On my setup, I have libnss and libpam set to filter out machine POSIX accounts. All of my machine accounts have a UID higher than 10000, so I can filter it something like this:
nss_base_passwd dc=domain,dc=com?sub?&(uidNumber<=9999) (objectClass=posixAccount) nss_base_shadow dc=domain,dc=com?sub?&(uidNumber<=9999) (objectClass=posixAccount) Standard Linux utilities will never "see" machine accounts using NSS calls (like getent), but the accounts do exist and Samba doesn't seem to have a problem with them. So I think you'll be okay. Wes On Thursday 17 September 2009 11:46:32 pm Todd E Thomas wrote: > I'm straddling the half-way point between samba and ldap. When adding a > machine to the domain, functionally, it works like you would expect. You > enter in the domain, enter your credentials, and reboot. The computer is > able to function as a machine on the domain. > > I'm using the smbldap-tools as suggested in the wiki. Here's the script: > add machine script = /usr/sbin/smbldap-useradd -w -g 100 -c "Workstation > (%u)" -d /dev/null -s /sbin/nologin "%u" > > When checking on details of the process: > # getent passwd > biggie$:x:1008:100:Workstation (biggie$):/nohome:/sbin/nologin > (works for me) > > # getent group | grep users > users:x:100: > (the machine is not listed as a member of the group) > Should machines be displayed as a member of the group they are added to > like users? > > > ldapsearch -x -b "dc=ptest,dc=us" "(objectclass=*)" | less > # machines, ptest.us > dn: ou=machines,dc=ptest,dc=us > ou: machines > objectClass: organizationalRole > cn: machines > (the ou that biggie is added to) > > # BIGGIE$, machines, ptest.us > dn: uid=BIGGIE$,ou=machines,dc=ptest,dc=us > uid: BIGGIE$ > objectClass: sambaSamAccount > objectClass: account > displayName: BIGGIE$ > (biggie's ldap entry) > > -- > Thanks for the assist, > > Todd E Thomas > C: 515.778.6913 > "It's a frail music knits the world together." > -Robert Dana > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba