Specific user accounts not available to getent command

boka boka at sto-procent.art.pl
Sun Apr 18 18:50:10 GMT 2004


Hi !

Problem:

I have working configuration of samba domain with ldap backend. Users
can log into domain, i can add computers to domain, everything works ok
except that some accounts are not available to getent command (look into
Example).

I thought that my PAM conf was wrong but all services uses system-auth
conf which looks like:

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so
account     required      /lib/security/pam_unix.so
account     [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so

My ldap.conf looks like (i'm using stunnel to get ssl connections 
beetwen ldap server and clients):

[root at codo root]# cat /etc/ldap.conf
host localhost
base dc=DOM,dc=PL
ssl no
pam_password md5
nss_base_passwd         dc=DOM,dc=PL?sub
nss_base_shadow         dc=DOM,dc=PL?sub
nss_base_group          ou=Groups,dc=DOM,dc=PL?one

I made a rebuild of indexes on OpenLDAP also.

Example:

[root at codo /]# smbldap-useradd -a test

[root at codo /]# id test
uid=1369(test) gid=221(Domain Users) grupy=221(Domain Users)

[root at codo /]# getent passwd|grep test
test00001$:x:1222:553:test00001$:/dev/null:/bin/false
test00002$:x:1357:553:test00002$:/dev/null:/bin/false

[root at codo sbin]# smbldap-usershow test
dn: uid=test,ou=Users,dc=DOM,dc=PL
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount
cn: test
sn: test
uid: test
uidNumber: 1369
gidNumber: 221
homeDirectory: /home/users/test
loginShell: /bin/false
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-133419789-486977345-1400590255-3738
sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-1443
sambaHomeDrive: H:
sambaLogonScript: test.cmd
sambaHomePath: \\IO\homes
sambaProfilePath: \\IO\profiles\test
sambaPwdMustChange: 1086697544
sambaLMPassword: 01FC5A6BE7BC6929AA73B435B51404EE
sambaPwdLastSet: 1081945544
sambaAcctFlags: [U]
sambaNTPassword: 0CB6948805F797BF2A92807973B89537
userPassword: {SSHA}C0CRyrR5axrb2UF7Z7cCWdZ+8sF9U4HK

[root at codo root]# mkdir 1

[root at codo root]# chown test 1

[root at codo root]# ls -la|grep test
drwxr-xr-x    2 test     root         4096 kwi 14 14:15 1

[root at codo sbin]# smbldap-usershow boka2
dn: uid=Boka2, ou=Users,dc=DOM,dc=PL
sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-1443
displayName: System User
sambaLogonScript: Boka2.cmd
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount
sambaLogonTime: 0
sambaHomeDrive: H:
uid: Boka2
uidNumber: 1041
cn: Boka2
sambaLogoffTime: 2147483647
loginShell: /bin/false
sambaProfilePath: \\IO\profiles\boka2
gidNumber: 221
sambaPwdCanChange: 0
gecos: System User
sambaSID: S-1-5-21-133419789-486977345-1400590255-3082
description: System User
homeDirectory: /home/users/boka2
sambaKickoffTime: 2147483647
sn: Boka2
sambaHomePath: \\IO\homes
sambaPwdMustChange: 1083253082
sambaLMPassword: 7A2743CD214D40FE7584248B8D2C9F9E
sambaPwdLastSet: 1078501082
sambaAcctFlags: [U]
sambaNTPassword: 5CEE4047351006503BC30091562E8EFB
userPassword: {SSHA}c+VaQ4ezXkwqon43/N0fM5ciZJY7N2s5

[root at codo pam.d]# getent passwd|grep boka
Boka2:x:1041:221:System User:/home/users/boka2:/bin/false

Conf:

PDC on rh7.3 with samba-3.0.2a and smbldap-tools
DOMAIN servers on slackware 9.1 with pam/nss/ldap patches
OpenLDAP openldap-2.0.27 on slackware 9.1 with pam/nss/ldap patches - no 
errors on ldap machine.

Solution:

not found anything :(

greetz
boka



More information about the samba-technical mailing list