Updates based on feedback.

diff --git a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml
index 67ca4184f9f2494e89878a98230c78db4df330cd..0464eed9ae74e35176b60e39952f6d5370abe995 100644 (file)
--- a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml
+++ b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml
@@ -2360,12 +2360,19 @@ writing new configuration file:
        In the following examples, as the LDAP database is initialized, we do create a container
        for Computer (machine) accounts. In the Samba-3 &smb.conf; files, specific use is made
        of the People container, not the Computers container, for domain member accounts. This is not a
-       mistake; it is a deliberate action that is necessitated by the fact that there is a bug in Samba-3
-       that prevents it from being able to search the LDAP database for computer accounts if they are
-       placed in the Computers container. By placing all machine accounts in the People container, we
-       are able to side-step this bug. It is expected that at some time in the future this problem will
-       be resolved. At that time, it will be possible to use the Computers container in order to keep
-       machine accounts separate from user accounts.
+       mistake; it is a deliberate action that is necessitated by the fact that the resolution of 
+       a machine (computer) account to a UID is done via NSS. The only way this can be handled is
+       using the NSS (<filename>/etc/nsswitch.conf</filename>) entry for <constant>passwd</constant>
+       which is resolved using the <filename>nss_ldap</filename> library. The configuration file for
+       the <filename>nss_ldap</filename> library is the file <filename>/etc/ldap.conf</filename> that
+       provides only one possible LDAP search command that is specified by the entry called
+       <constant>nss_base_passwd</constant>. This means that the search path must take into account
+       the directory structure so that the LDAP search will commence at a level that is above
+       both the Computers container and the Users (or People) container. If this is done, it is
+       necessary to use a search that will descend the directory tree so that the machine account
+       can be found. Alternately, by placing all machine accounts in the People container, we
+       are able to side-step this limitation. This is the simpler solution that has been adopted
+       in this chapter.
        </para></note>
 
 

diff --git a/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml b/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml
index 7e9764419be95a0b31d44f3bcbed0474aac845e3..3659d9d4527713bba1d655169d4afecadfe95183 100644 (file)
--- a/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml
+++ b/docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml
@@ -407,7 +407,7 @@
                Install and configure the Samba-3 server precisely as shown in Chapter 6 for the server
                called <constant>MASSIVE</constant>. The Domain name <constant>MEGANET</constant> must
                match that of the NT4 Domain from which you are about to migrate. Do not execute any Samba
-               executables.
+               executables at this time, the appropriate time to do so is indicated below.
                </para></step>
 
          <step><para><indexterm>
@@ -439,9 +439,7 @@
 <screen>
 &rootprompt; slapadd -v -l preload.LDIF
 added: "dc=abmas,dc=biz" (00000001)
-added: "cn=Manager,dc=abmas,dc=biz" (00000002)
 added: "ou=People,dc=abmas,dc=biz" (00000003)
-added: "ou=Computers,dc=abmas,dc=biz" (00000004)
 added: "ou=Groups,dc=abmas,dc=biz" (00000005)
 added: "ou=Idmap,dc=abmas,dc=biz" (00000006)
 added: "sambaDomainName=MEGANET,dc=abmas,dc=biz" (00000007)