--On Wednesday, November 17, 2004 05:09:19 PM +0100 Paul Coray <[EMAIL PROTECTED]> wrote:
Marcel de Riedmatten schrieb:
Now I realize this works when i configure LDAP and Idealx-Tools to store machine accounts in the same container as useraccounts. Although this makes my directory look somewhat messy, I can live with it if I have to. Still I can't add machines doing smbldap-useradd -w, nor when I try to join the domain from a client.
you can have them separated. What count is that the machines account are visible on domain controllers (PDC BDC) ie getent passwd must show the machine (posix) account. This is nss_ldap configuration. If samba doesn't see the machine (posix) account it won't work .
So can I specify more then one nss base for passwd in libnss-ldap.conf?
i.e.
nss_base_passwd ou=Users,dc=mydomain,dc=ch nss_base_passwd ou=Computers,dc=mydomain,dc=ch
Rather than specify this twice why don't you just move the base up? For example:
nss_base_passwd dc=mydomain,dc=ch
Bill
nss_base_group ou=Groups,dc=mydomain,dc=ch
So I would suspect some problem in the communication with the
PDC and double check that on the samba box
1) you have the domain SID as local SID
Do SIDS for the PDC and for the domain have to be the same?
yes the domain SID _is_ the (local) SID of the PDC and all domain controllers must have the same SID.
Thanks Marcel, this is very valuable information to me! I think these should be pointed out more clearly in the docs.
Cheers
Paul
-- Paul Coray Administrator Server und Netzwerk
Oeffentliche Bibliothek der Universitaet Basel EDV-Abteilung Schoenbeinstrasse 18-20 CH-4056 Basel
Tel: +41 61 267 05 13 Fax: +41 61 267 31 03
mailto:[EMAIL PROTECTED] http://www.ub.unibas.ch
+--------------------------------------------------- | Bill MacAllister | 14219 Auburn Road | Grass Valley, CA 95949 | 530-272-8555 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
