[Samba] Documentation clarification re: SLES9 and nsswitch

Kevin B kevin1a at varlog.net
Thu Aug 4 00:51:57 GMT 2005


> On Tuesday 02 August 2005 23:03, Kevin B wrote:
>> Hello,
>> I've been unable to succeed with Samba-Ldap setup on SLES9 until this
>> evening.
>> I thought I had a PAM issue but that was not the case.
>> To cut to the chase, I ran Yast's 'ldap-server' module without any
>> changes
>> as it found the ldap server settings.
>> Once finished I could join the domain from XP Pro which is what I was
>> unable to do.  I checked what Yast did and it
>> reset /etc/nsswitch.conf -with- the 'compat' entries that are

Hello, Thanks for taking the time to respond.

> Did you also check to see how yast2 configured your /etc/ldap.conf file?

Looks like it didn't touch it. It's as I left it. I never used Yast until
yesterday as the doc's don't use it.
Everything was done with vi.

>
>> not to be used according to the 'Examples' Doc's:
>> http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-PAM-NSS
>> [note the warning box re: Suse at 5.4-5.5]
>
> You can use the SUSE provided method - but it is unique to SUSE Linux. The
> documentation provides a method of implementation that is fully portable
> across Linux systems.

That's why I was concerned I had a problem unique to SLES9.

>>
>> On my Centos4.1 box, the 'compat' lines were removed and the server
>> works fine.
>> On SLES9 I can only succeed with 'compat'. Remove them and it fails to
>> find 'root' username to join.
>
> Did you follow the diagnostic info provided in chapter 5? What did you
> find?

getent worked.
I missed the test of 'id'.
Everything else seemed to work normally.

>> Re: the Docs, I guess I assumed that Suse9 and SLES9 would act the same
>> way. They must not.  I'll have to setup a Suse9 box to test it.
>
> The devil is in all the details. I suggest that to get a handle on the
> differences you need to compare the SUSE yast2 generated configuration
> with
> the example configurations I provided in the Samba3-ByExample book.
>
> Also, in chapter 5, section 5.3.1.7, you will find detailed diagnostic
> hints
> by which you can debug the LDAP/NSS configuration. Have fun!

I've read it many times. I'll read it again.

>> Can anyone verify this please?
>
> What answer are you looking for? How much more detail that I have already
> provided do you believe is needed to remove all doubt?
>
> - John T.

Just looking to see if anyone else on SLES9 had to use 'compat' in nsswitch.
I wonder if I must have something else wrong to have it only working with
the 'compat' lines in nsswitch. Your response is very clear and
I have no doubt since I see it working on 2 platforms.
The documentation is very thorough and very appreciated.
I hope my question didn't come across as complaining.
Emails can sometimes come across with a different tone than intended.
I'm grateful for all the work you do.
'My' issue is getting more familiar with Suse as you stated above.
I'm sure someone else will make the errors I've made and have to resolve
them the way I did.  My goal is to learn this correctly
and have some fun in the process.
Thank you for your help.
Sincerly,
Kevin B



More information about the samba mailing list