[Samba] objectClass:posixAccount missing

Rowland Penny rowlandpenny at googlemail.com
Fri Aug 30 03:41:54 MDT 2013 

On 29/08/13 23:34, Luca Olivetti wrote:
> Al 29/08/13 21:54, En/na Rowland Penny ha escrit:
>
>>> Yes, I was trying sssd, but I forgot that I switched back nsswitch.conf
>>> to ldap, so I thought your suggestion was working while it actually
>>> wasn't (same error with Administrator as with HP$).
>>>
>>> Bye
>> Hi, I am replying to you on list, could you please post your sssd.conf
>> and what version of sssd you are using, also what is your OS
> OK, now I got sssd working *but* without kerberos.
> The OS is Linux, mageia 3, sssd is 1.9.4, the sssd.conf is just like the
> one posted by steve
> (http://linuxcostablanca.blogspot.com.es/2013/04/sssd-in-samba-40.html)
> modified for my domain and with kerberos options commented out of the way:
>
> [sssd]
> services = nss, pam
> config_file_version = 2
> domains = default
> [nss]
> [pam]
> [domain/default]
> ldap_schema = rfc2307bis
> access_provider = simple
> enumerate = FALSE
> cache_credentials = true
> id_provider = ldap
> auth_provider = ldap
> chpass_provider = ldap
> #krb5_realm = WETRON.ES
> #krb5_server = hp.wetron.es
> #krb5_kpasswd = hp.wetron.es
> ldap_referrals = false
> ldap_uri = ldap://localhost/
> ldap_search_base = dc=wetron,dc=es
> #ldap_tls_cacertdir = /usr/local/samba/private/tls
> #ldap_id_use_start_tls = true
> ldap_user_object_class = user
> ldap_user_name = samAccountName
> ldap_user_uid_number = uidNumber
> ldap_user_gid_number = gidNumber
> ldap_user_home_directory = unixHomeDirectory
> ldap_user_shell = loginShell
> ldap_group_object_class = group
> ldap_group_search_base = dc=wetron,dc=es
> ldap_group_name = cn
> ldap_group_member = member
> #ldap_user_search_filter =(&(objectCategory=User)(uidNumber=*))
> #dap_sasl_mech = gssapi
> #ldap_sasl_authid = nslcd-connect
> ##for the client use:
> ## ldap_sasl_authid=ALGORFA$
> #ldap_krb5_keytab = /etc/krb5.sssd.keytab
> #ldap_krb5_init_creds = true
> ldap_id_use_start_tls = false
> ldap_default_bind_dn = cn=nslcd-connect,cn=Users,dc=wetron,dc=es
> ldap_default_authtok_type = password
> ldap_default_authtok = -------
>
>
> Bye
OK, try this sssd.conf that I have altered for your setup, it is based 
on the sssd.conf on the machine that I am typing this on and it works, 
you just need the krb5.keytab that I told you how to create earlier.

[sssd]
config_file_version = 2
domains = wetron.es
services = nss, pam

[nss]

[pam]

[domain/wetron.es]
description = AD domain with Samba 4 server
cache_credentials = true
enumerate = true
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
access_provider = ldap

krb5_server = hp.wetron.es
krb5_kpasswd = hp.wetron.es
krb5_realm = WETRON.ES

ldap_referrals = false
ldap_sasl_mech = GSSAPI
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true

ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName

ldap_group_object_class = group
ldap_group_name = sAMAccountName


Rowland

More information about the samba mailing list