[Samba] samba ldap pdc w/unix accounts: local unix and ldap unix
users can't resolve uids to names on the server
Noah Dain
noahdain at gmail.com
Mon Sep 11 16:23:37 GMT 2006
* distro: ubuntu breezy ( 6.06 )
* samba version: shipped version with updates ( 3.0.22-1ubuntu3.1 )
* no ssl
* openLDAP is running on the same machine as samba, and referenced as
localhost/127.0.0.1 where applicable ( 2.2.26-5ubuntu2.1 )
* nscd is not installed, much less running
I've set up a samba pdc with ldap by following the Samba Guide very
closely, adapting it to Ubuntu/Debian where it seemed applicable, and
I've had mostly success.
Windows clients work fine: they can join the domain, roaming profiles
work, read/write to their respective shares.
However, when logged into the samba/ldap server, local users other
than root cannot resolve names in ldap. No ldap accounts show up for
'getent passwd' or 'getent group'.
I can login to the system with an ldap user account, but when I do so I get:
NOTE: 'ndain' is a local account. 'dainn' is an ldap account.
ndain at sambapdc:~$ su dainn
Password:
id: cannot find name for group ID 513
id: cannot find name for group ID 512
I have no name!@sambapdc:/home/ndain$
/var/log/syslog records:
Sep 11 11:32:49 sambapdc bash: nss_ldap: could not search LDAP server
- Operations error
Sep 11 11:32:49 sambapdc id: nss_ldap: could not search LDAP server -
Operations error
However, if I set /etc/libnss-ldap.conf permissions to 644, everything
works. Obviously, this is less than optimal as it has the "root" ldap
account password in plaintext.
### nothing below but config files ###
## file: /etc/nsswitch.conf
## edited to incorporate changes from #3:
##http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-nss02
passwd: files ldap
group: files ldap
shadow: files ldap
#hosts: files dns
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
# end /etc/nsswitch.conf
## file: /etc/libnss-ldap.conf
## ripped from:
http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-nss01
host 127.0.0.1
#base dc=abmas,dc=biz
base dc=sysgenmedia,dc=com
ldap_version 3
binddn cn=manager,dc=sysgenmedia,dc=com
bindpw MyPassWord
timelimit 50
bind_timelimit 50
bind_policy hard
idle_timelimit 3600
pam_password exop
#nss_base_passwd ou=People,dc=abmas,dc=biz?one
#nss_base_shadow ou=People,dc=abmas,dc=biz?one
#nss_base_group ou=Groups,dc=abmas,dc=biz?one
nss_base_passwd ou=People,dc=sysgenmedia,dc=com?one
nss_base_shadow ou=People,dc=sysgenmedia,dc=com?one
nss_base_group ou=Groups,dc=sysgenmedia,dc=com?one
ssl off
## end file: /etc/nsswitch.conf
--
Noah Dain
"I don't want to make toys, I want to be a dentist!"
More information about the samba
mailing list