[Samba] Re: My story installing Samba-LDAP PDC (it has a happy ending)

Bevan C. Bennett bevan at fulcrummicro.com
Wed Jan 21 02:22:49 GMT 2004


Andrei Mikhailovsky wrote:
> Hello again )
> 
> I have followed your suggestion. changed the ldap.conf so the nsswitch 
> will do sub search and changed the nss_passwd/group/shadow to search at 
> the root of the database. Still no luck.

Can you 'finger' the computer accounts? That should show if the NSS is 
configured correctly. I had a similar problem with 'smbpasswd -a -m' not 
finding my machine accounts under 'ou=Computers' and made a similar 
modification to that recently suggested, which (for me) solved the problem.

Original /etc/ldap.conf snippet:
base dc=internal,dc=avlsi,dc=com
pam_filter objectclass=posixAccount
pam_password exop
nss_base_passwd        ou=People,dc=internal,dc=avlsi,dc=com?one
nss_base_shadow        ou=People,dc=internal,dc=avlsi,dc=com?one
nss_base_group         ou=Groups,dc=internal,dc=avlsi,dc=com?one

Revised /etc/ldap.conf snippet:
base dc=internal,dc=avlsi,dc=com
pam_filter objectclass=posixAccount
pam_password exop
nss_base_passwd        dc=internal,dc=avlsi,dc=com?sub
nss_base_shadow        ou=People,dc=internal,dc=avlsi,dc=com?one
nss_base_group         ou=Groups,dc=internal,dc=avlsi,dc=com?one

You do not have to have an Administrator account with uid=0, but you do 
need to have -some- account with uid=0.

I put the following in LDAP to satisfy that requirement:
dn: uid=root,ou=people,dc=internal,dc=avlsi,dc=com
objectClass: account
objectClass: sambaSamAccount
sambaPwdCanChange: 1072123497
sambaPwdLastSet: 1072123497
sambaAcctFlags: [U          ]
displayName: root
sambaSID: S-1-5-21-3418961212-346530541-152393462-1000
sambaLMPassword: NICE-TRY
sambaNTPassword: NICE-TRY
uid: root
sambaPwdMustChange: 2147483647
sambaPrimaryGroupSID: S-1-5-21-3418961212-346530541-152393462-512
(root's posixaccount is in local files, not LDAP)




More information about the samba mailing list