Bug 5233 - smbldap_util.c -> add_new_domain_info doesn't add to the correct suffix
smbldap_util.c -> add_new_domain_info doesn't add to the correct suffix
Status: RESOLVED WONTFIX
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.28
All All
: P3 major
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-30 16:30 UTC by Noam Meltzer
Modified: 2008-01-31 06:21 UTC (History)
1 user (show)

See Also:


Attachments
creates the correct dn when adding new samba host to ldap (423 bytes, patch)
2008-01-30 16:33 UTC, Noam Meltzer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Noam Meltzer 2008-01-30 16:30:39 UTC
When trying to register a new samba server with a LDAP directory (happens automatically on startup of smbd) it tries to add the new host directly to the directory suffix instead of to the machine suffix.

I will post a patch for that soon.
Comment 1 Noam Meltzer 2008-01-30 16:33:25 UTC
Created attachment 3128 [details]
creates the correct dn when adding new samba host to ldap
Comment 2 Noam Meltzer 2008-01-31 00:32:29 UTC
I opened a bug in Red Hat bugzilla as well as I encountered the problem first in their version of samba.
https://bugzilla.redhat.com/show_bug.cgi?id=430987
Comment 3 Volker Lendecke 2008-01-31 05:55:41 UTC
This is intended behaviour. The machine suffix is for workstation accounts in case Samba is a domain controller, not for the sambaDomain object.

Volker
Comment 4 Noam Meltzer 2008-01-31 06:17:16 UTC
(In reply to comment #3)
> This is intended behaviour. The machine suffix is for workstation accounts in
> case Samba is a domain controller, not for the sambaDomain object.
> 
> Volker
> 

Hi Volker,
Every new machine which I try to configure with LDAP backend for password repository is treated as a "sambaDomain" object, so it is serving like a workstation account.
So, can you please elaborate why each workstation needs to be a "sambaDomain"?

- Noam
Comment 5 Volker Lendecke 2008-01-31 06:21:37 UTC
Every Samba machine has its own user database, thus it needs to have its own SID, its own password policy etc. All the stuff every Windows workstation also has, if only for the local administrator account.

You can also create a domain and not let every samba box talk directly to LDAP for the sambaSamAccount data but only use nss_ldap, and for authentication let Samba talk to the DC.

Volker