Thanks! I was doing some testing this morning and found that on the
pdc I was setup nss like this
nss_base_passwd ou=People
nss_base_passwd ou=machines,ou=Samba
In my 15 minutes of testing it appears to work well. With the size
of our LDAP, searching from the base could take a very long time.
Thanks again,
Derek
On Oct 4, 2005, at 8:52 AM, Marcel de Riedmatten wrote:
Le ven 30/09/2005 à 15:37, Derek Harkness a écrit :
When setting up an LDAP PDC do I have to have both user and machines
in the ou=People container? Here's what I've got.
LDAP Tree
ou=People,o=umd.umich.edu
ou=NIS,ou=Groups,o=umd.umich.eud
ou=machines,ou=Samba,ou=Services,o=umd.umich.edu
ou=Idmap,ou=Samba,ou=Services,o=umd.umich.edu
-m I get "Failed to initialise SAM_ACCOUNT for user its-1150d$. Does
this user exist in the UNIX password database" which would be correct
since machine accounts aren't under ou=People the local workstation
won't be able to look them up. I don't want my unix users seeing all
the windows workstations.
The domain controllers have to see machine account. I have a setup
like
yours but on the pdc my nss setup is:
base o=umd.umich.edu
#nss_base_passwd ou=People
so the whole tree is searched while on other machines it is:
base o=umd.umich.edu
nss_base_passwd ou=People
and here the machines account are not seen.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
