samba - Feb 2003 - Joining PDC w/LDAP Question

Should I be required to add the machine to my passwd file even if I am using
LDAP when joining a W2K domain domain?  The only way I can get a machine to
join my Samba PDC is via the following commands.

# /usr/sbin/useradd -g 100 -d /dev/null -c "asa" -s /bin/false asa$
# smbpasswd -a -m asa

I thought that using ldapsam would lookup all machine information from LDAP
without having to deal with passwd.  Any comments would be appreciated.
Thanks.

> Date: Tue, 11 Feb 2003 08:58:22 -0500
> From: "Samba Newsgroups" <john.peak@mckesson.com>
> To: samba@lists.samba.org
> Subject: [Samba] Joining PDC w/LDAP Question
> Message-ID: <b2b7nk$5g4$1@main.gmane.org>
> Precedence: list
> Message: 15
> 
> Should I be required to add the machine to my passwd file even if I am
using
> LDAP when joining a W2K domain domain? 
No, an LDAP account is enough, as long as your box is setup to retrieve
user information from ldap (ie via nss_ldap).
> The only way I can get a machine to
> join my Samba PDC is via the following commands.
> 
> # /usr/sbin/useradd -g 100 -d /dev/null -c "asa" -s /bin/false
asa$
> # smbpasswd -a -m asa
Does 'getent passwd machinename$' return a valid entry on your DC? It
needs to at present (samba-2.2.x).
> 
> I thought that using ldapsam would lookup all machine information from LDAP
> without having to deal with passwd.  Any comments would be appreciated.
> Thanks.
Mandrake packages have this example:
# Script for domain controller with LDAP backend for adding machines (please
# configure in /etc/samba/smbldap_conf.pm first):
; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d
/dev/null -g machines -c 'Machine Account' -s /bin/false %u

Where we provide the smbldap-tools (in examples/LDAP in the souce) in
/usr/share/samba/scripts

Buchan

-- 
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

Buchan, 

I really appreciate the help as this has pointed me in the right
direction.  The "getent passwd asa$" does not show anything unless I
add
the machine manually.  Should I be putting the following directive in my
nsswitch.conf file to be able to perform host lookups from LDAP
properly?:

hosts:  files ldap dns 

I've noticed that some people do this and some do not in their
configurations.  I would think that after a Computer record is inserted
in my LDAP directory by Samba that NSS needs this directive to actually
lookup the computer.  When I try this it gives me a "Segmentation
Fault".  Any additional thoughts or suggestions for me at this point?

Regards, 
John 


 -----Original Message----- 
From:   Buchan Milne [ mailto:bgmilne@cae.co.za
<mailto:bgmilne@cae.co.za> ] 
Sent:   Tuesday, February 11, 2003 3:26 PM 
To:     Peak, John 
Cc:     samba@lists.samba.org 
Subject:        Re: [Samba] Joining PDC w/LDAP Question 
> Date: Tue, 11 Feb 2003 08:58:22 -0500 
> From: "Samba Newsgroups" <john.peak@mckesson.com> 
> To: samba@lists.samba.org 
> Subject: [Samba] Joining PDC w/LDAP Question 
> Message-ID: <b2b7nk$5g4$1@main.gmane.org> 
> Precedence: list 
> Message: 15 
> 
> Should I be required to add the machine to my passwd file even if I am
using 
> LDAP when joining a W2K domain domain? 
No, an LDAP account is enough, as long as your box is setup to retrieve 
user information from ldap (ie via nss_ldap). 
> The only way I can get a machine to 
> join my Samba PDC is via the following commands. 
> 
> # /usr/sbin/useradd -g 100 -d /dev/null -c "asa" -s /bin/false
asa$
> # smbpasswd -a -m asa 
Does 'getent passwd machinename$' return a valid entry on your DC? It 
needs to at present (samba-2.2.x). 
> 
> I thought that using ldapsam would lookup all machine information from
LDAP 
> without having to deal with passwd.  Any comments would be
appreciated. 
> Thanks. 
Mandrake packages have this example: 
# Script for domain controller with LDAP backend for adding machines
(please 
# configure in /etc/samba/smbldap_conf.pm first): 
; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d

/dev/null -g machines -c 'Machine Account' -s /bin/false %u 

Where we provide the smbldap-tools (in examples/LDAP in the souce) in 
/usr/share/samba/scripts 

Buchan 

-- 
|--------------Another happy Mandrake Club member--------------| 
Buchan Milne                Mechanical Engineer, Network Manager 
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121 
Stellenbosch Automotive Engineering         http://www.cae.co.za
<http://www.cae.co.za>  
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
<http://ranger.dnsalias.com/bgmilne.asc>  
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7