[Samba] Does samba use NSS to find users/groups ?

Saullius Gurklys sagu at isl.vtu.lt
Mon Nov 11 05:40:02 GMT 2002


  It is really strange, but I've installed OpenLDAP + pam_ldap + nss_ldap
and I can login with LDAP (only !) user  using ssh, login ,
"id  user" works just fine, BUT samba can NOT find such user? :(
  I mean if there is sambaAccount/posixAccount class account in LDAP and I try to connect
to samba, connection fails, but if I add same user to /etc/passwd everything
works just fine.
  If other services find user in LDAP, but samba does not, does it
mean that I misconfigured something ?
  With samba 2.2.6 I've found that first time, where samba can not find LDAP user
occurs in pdb_ldap.c line 591 ( calling function sys_getpwnam ):

588         /* These values MAY be in LDAP, but they can also be retrieved through
589         *  sys_getpw*() which is how we're doing it
590         */
591        sys_user = sys_getpwnam(username);
592        if (sys_user == NULL) {
593                DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username));
594                return False;
595        }

in log :

StartTLS issued: using a TLS connection
ldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldap_search_one_user: searching for:[(&(uid=ldapuser)(objectclass=sambaAccount))]
get_single_attribute: [uid] = [ldapuser]
Entry found for user: ldapuser
get_single_attribute: [pwdLastSet] = [0]
get_single_attribute: [logonTime] = [0]
get_single_attribute: [logoffTime] = [2147483647]
get_single_attribute: [kickoffTime] = [2147483647]
get_single_attribute: [pwdCanChange] = [0]
get_single_attribute: [pwdMustChange] = [2147483647]
get_single_attribute: [cn] = [ldapuser]
get_single_attribute: [homeDrive] = [H:]
get_single_attribute: [smbHome] = [\\KS\home]
get_single_attribute: [scriptPath] = [ldapuser.cmd]
get_single_attribute: [profilePath] = [\\KS\profiles\ldapuser]
get_single_attribute: [description] = [System User]
get_single_attribute: [userWorkstations] = [<does not exist>]
get_single_attribute: [rid] = [3014]
get_single_attribute: [primaryGroupID] = [1201]
init_sam_from_ldap: User [ldapuser] does not ave a uid!   <----- !!!
pass_check_smb failed - invalid password for user [ldapuser]
NT Password did not match for user 'ldapuser'!
Defaulting to Lanman password for ldapuser

while

$id ldapuser
uid=1007(ldapuser) gid=100(Users) groups=100(Users)

Any ideas whats wrong?


Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Sun, 10 Nov 2002, Saullius Gurklys wrote:
> 
>> Or does it work in 2.2.6?
> 
> Yes.  It works fine.
> 







More information about the samba mailing list