Eric J Bennett
2004-Jul-13 23:28 UTC
[Samba] Strangeness with computer account layout in LDAP Schema?
Hello All, I've been trying to migrate an NT 4 domain from a PDC to samba using net rpc vampire, ran into various hitches along the way which now appear to be mostly sorted, but the created machine accounts do not appear to be in the correct format. Checking ou=Computers under the main tree, no entry under this branch has any space for an NT / LM password, here is an ldif dump of the main branch and one entry; dn: ou=Computers,dc=itouchaudev,dc=com objectClass: organizationalUnit ou: Computers dn: uid=LBLIGH$,ou=Computers,dc=itouchaudev,dc=com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: LBLIGH$ sn: LBLIGH$ uid: LBLIGH$ uidNumber: 1129 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer I'm not certain if it's just a "feature" of the client, but also a lot of additional blank fields are displayed under the GQ ldap client, (x121 address, registered address, etc) Is this schema correct? I used to idealx smbldap tools 0.5 to create it with smbldap-populate Regards Eric
Andrew Bartlett
2004-Jul-13 23:34 UTC
[Samba] Strangeness with computer account layout in LDAP Schema?
On Wed, 2004-07-14 at 09:35, Eric J Bennett wrote:> Hello All, > > I've been trying to migrate an NT 4 domain from a PDC to samba using net > rpc vampire, ran into various hitches along the way which now appear to > be mostly sorted, but the created machine accounts do not appear to be > in the correct format. > > Checking ou=Computers under the main tree, no entry under this branch > has any space for an NT / LM password, here is an ldif dump of the main > branch and one entry; > > dn: ou=Computers,dc=itouchaudev,dc=com > objectClass: organizationalUnit > ou: Computers > > dn: uid=LBLIGH$,ou=Computers,dc=itouchaudev,dc=com > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccountSo, it looks like your smbldap scripts had a 'machine account suffix' set, but Samba is trying to add everything under ou=Users. Check to see if you have the 'other half' of the account there. Then re-do the migration, but with the 'ldap suffix' in smb.conf as 'dc=itouchaudev,dc=com'. Andrew Bartlett -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040714/2c0c3cfd/attachment.bin