[Samba] [more info] getpwnam fails on ldap
Craig White
craigwhite at azapple.com
Thu Dec 8 22:54:00 GMT 2005
On Thu, 2005-12-08 at 23:42 +0100, WebMaster wrote:
> El Jueves, 8 de Diciembre de 2005 15:53, Josh Kelley escribió:
> > Did you make sure to set rootbinddn in /etc/ldap.conf and the root
> > password in /etc/ldap.secret? Otherwise, getent shadow runs as an
> > unprivileged user, even as root. Did you check permissions on
> > /etc/ldap.secret (should be mode 0600)?
>
> Ooops, I had 0644 for /etc/ldap.secret. May it be the problem?
----
No - as long as root can read the file, it's not a problem.
It is however - REALLY BAD IDEA - to have /etc/ldap.secret anything
other than 0600. It lets everyone one in the world read your rootbinddn
password.
----
> I have to wait
> monday for having access to XP machines, now I only can get ssh access.
>
> I can not understand why, if I copy the user data to /etc/passwd from ldap,
> (not /etc/shadow ) the user can log in, and when I delete the user
> from /etc/passwd I get a getpwnam failure. But I can use usrmgr.exe and
> smbclient works with the user data in ldap only, with no warning.
>
> I have kerberos running and have a DNS sever (with AD zones) in the same linux
> machine.
----
if you can 'getent passwd|grep USER_NAME' then it works, if you can't,
then it doesn't work. When you add USER_NAME to /etc/passwd, it
obviously works. You have to fix your nss/ldap.conf situation so it can
get posix users from LDAP
Craig
More information about the samba
mailing list