[Samba] [more info] getpwnam fails on ldap

Craig White craigwhite at azapple.com
Thu Dec 8 22:54:00 GMT 2005

On Thu, 2005-12-08 at 23:42 +0100, WebMaster wrote:
> El Jueves, 8 de Diciembre de 2005 15:53, Josh Kelley escribió:
> > Did you make sure to set rootbinddn in /etc/ldap.conf and the root
> > password in /etc/ldap.secret?  Otherwise, getent shadow runs as an
> > unprivileged user, even as root.  Did you check permissions on
> > /etc/ldap.secret (should be mode 0600)?
> Ooops, I had 0644 for  /etc/ldap.secret. May it be the problem?
No - as long as root can read the file, it's not a problem. 

It is however - REALLY BAD IDEA - to have /etc/ldap.secret anything
other than 0600. It lets everyone one in the world read your rootbinddn
>  I have to wait 
> monday for having access to XP machines, now I only can get ssh access.
> I can not understand why, if I copy the user data to /etc/passwd from ldap, 
> (not /etc/shadow ) the user can log in, and when I delete the user 
> from /etc/passwd I get a getpwnam failure. But I can use usrmgr.exe and 
> smbclient works  with the user data in ldap only, with no warning.
> I have kerberos running and have a DNS sever (with AD zones) in the same linux 
> machine.
if you can 'getent passwd|grep USER_NAME' then it works, if you can't,
then it doesn't work. When you add USER_NAME to /etc/passwd, it
obviously works. You have to fix your nss/ldap.conf situation so it can
get posix users from LDAP


More information about the samba mailing list