Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED

Tue, 20 Jul 2004 08:33:07 -0700 

Mohammad Reza wrote:

Dear lists...

But this still un-solved the real problem to join w2k to samba3-ldap .
I'm here with the same situation.
I even switch my distro to SuSe with same result, still cant join domain.
Please give us hint how to solve or debug this problem.



Sorry, I looked at the thread, and I don't have info about your problem with w2k. According to what I read at the link posted by Abebe, I think it may be a problem with the unix system not "seeing" the machine account created automatically by samba (ie, the smbldap-useradd script). You should be able to do a "su - winxp\$" as root, and it should log in:

obelix:~# su - virtualxp\$
No directory, logging in with HOME=/

Off course, it will not give you a prompt as virtualxp\$, because the shell is /bin/false, but If the user didn't existed, it would answered: Unkown ID, or something like that.


regards
reza

-----Original Message-----
From:   Craig White [mailto:[EMAIL PROTECTED]
Sent:   Tue 7/20/2004 9:48 AM
To:     [EMAIL PROTECTED]
Cc:     
Subject:        Re: [Samba] Samba+LDAP - so close yet so far  :) ...STILL NOT SOLVED
On Mon, 2004-07-19 at 19:34, José Ildefonso Camargo Tolosa wrote:



http://samba.idealx.org/smbldap-howto.fr.html as you
recommended. I have one big question, which one do I
put in '/etc/ldap.conf'

nss_base_passwd dc=wbcoll,dc=edu?one
nss_base_shadow dc=wbcoll,dc=edu?one
nss_base_group  ou=Groups,dc=wbcoll,dc=edu?one

or

nss_base_passwd        ou=Users,dc=wbcoll,dc=edu?one
nss_base_shadow        ou=Users,dc=wbcoll,dc=edu?one
nss_base_group         ou=Groups,dc=wbcoll,dc=edu?one




Neither, use this:

nss_base_passwd dc=wbcoll,dc=edu?sub
nss_base_shadow dc=wbcoll,dc=edu?sub
nss_base_group  ou=Groups,dc=wbcoll,dc=edu?one

Look at the sub, it tells the system to descend to all the sub-objects it may have.



---
It is pertinent to consider that this suggestion waives any efficiency
for ease of use as it will tell all user lookups to search the entire
LDAP tree.

I already told him to use his second choice as that is most efficient. I
recognize that your option would permit the option of trying to use a
separate organizational unit for Computers but this guy is endlessly
confused, and simple is clearly better for his purposes, without
considering the impact of excessive searching of the LDAP db.

Craig




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to