[Samba] samba 3 openldap posixAccount
ricardo at fcen.uba.ar
Tue Nov 9 15:04:44 GMT 2004
I have heard that with samba 3 you don't need to have posixAccount
objectclass as part of the entries in the ldap directory anymore. I
couldn't find any information about how to get this going, so I am
recurring to this list.
What I want to achieve is to have my ldap directory to validate windows
users through samba. I just want to validate the users to have access to
the windows hosts, and I don't want to give any user access to a share
in the samba server.
I tried to follow many of the howtos that I did find in google, but
failed to achieve my goal.
As far as I know when you do 'getent passwd', nss_ldap looks in the ldap
directory for a entry that has the posixAccount objectclass, so in this
case I couldn't use this to test if the samba is seeing the ldap correctly.
I tell you this, because in my tests, I always got in the samba log
files: 'User myuser in passdb, but getpwnam() failed!". And right after
that the error messages that the user cannot logon.
This makes me think that I cannot avoid the posixAccount entry in my
samba users... is this right?
Why is the posixAccount entry needed in the first place? I dont want to
give these users any kind of access to my samba (linux) server....
I hope you can understand my problem, and that you can give me any kind
of answer in order to overcome it
pd: sorry for the long long mail , but I couldn't write less to fully
explain my situation
More information about the samba