[Samba] Samba4 binding LDAP Server
Harry Jede
walk2sun at arcor.de
Mon Jun 2 09:35:37 MDT 2014
On 17:22:36 wrote steve:
> On Mon, 2014-06-02 at 15:36 +0100, Rowland Penny wrote:
> > On 02/06/14 15:22, Danilo Mussolini wrote:
> > > No, for sure they aren't. This user and groups only exist in the
> > > LDAP database.
> >
> > Then this could well be your problem, It has been sometime since I
> > worked with a samba3 server (and this is what you have, even if you
> > are using Samba4) and I seem to remember that all LDAP users also
> > had to be Unix users. Without LDAP users also being Unix users,
> > the underlying Unix system did not know who the LDAP users &
> > groups were.
>
> Hi
> But group information can be stored in ldap too. So long as ldap is
> specified as a nss option and ldap is running, user and group
> information can equally well come from there. e.g. /etc/nsswitch.conf
> could contain:
> passwd: files ldap
> group: files ldap
> The user nor group should should exist in either of /etc/(passwd OR
> group) and ldap and the user uid:gid pair must not coincide with any
> local user.
Replace "must not" with "should not" and you are right.
It is possible and supported by nss and pam to have users AND groups in
local and remote databases. Example:
setup root user in both databases with different passwords. Switch from
runlevel 1 to 3or 5 and see which password is used.
> As with AD, ldap schemas can specify group memberships
> too. e.g. rfc2307bis has member from posixGroup and memberOf from
> posixAccount.
Op is not using AD.
I am pretty sure he is not using MS incarnation of rfc2307bis. But we my
know this, if he is posting a group definition from his ldap server.
Otherwise it is just an oracle at a sun(ny) day.
> HTH
> Steve
--
Regards
Harry Jede
More information about the samba
mailing list