Hiya all, this should hopefully be a simple question. I've noticed that their is a setting: ldap machine suffix Allowing you to put all the machine accounts in a different tree in your ldap directory (which is a definate plus). However, I note, that it is almost impossible to do so. Has anyone done this (eg had machines in ou=Machines,dc=domain,dc=com and people in ou=People,dc=domain,dc=com)? If so, how did you add machines? I've tried smbpasswd -a -m MACHINE and with debugging, it shows that it tries to find a posix account for MACHINE$ first, which obviously doesn't exist. The actual fault is, after determining that a sambaSamAccount object doesn't exist, it goes back to getpwnam to try and find an account. Obviously if I am putting machines in a different tree, pam_ldap, etc aren't going to find them there. I've enabled "ldap trust ids", and put the machine suffix correctly. I have also tried creating a sambaSamAccount object in the right tree, but the sambaSamAccount requires a sambaSID, which I can't generate (its suppose to be smbpasswd's job).
If anyone can shed some light on this, it would be most helpful, otherwise its back to having MACHINE$'s amoungst the list of users in LDAP trees, which seems rather stupid, considering the purpose of LDAP is to organise everything neatly. Thanks heaps, Nick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
