From aa458d509792f521f7bed099664dadaac0cb8e4c Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Tue, 29 Mar 2005 06:59:58 +0000 Subject: Updates based on feedback. (This used to be commit 333fe8988733b1fb624180808a1aa218481edc28) --- docs/Samba-Guide/Chap06-MakingHappyUsers.xml | 19 +++++++++++++------ docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml | 4 +--- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml index 67ca4184f9..0464eed9ae 100644 --- a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml +++ b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml @@ -2360,12 +2360,19 @@ writing new configuration file: In the following examples, as the LDAP database is initialized, we do create a container for Computer (machine) accounts. In the Samba-3 &smb.conf; files, specific use is made of the People container, not the Computers container, for domain member accounts. This is not a - mistake; it is a deliberate action that is necessitated by the fact that there is a bug in Samba-3 - that prevents it from being able to search the LDAP database for computer accounts if they are - placed in the Computers container. By placing all machine accounts in the People container, we - are able to side-step this bug. It is expected that at some time in the future this problem will - be resolved. At that time, it will be possible to use the Computers container in order to keep - machine accounts separate from user accounts. + mistake; it is a deliberate action that is necessitated by the fact that the resolution of + a machine (computer) account to a UID is done via NSS. The only way this can be handled is + using the NSS (/etc/nsswitch.conf) entry for passwd + which is resolved using the nss_ldap library. The configuration file for + the nss_ldap library is the file /etc/ldap.conf that + provides only one possible LDAP search command that is specified by the entry called + nss_base_passwd. This means that the search path must take into account + the directory structure so that the LDAP search will commence at a level that is above + both the Computers container and the Users (or People) container. If this is done, it is + necessary to use a search that will descend the directory tree so that the machine account + can be found. Alternately, by placing all machine accounts in the People container, we + are able to side-step this limitation. This is the simpler solution that has been adopted + in this chapter. diff --git a/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml b/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml index 7e9764419b..3659d9d452 100644 --- a/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml +++ b/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml @@ -407,7 +407,7 @@ Install and configure the Samba-3 server precisely as shown in Chapter 6 for the server called MASSIVE. The Domain name MEGANET must match that of the NT4 Domain from which you are about to migrate. Do not execute any Samba - executables. + executables at this time, the appropriate time to do so is indicated below. @@ -439,9 +439,7 @@ &rootprompt; slapadd -v -l preload.LDIF added: "dc=abmas,dc=biz" (00000001) -added: "cn=Manager,dc=abmas,dc=biz" (00000002) added: "ou=People,dc=abmas,dc=biz" (00000003) -added: "ou=Computers,dc=abmas,dc=biz" (00000004) added: "ou=Groups,dc=abmas,dc=biz" (00000005) added: "ou=Idmap,dc=abmas,dc=biz" (00000006) added: "sambaDomainName=MEGANET,dc=abmas,dc=biz" (00000007) -- cgit