[Samba] ldap machine suffix = ou=Computers vs ou=Users
The SBMLDAP howto ( http://www.idealx.org/prj/samba/smbldap-howto.en.html ) states that: ldap machine suffix = ou=Computers Is the correct approach to defining machines in the LDAP directory. Yet the advise offered by this group seems to be that, no we should be using : ldap machine suffix = ou=Users We are having problems with a new server that have been attributed to our use of the FAQ's approach will change back to this group's approach, however I'd like to know if anyone know's why there's a discrepancy why the FAQ says one thing the group another. Not trying to start any kind of holy war, just seeking to understand so my systems work correctly. TIA John PS: I suspect different versions of Samba have different answers to above. I'm working with Samba version 3.0.9-1.fc3 I believe this is latest greatest. Speaking for myself, I'm most interested in answer to above in the context of latest version of Samba. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap machine suffix = ou=Computers vs ou=Users
The SBMLDAP howto ( http://www.idealx.org/prj/samba/smbldap-howto.en.html ) states that: ldap machine suffix = ou=Computers Is the correct approach to defining machines in the LDAP directory. Yet the advise offered by this group seems to be that, no we should be using : ldap machine suffix = ou=Users We are having problems with a new server that have been attributed to our use of the FAQ's approach will change back to this group's approach, however I'd like to know if anyone know's why there's a discrepancy why the FAQ says one thing the group another. Not trying to start any kind of holy war, just seeking to understand so my systems work correctly. We operate with - ldap suffix = ou=SAM,o=Morrison Industries,c=US ldap group suffix = ou=Groups ldap user suffix = ou=Entities ldap machine suffix = ou=System Accounts,ou=Entities Works fine. We also seperate root, wheel, guest, etc... out from the 'true' users, But I don't know anything about the idealx scripts since we don't use them. We have our own scripts. Basically your add user / add machine scripts create a posixAccount objectclass, and then Samba finds that via a search and does its thing. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap machine suffix = ou=Computers vs ou=Users
John, I use: ldap group suffix = ou=group ldap machine suffix = ou=people ldap user suffix = ou=people because the docs I was following stated that there was a bug in Samba that prevented a group suffix of ou=computers from working. I can't put my hands on this doc right now, though. Perhaps someone could comment on whether this issue is resolved in 3.0.9 or whether it was an issue at all. Chuck At 06:44 AM 12/9/2004, John Schmerold wrote: The SBMLDAP howto ( http://www.idealx.org/prj/samba/smbldap-howto.en.html ) states that: ldap machine suffix = ou=Computers Is the correct approach to defining machines in the LDAP directory. Yet the advise offered by this group seems to be that, no we should be using : ldap machine suffix = ou=Users We are having problems with a new server that have been attributed to our use of the FAQ's approach will change back to this group's approach, however I'd like to know if anyone know's why there's a discrepancy why the FAQ says one thing the group another. Not trying to start any kind of holy war, just seeking to understand so my systems work correctly. TIA John PS: I suspect different versions of Samba have different answers to above. I'm working with Samba version 3.0.9-1.fc3 I believe this is latest greatest. Speaking for myself, I'm most interested in answer to above in the context of latest version of Samba. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap machine suffix = ou=Computers vs ou=Users
On Thursday 09 December 2004 14:50, Chuck Theobald wrote: John, I use: ldap group suffix = ou=group ldap machine suffix = ou=people ldap user suffix = ou=people because the docs I was following stated that there was a bug in Samba that prevented a group suffix of ou=computers from working. I can't put my hands on this doc right now, though. Perhaps someone could comment on whether this issue is resolved in 3.0.9 or whether it was an issue at all. Chuck It hasn't been an issue for a long time now. I don't remember if it was with Samba or smbldap-tools. But you need to be using a newer smbldap-tools (ones that do not end in .pl). Misty At 06:44 AM 12/9/2004, John Schmerold wrote: The SBMLDAP howto ( http://www.idealx.org/prj/samba/smbldap-howto.en.html ) states that: ldap machine suffix = ou=Computers Is the correct approach to defining machines in the LDAP directory. Yet the advise offered by this group seems to be that, no we should be using : ldap machine suffix = ou=Users We are having problems with a new server that have been attributed to our use of the FAQ's approach will change back to this group's approach, however I'd like to know if anyone know's why there's a discrepancy why the FAQ says one thing the group another. Not trying to start any kind of holy war, just seeking to understand so my systems work correctly. TIA John PS: I suspect different versions of Samba have different answers to above. I'm working with Samba version 3.0.9-1.fc3 I believe this is latest greatest. Speaking for myself, I'm most interested in answer to above in the context of latest version of Samba. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ldap machine suffix = ou=Computers vs ou=Users
There's a discussion of this from last month here: http://lists.samba.org/archive/samba/2004-November/096287.html and here: http://lists.samba.org/archive/samba/2004-November/096342.html read through the threads and you'll find your answers. HTH Geoff -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap machine suffix = ou=Computers vs ou=Users
On Thu, 2004-12-09 at 16:37 -0500, Misty Stanley-Jones wrote: On Thursday 09 December 2004 14:50, Chuck Theobald wrote: John, I use: ldap group suffix = ou=group ldap machine suffix = ou=people ldap user suffix = ou=people because the docs I was following stated that there was a bug in Samba that prevented a group suffix of ou=computers from working. I can't put my hands on this doc right now, though. Perhaps someone could comment on whether this issue is resolved in 3.0.9 or whether it was an issue at all. Chuck It hasn't been an issue for a long time now. I don't remember if it was with Samba or smbldap-tools. But you need to be using a newer smbldap-tools (ones that do not end in .pl). --- I don't know about the newer smbldap-tools but I think the problem lies more with the requirement that samba users must be posixAccounts and thus, the posix information for these machine accounts need to be located when connected. There has been numerous discussions about using 'sub' instead of 'one' when parsing the ldap directory which has load/performance implications and these scaling issues are something to be dealt with. It gets cumbersome to answer for those that are having problems. These issues are difficult for those that don't have familiarity with ldap and when you get the processes down, it's easy enough to move the machine accounts to another container and until then, the far easier route is to put them in the user container. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap machine suffix = ou=Computers vs ou=Users
John Schmerold wrote: The SBMLDAP howto ( http://www.idealx.org/prj/samba/smbldap-howto.en.html ) states that: ldap machine suffix = ou=Computers Is the correct approach to defining machines in the LDAP directory. Yet the advise offered by this group seems to be that, no we should be using : ldap machine suffix = ou=Users issue is with the system itself, not with samba. so basically you can use any container for machines as long as your system is able to find it. if you're using pam_ldap from padl, just put a comment on ... base dc=example,dc=com scope sub #nss_base_passwdou=People,dc=example,dc=com?one #nss_base_shadowou=People,dc=example,dc=com?one nss_base_group ou=Group,dc=example,dc=com?one .. or if from server you can do : [EMAIL PROTECTED] root]# id raptor$ uid=10096(raptor$) gid=2005(myws) groups=2005(myws) then samba will satisfied. -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
