople" should be a children of "ou=people." You can configure your ldap configuration to look for users in "ou=people" and its children. "getent passwd" should still list all the user accounts. On 05/09/12 08:28, Thibaut Jacob wrote: > Hi, > > I'm currently working on a server whitch use samba and openldap, > The OS used is Debian squeeze 6.0.1 64 on the server, the previous was > fedora 5 > > My Samba is the domain Master of the network, the users of the ldap > are link with the samba, and i try to join computer XP to this domain, > so the user present in the ldap could (with login and password) log > on in the domain, access shares etc ... > > ldap schema : ou=people > ou=group > ou=temppeople > ou=tempgroups > ou=systeme > > Samba is well configured with libpam-ldap, libnss-ldap, smb-ldaptools > and the file /etc/nsswitch.conf with > passwd files ldap > group files ldap > shadow files ldap > > When using getent passwd, the server get all the users of the ldap. > > But, ( and their is the problem ) : when trying to join the machine to > the domain, how do i say to samba that only my users in > ou = systeme ; are the only one able to join this one ? Beacause > currently, anyone can join the domain and i don't want it. > > Other Strange things, when i try to join the domain with for exemple > admin99 ( whitch is present in the ou=systeme) , when i'm on the > server and open a Terminal, when i log in root ( su - root ) with the > right password of root, i obtain : > admin99@server , not root@server , and with a ls -lh on folder, files > are on admin99:root > > If i stop ldap 2 minutes after, and re-open a terminal and log as > root, everything come back to normal. > > If you need some infomations, I can give it in the next mail. > > Regards. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
