M. Rodrigo Monteiro
2009-Oct-30 19:33 UTC
[Samba] Manual creation of machine account in LDAP
Hi all! I wanna know how to create the LDIF to import in OpenLDAP to create a machine account. Anyone can help? Regards, Rodrigo. -- M. Rodrigo Monteiro falecom at rodrigomonteiro.net "Free as in Freedom, not free as in free beer" "As we are liberated from our own fear, our presence automatically liberates others" Linux User # 403730
On 10/30/09 15:33, M. Rodrigo Monteiro wrote:> Hi all! > > I wanna know how to create the LDIF to import in OpenLDAP to create a > machine account. > Anyone can help? > > Regards, > Rodrigo. > >In my environment, people and machines have preexisting "unix" accounts in ldap, since we also have linux network clients. Samba does not automatically create the unix accounts. You only need a basic "unix person" account. It can be in the same OU as actual people or in a sub-ou- but typically (at least with my setup) it needs to be where the underlying unix OS will find it (getent passwd.) When an XP machine joins a domain (or if you create the samba account with (smbpasswd -m -a MACHINE) the samba attributes get added. E.g- basic "unix" account dn: uid=MACHINE$,ou=machines,ou=people,o=mydomain.com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount cn: MACHINE$ displayName: MACHINE$ gecos: MACHINE$ gidNumber: 515 uid: MACHINE$ uidNumber: 567 userPassword:: *LK* Following automatically gets added when the machine joins domain: objectClass: shadowAccount objectClass: sambaSamAccount sambaAcctFlags: [W ] sambaNTPassword: AD40F************************ sambaPrimaryGroupSID: S-1-********************** sambaPwdLastSet: 1254523222 sambaSID: S-1--**********************