When trying to register a new samba server with a LDAP directory (happens automatically on startup of smbd) it tries to add the new host directly to the directory suffix instead of to the machine suffix.
I will post a patch for that soon.
Created attachment 3128 [details]
creates the correct dn when adding new samba host to ldap
I opened a bug in Red Hat bugzilla as well as I encountered the problem first in their version of samba.
This is intended behaviour. The machine suffix is for workstation accounts in case Samba is a domain controller, not for the sambaDomain object.
(In reply to comment #3)
> This is intended behaviour. The machine suffix is for workstation accounts in
> case Samba is a domain controller, not for the sambaDomain object.
Every new machine which I try to configure with LDAP backend for password repository is treated as a "sambaDomain" object, so it is serving like a workstation account.
So, can you please elaborate why each workstation needs to be a "sambaDomain"?
Every Samba machine has its own user database, thus it needs to have its own SID, its own password policy etc. All the stuff every Windows workstation also has, if only for the local administrator account.
You can also create a domain and not let every samba box talk directly to LDAP for the sambaSamAccount data but only use nss_ldap, and for authentication let Samba talk to the DC.