Beast wrote: > On Thu, 15 Jan 2004 22:54:54 -0400 > Vegeta <[EMAIL PROTECTED]> wrote: >> >> No, the key is not the smb.conf file but the ldap.conf file. Samba seems >> to look for machine accounts among users returned by the Name Service >> Switch (what you get when you run the command 'getent passwd'). > > Thats why i ask whether id machinename$ work or not first, even it's work > for me, samba still can't add machine in domain if ldap filter in smb.conf > is default. > >> >> Most people has the "nss_base_passwd" property in ldap.conf set as >> "ou=People, dc=domain,dc=com" and the "scope" property set as "one". >> If ldap.conf is configured this way NSS only returns entries in the >> ou=People subtree. > > Afaik, no. the default is commented, let me know your os if its not. > Its there to speedup the queries, you can tweak it as you need but not by > default. The value will overwrite any base and sub mentioned before. > > Btw, setting this value correctly will *greatly* reduce the load of ldap > server, esp. under heavy load and thousands entries in ldap. OL can lockup > the machine under heavy load, so beware... > >> >> If "scope" is set to "sub" and "nss_base_passwd" is set to >> "dc=domain,dc=com" then NSS switch will return as users all entries in >> subtrees of "dc=domain,dc=com", including both the ou=Computers and the >> ou=People subtree. >> > > If you did not set, default is sub (nss_ldap from padl) > I've set it just to make it more readable. > > So, the key is in ldap filter (smb.conf) until you can prove it was wrong > :-) > > > --beast > The key is not ldap filter. If ldap filter includes 'objectclass=sambaSamAccount' you can only modify existing entries with objectclass=sambaSamAccount. You cannot add samba attributes to existing entries because they do not have objectclass=sambaSamAccount. The first time I could sucessfully use smbpasswd -a was when I removed 'objectclass=sambaSamAccount' from the ldap filter. At that time, I could not add machines to ou=Computers. If you don't believe me, try setting 'scope one' and 'nss_base_passwd ou=People,...' in nsswitch.conf.
-- Fuera Chávez -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba