Samba 3 and LDAP support, semi-broken ?

gary ng garyng2000 at yahoo.com
Tue Sep 23 11:39:07 GMT 2003 

Thanks for the reply. I found the source of the issue.
I need to add objectClass "shadowAccount" in addition
to "posixAccount" in order to resolve the uid/gid that
the authentication module wants to see. I don't know
if this is a requirement of libnss_ldap or samba
though.

BTW, do you use winbind as well ? I found another
problem related to libnss_winbind which I don't know
how to trace or solve.

--- Ignacio Coupeau <icoupeau at unav.es> wrote:
> gary ng wrote:
> 
> > Hi,
> > 
> > I am testing Samba 3.0(PDC) with LDAP as the
> passwd
> > backend. 
> However, it seems that the smbpass.c code
> > doesn't honour the nsswitch.conf parameter(at
> least
> > under linux)
>  >
> > The password authentication of samba goes alright
> but
> > not the unix part which is supposed to find a
> local
> > unix uid/gid combination. Here my finding is that
> if I
> > add the user to the local passwd/groups files,
> samba
> > works as expected. However, if I also stored them
> on
> > ldap server, samba fails to find it.
> 
> Runs very fine well for us (7 pdc and 29.000
> accounts) in the all samba3 
> (and before).
> Sounds me as the compilation don't gets the correct
> libs/modules.
> 
> run:
> autogen.sh
> ./configure --with-ldapsam
> 
> and check in the configure output:
> ...
> checking for LDAP support... auto
> checking ldap.h usability... yes
> checking ldap.h presence... yes
> checking for ldap.h... yes
> checking lber.h usability... yes
> checking lber.h presence... yes
> checking for lber.h... yes
> checking for ber_scanf in -llber... yes
> checking for ldap_init in -lldap... yes
> checking for ldap_domain2hostlist... yes
> checking for ldap_set_rebind_proc... yes
> checking whether ldap_set_rebind_proc takes 3
> arguments... 2
> checking for ldap_initialize... yes
> checking whether LDAP support is used... yes
> ...
> checking how to build pdb_ldap... static
> ...
> 
> also, please, check:
> 
> bin/smbpasswd -a <user_account> -D 256
> 
> The <user_account> must be present in the ldap as
> posixAccount OR you 
> need provide a passwd struct data via /etc/passwd.
> 
> Ignacio
> 
> -- 
> ____________________________________________________
> Ignacio Coupeau, Ph.D.     icoupeau at unav.es
> CTI, Director              icoupeau at alumni.unav.es
> University of Navarra      icoupeau at ieee.org
> Pamplona, SPAIN            http://www.unav.es/cti/
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

More information about the samba-technical mailing list