[Samba] Re: SAMBA3 + LDAP

mallapadi niranjan niranjan.ashok at gmail.com
Tue Dec 20 05:37:59 GMT 2005 

Hi paul

i have changed the ldap.conf file to the following
################################################################
host testdomain.com
base dc=msdpl,dc=com
bindpw secret
rootbinddn cn=manager,dc=msdpl,dc=com
timelimit 15
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUID
pam_password md5
nss_base_passwd        dc=msdpl,dc=com?sub
nss_base_shadow        dc=msdpl,dc=com?sub
nss_base_group        dc=msdpl,dc=com?sub
ssl no
##################################################################

I am able to add the computer with smbldap-useradd machine script, after
changing as you said.

now, i am unable to login as administrator, and able to login only as root.
and

The ldap log file is
###########################################################################
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=5 SEARCH RESULT tag=101
err=0 nentries=0 text=
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=3 SRCH
base="dc=msdpl,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=nobody))"
Dec 20 10:52:43 testsystem slapd[3549]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=4 SRCH
base="dc=msdpl,dc=com" scope=2 deref=0
filter="(&(objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=msdpl,dc=com)))"
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=4 SRCH attr=gidNumber
Dec 20 10:52:43 testsystem slapd[3549]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SRCH
base="dc=msdpl,dc=com" scope=2 deref=0
filter="(&(uid=administrator)(objectClass=sambaSamAccount))"
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp
Dec 20 10:52:43 testsystem slapd[3549]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SEARCH RESULT tag=101
err=0 nentries=0 text=
#############################################################################

i have created a testuser using smbldap-useradd -a -m -A 1 -P testuser, and
gave password.
i could able to login with the user in the windows client, and able to
change password.
but that password is not getting updated shadow password.

my query is the ldap password and shadow password should be same. ie if i
change a user password, will it get updated even in shadow password.
so that if i login with the "testuser" in linux, i should able to login with
the same password.

Regards
Niranjan





On 12/20/05, Paul Kölle <pkoelle at gmail.com > wrote:
>
> mallapadi niranjan wrote:
> > Hi all
> Hi, please keep replies on the list and cut your configs down to the
> relevant entries.
>
> > *<the ldap.log file is below>*
> > Dec 19 19:28:46 testsystem slapd[6010]: <= bdb_equality_candidates:
> > (uid) index_param failed (18)
> >
> > Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=6 SEARCH RESULT
> > tag=101 err=0 nentries=0 text=
> >
> > Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=7 SRCH
> > base="ou=People,dc=msdpl,dc=com" scope=1 deref=0
> > filter="(&(objectClass=posixAccount)(uid=test1$))"
> No entries found. Change in /etc/ldap.conf
>
> nss_base_passwd ou=People,dc=msdpl,dc=com?one
>
> to:
>
> nss_base_passwd dc=msdpl,dc=com?sub
>
> nss_ldap needs to find both, users and computers with the
> nss_base_passwd filter. So either you put them all in one container and
> stick with onelevel searches or change like outlined above.
>
> cheers
> Paul
>
>

More information about the samba mailing list