On Thursday 10 March 2005 17:13, Steve Zeng wrote: > John, > > You are the man. problem sovled. I change /etc/ldap.conf as you suggested: > > nss_base_passwd dc=mfelc?sub > nss_base_group dc=mfelc?sub > nss_base_hosts dc=mfelc?sub
Why do you have the nss_base_hosts entry set in /etc/ldap.conf? Samba does not need/use that. Unless you know precisely how to use that I'd suggest commenting it out. > > and I have "add machine script=/usr/sbin/smbldap-useradd -w %u" included > in smb.conf. Now it works perfectly. machine account is created on the fly! > > One more question for you. if I use LDAP only for hosts lookup in > nsswitch, all the machine names come with a "$". In this case, how can I > resolve hostname? Please explain. Host entries are of the form: 192.168.0.1 hostname.domain.tld hostname Where is the '$' in that? - John T. > > Thanks. > > Steve > > > On Thursday 10 March 2005 13:56, Steve Zeng wrote: > >>Hi, > >> > >>I am using Samba 3.0.10 PDC with LDAP as password DB. Before we use > >>smbpasswd as passwd DB and every time I need to add a machine account > >>into /etc/passwd so that the mahcine can join the domain. My > >>understanding for LDAP is, this step is not needed any more since we > >>will put all machine account into "ou=Computers". But I am proved to be > >>wrong. > >> > >>Is this the way Samba works? I mean, samba has to make sure a machine > >>account exist in the /etc/passwd file of Samba PDC, doesn't it? > > > > Nope. If you use LDAP, then both the POSIX account and the > > SambaSAMAccount infromation should be in LDAP. On the other hand, if you > > put your machine accounts into the ou=Computers container and user > > accounts in ou=Users your /etc/ldap.conf file needs to point to the > > directory tree above the ou=Users and above ou=Computers. Additionally > > the loookup for user accounts will have to be a 'sub' type so look-ups > > will descend both trees. > > > > In other words, I am guessing that in your /etc/ldap.conf you have: > > > > nss_base_passwd ou=People,dc=abmas,dc=biz?one > > > > Instead of: > > > > nss_base_passwd dc=abmas,dc=biz?sub > > > > If my assumptions are correct, then if you set /etc/nsswitch.conf to > > have: > > > > passwd: ldap > > shadow: ldap > > group: ldap > > > > and then you execute: > > > > getent passwd > > > > You will not see a listing of accounts that includes the machine > > accounts. If this what you see, then making the change in /etc/ldap.conf > > so that: > > > > nss_base_passwd dc=abmas,dc=biz > > > > (of course substituting your directory domain component info) will list > > the machine accounts and you will no longer need them in your > > /etc/passwd. > > > > In summary, by putting the machine accounts into your /etc/passwd you are > > using a work-around for a broken LDAP/NSS environment. > > > > Does that answer your question and solve the problem? > > > > - John T. > > > >>-- > >>Regards, > >> > >>Steve Zeng > >>Systems Administrator > >>Mainframe Entertainment Inc > >>T: (604) 628-1000 ext 5293 -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
