[Samba] Discrepancies in getent passwd
John Lewis
oflameo2 at gmail.com
Thu Oct 23 10:20:20 MDT 2014
Let me try again
dictator at keep:~$ sudo cat /etc/nslcd.conf
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://192.168.2.2:389
# The search base that will be used for all queries.
base dc=d,dc=oflameo,dc=com
# Some seting for AD
pagesize 1000
referrals off
# Filters (only required if your accounts doesn't have
objectClass=posixAccount
# and your groups haven't objectClass=posixGroup. This objectClasses
won't be added
# by ADUC. So they won't be there automatically!)
filter passwd (objectClass=user)
filter group (objectClass=group)
# Attribut mappings (depending on your nslcd version, some might not be
# necessary or can cause errors and can/must be removed)
map passwd uid sAMAccountName
map passwd uidNumber uidNumber
map passwd loginShell loginShell
map passwd homeDirectory unixHomeDirectory
map passwd gecos displayName
map passwd gidNumber primaryGroupID
map group member member
# Kerberos
#sasl_mech GSSAPI
#sasl_realm D.OFLAMEO.COM
#krb5_ccname /tmp/nslcd.tkt
# The LDAP protocol version to use.
#ldap_version 3
# LDAP bind (Account in AD that is used from nslcd to bind to the directory)
binddn cn=ldap-connect,cn=Users,dc=d,dc=oflameo,dc=com
bindpw [redacted]
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,cn=Users,dc=d,dc=oflameo,dc=com
# SSL options
#ssl off
#tls_reqcert never
# The search scope.
#scope sub
dictator at drakeburner:~$ sudo cat /etc/nslcd.conf
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://127.0.0.1:389
# The search base that will be used for all queries.
base dc=d,dc=oflameo,dc=com
# Some seting for AD
pagesize 1000
referrals off
# Filters (only required if your accounts doesn't have
objectClass=posixAccount
# and your groups haven't objectClass=posixGroup. This objectClasses
won't be added
# by ADUC. So they won't be there automatically!)
filter passwd (objectClass=user)
filter group (objectClass=group)
# Attribut mappings (depending on your nslcd version, some might not be
# necessary or can cause errors and can/must be removed)
map passwd uid sAMAccountName
map passwd uidNumber uidNumber
map passwd loginShell loginShell
map passwd homeDirectory unixHomeDirectory
map passwd gecos displayName
map passwd gidNumber primaryGroupID
map group member member
# Kerberos
#sasl_mech GSSAPI
#sasl_realm D.OFLAMEO.COM
#krb5_ccname /tmp/nslcd.tkt
# The LDAP protocol version to use.
#ldap_version 3
# LDAP bind (Account in AD that is used from nslcd to bind to the directory)
binddn cn=ldap-connect,cn=Users,dc=d,dc=oflameo,dc=com
bindpw [redacted]
# The DN used for password modifications by root.
#rootpwmoddn cn=administrator,cn=Users,dc=d,dc=oflameo,dc=com
# SSL options
#ssl off
#tls_reqcert never
# The search scope.
#scope sub
dictator at keep:~$ getent passwd | grep ldap-connect
ldap-connect:*:10000:513:::/usr/sbin/nologin
dictator at keep:~$ getent passwd ldap-connect
ldap-connect:*:10000:513:::/bin/sh
dictator at drakeburner:~$ getent passwd | grep ldap-connect
ldap-connect:*:10000:513:::/usr/sbin/nologin
dictator at drakeburner:~$ getent passwd ldap-connect
ldap-connect:*:10000:513:::/usr/sbin/nologin
Everything works right on the samba ad dc server drakeburner.
More information about the samba
mailing list