samba - Oct 2003 - Create machine account samba 3 - can I delete machine in /etc/passwd ( I use ldap backend ) ?

Hi,
	The idea is to avoid to have machines accounts in /etc/passwd
and store all on the ldap.  

	I must have a machine account in /etc/passwd ( normal way ) to
create the account with pdbedit -a -m machine_account.
	In fact once it is created , I can delete the account in the
localmachine and machine can connect without any problems. ( the account
stay only in the ldap ). I 've done it.

	What kind of probleme can I have if I delete account machines in
the /etc/passwd ? 
	There is no attribute of posix account object store in the ldap
for the machine . Must I create them ?


Jean-Marc

On Fri, 2003-10-03 at 12:25, jean-marc pouchoulon wrote:
> Hi,
> 	The idea is to avoid to have machines accounts in /etc/passwd
> and store all on the ldap.  
> 
> 	I must have a machine account in /etc/passwd ( normal way ) to
> create the account with pdbedit -a -m machine_account.
> 	In fact once it is created , I can delete the account in the
> localmachine and machine can connect without any problems. ( the account
> stay only in the ldap ). I 've done it.
> 
> 	What kind of probleme can I have if I delete account machines in
> the /etc/passwd ? 
> 	There is no attribute of posix account object store in the ldap
> for the machine . Must I create them ?
bad things will happen if you delete those accounts...
Machine accounts are like regular accounts... they must be real for both
samba and unix (there was some non unix account hackery in samba3 for a
while but it was abandoned)

You can do this two ways 
1) keeping samba password db and unix passdb in sync
2) unifiying the passdb

If you're using ldap already I suggest you look into the nssldap stuff
from padl and integrate all accounts to one location.


brad