Igor Belyi wrote:In short, it is borken and you'll need to have both machine and user accounts in the same location in LDAP for now.
I'll try to look in the code but I promise nothing. :o)
It's not so much broken as it is designed for a particular purpose and limited by that decision. There is a bug filed against it that explains most of the reasoning but I can't remember the number. To paraphrase (and probably mangle) the intent... they decided to require machine accounts to be 'users' because that is what you have to do to assign rights to a machine, which is a perfectly logical operation under the windows system.
The bug is #1292. I don't quite understand Gerald's remard regarding nss_ldap since Samba uses its own library to access LDAP for account information.
On related note - somehow it works for me. I've updated my config files to separate locations for machine accounts into ou=Computers,dc=xxxxx and users into ou=People,dc=xxxxx, My WinXP was added to domain without a problem and users can login into it without a problem. I do remember that it didn't work before...
In smbldap_conf.pm I have: $suffix = "dc=xxxxx" $usersou = q(People); $usersdn = "ou=$usersou,$suffix"; $computersou = q(Computers); $computersdn = "ou=$computersou,$suffix";
In smb.conf: domain logons = yes security = USER encrypt passwords = true preferred master = yes domain master = yes passdb backend = ldapsam ldap suffix = dc=xxxxx ldap user suffix = ou=People ldap group suffix = ou=Group
Alexei, if you still want to pursue this problem can you post your smb.conf and samba log related to the problem with "log level" set to 2 or more?
Igor
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
