On Wednesday 24 November 2004 16:44, Alex Satrapa wrote: > On 25 Nov 2004, at 10:09, John H Terpstra wrote: > > On Wednesday 24 November 2004 15:30, tom burkart wrote: > >> The other really useful thing I found while looking for the above > >> reference is in the Samba-Guide/happy.html#id2536161 where in the > >> note it > >> says that having separate containers for users and computers does not > >> yet > >> work, yet examples appear to use this (hence I got the crazy idea it > >> should just work and it didn't). > > > > Smile. :) It can be made to work by moving the basedn up the tree. The > > performance impact works against that. > > Another option is to add a new ou into the tree - I can't remember > where I read this idea: > > dc=example,dc=com > > + ou=Accounts > > + ou=People > > + ou=Computers > > That way you can limit the search to ou=Account,dc=example,dc=com, and > still separate Computer accounts from People accounts.
Precisely how does this help? What is the benefit? You still need to be able to resolve BOTH machine accounts AND user accounts via NSS. There is only one vehicle that is the mechanism for user account resolution - the NSS entry for passwd. This is achieved through ldap.conf by specifying the nss_base_passwd entry. No matter how you cut your cake with this, the machine accounts _AND_ the user accounts must be listed by: getent passwd So - why separate them? What is the gain? - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba