On Tuesday 21 September 2004 12:05, Nathan Howard wrote: > deff wrote: > > On Saturday 18 September 2004 21:31, Alexei Monastyrnyi wrote: > >>And what was the result of that struggle? > >>Didi you make it work? > > > > Yes, I did. In some other thread someone mentioned that it is mandatory > > to put all users and machines accounts to ou=People due to some weird > > samba design decision. However, it isn't mentioned in any howto, neither > > official nor idealx's, and samba doesn't complain about it in any way > > either. Too bad...for me. > > Actually it is mentioned in the samba guide: > Chapter 6: > http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html > > 1/2 way down the page just before table 6.2 there is a "Note"
Ok my bad, i guess i'll have to learn to read better, or just buy a new pair of glasses. I went by idealx howto and while i read note regarding "the bug", i didn't pay enough attention to it, as their formulation was vague, i considered samba 3.0.2 outdated, and DIT schema was outlined as dc=IDEALX,dc=ORG | `--- ou=Users : to store user accounts for Unix and Windows systems | `--- ou=Computers : to store computer accounts for Windows systems which i was familiar with from windows pdcs. I'd better not presume anything in the future. > > ==quote== > In the following examples, as the LDAP database is initialized, we do > create a container for Computer (machine) accounts. In the Samba-3 > smb.conf files, specific use is made of the People container, not the > Computers container, for domain member accounts. This is not a mistake; > it is a deliberate action that is necessitated by the fact that there is > a bug in Samba-3 that prevents it from being able to search the LDAP > database for computer accounts if they are placed in the Computers > container. By placing all machine accounts in the People container, we > are able to side-step this bug. It is expected that at some time in the > future this problem will be resolved. At that time, it will be possible > to use the Computers container in order to keep machine accounts > separate from user accounts. > ==endquote== > > > However the samba Howto is very vaugue > http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id25 >33197 > > Under "Accounts and Group Management" > > ==quote== > Machine accounts are managed with the sambaSamAccount objectclass, > just like users accounts. However, it is up to you to store those > accounts in a different tree of your LDAP namespace. You should use > “ou=Groups,dc=quenya,dc=org” to store groups and > “ou=People,dc=quenya,dc=org” to store users. Just configure your NSS and > PAM accordingly (usually, in the /etc/openldap/sldap.conf configuration > file). > ==endquote== > > I am having similar symptoms as well although I am using the same > container for both Users and Computers. > > The symptoms being "User not found" when trying to join domain from 2k > box. I'm still investigating at the moment although this worked fine > with samba 3.0.4 with exactly same config. > > Samba is now 3.0.7 > Not sure about the IDELX scripts as they came with the samba gentoo > package so i'm about to look to see what version they really are. > > Nathan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
