2024-12-28 07:21:54 +03:00 · 2005-03-29 06:59:58 +00:00 · 2005-03-29 06:59:58 +00:00 · aa458d5097
commit aa458d5097
parent 8a688dae79
2 changed files with 14 additions and 9 deletions
--- a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml
+++ b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml
@ -2360,12 +2360,19 @@ writing new configuration file:
 	In the following examples, as the LDAP database is initialized, we do create a container
 	for Computer (machine) accounts. In the Samba-3 &smb.conf; files, specific use is made
 	of the People container, not the Computers container, for domain member accounts. This is not a
-	mistake; it is a deliberate action that is necessitated by the fact that there is a bug in Samba-3
-	that prevents it from being able to search the LDAP database for computer accounts if they are
-	placed in the Computers container. By placing all machine accounts in the People container, we
-	are able to side-step this bug. It is expected that at some time in the future this problem will
-	be resolved. At that time, it will be possible to use the Computers container in order to keep
-	machine accounts separate from user accounts.
+	mistake; it is a deliberate action that is necessitated by the fact that the resolution of 
+	a machine (computer) account to a UID is done via NSS. The only way this can be handled is
+	using the NSS (<filename>/etc/nsswitch.conf</filename>) entry for <constant>passwd</constant>
+	which is resolved using the <filename>nss_ldap</filename> library. The configuration file for
+	the <filename>nss_ldap</filename> library is the file <filename>/etc/ldap.conf</filename> that
+	provides only one possible LDAP search command that is specified by the entry called
+	<constant>nss_base_passwd</constant>. This means that the search path must take into account
+	the directory structure so that the LDAP search will commence at a level that is above
+	both the Computers container and the Users (or People) container. If this is done, it is
+	necessary to use a search that will descend the directory tree so that the machine account
+	can be found. Alternately, by placing all machine accounts in the People container, we
+	are able to side-step this limitation. This is the simpler solution that has been adopted
+	in this chapter.
 	</para></note>


--- a/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml
+++ b/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml
@ -407,7 +407,7 @@
 		Install and configure the Samba-3 server precisely as shown in Chapter 6 for the server
 		called <constant>MASSIVE</constant>. The Domain name <constant>MEGANET</constant> must
 		match that of the NT4 Domain from which you are about to migrate. Do not execute any Samba
-		executables.
+		executables at this time, the appropriate time to do so is indicated below.
 		</para></step>

 	  <step><para><indexterm>
@ -439,9 +439,7 @@
 <screen>
 &rootprompt; slapadd -v -l preload.LDIF
 added: "dc=abmas,dc=biz" (00000001)
-added: "cn=Manager,dc=abmas,dc=biz" (00000002)
 added: "ou=People,dc=abmas,dc=biz" (00000003)
-added: "ou=Computers,dc=abmas,dc=biz" (00000004)
 added: "ou=Groups,dc=abmas,dc=biz" (00000005)
 added: "ou=Idmap,dc=abmas,dc=biz" (00000006)
 added: "sambaDomainName=MEGANET,dc=abmas,dc=biz" (00000007)