[Samba] samba 3 openldap posixAccount

Ricardo Kirkner ricardo at fcen.uba.ar
Tue Nov 9 15:04:44 GMT 2004


I have heard that with samba 3 you don't need to have posixAccount 
objectclass as part of the entries in the ldap directory anymore. I 
couldn't find any information about how to get this going, so I am 
recurring to this list.

What I want to achieve is to have my ldap directory to validate windows 
users through samba. I just want to validate the users to have access to 
the windows hosts, and I don't want to give any user access to a share 
in the samba server.

I tried to follow many of the howtos that I did find in google, but 
failed to achieve my goal.

As far as I know when you do 'getent passwd', nss_ldap looks in the ldap 
directory for a entry that has the posixAccount objectclass, so in this 
case I couldn't use this to test if the samba is seeing the ldap correctly.

I tell you this, because in my tests, I always got in the samba log 
files: 'User myuser in passdb, but getpwnam() failed!". And right after 
that the error messages that the user cannot logon.

This makes me think that I cannot avoid the posixAccount entry in my 
samba users... is this right?

Why is the posixAccount entry needed in the first place? I dont want to 
give these users any kind of access to my samba (linux) server....

I hope you can understand my problem, and that you can give me any kind 
of answer in order to overcome it



pd: sorry for the long long mail , but I couldn't write less to fully 
explain my situation

More information about the samba mailing list