[Samba] SAMBA + OPENLDAP - Getent - Please help :)

Tony Earnshaw tonye at billy.demon.nl
Sun Jan 23 11:35:28 GMT 2005

Choudary Mumtaz:

> Yes. I have followed the instructions from the book, and I have also
> tried to use authconfig as it is RedHat AS 3. Thank you.
> Jeff Saxton <jeff.saxton at sensage.com> wrote:
> Have you configured pam and nss?

I'm a newbie to Samba (RHAS3, RH Samba samba-3.0.7-1.3E), but an old hand
with Openldap. Just configured a working Samba PDC for XP/2000 clients and
I'm pleased as punch :) Openldap 2.2.20. It wasn't easy, i didn't know
what to expect at each turn and there's masses of new stuff to learn,
though the Samba native utilities are phantastik, IDEALX's Perl scripts
don't work for me - I write my own (shell, awk) scripts that call the
Samba utilities. Anyway:

My own experience with RHAS3 is, that any other nss_ldap solution than Red
Hat's own rpm does not work (though one RHAS3 user on the Padl nss_ldap
mailing list has got the latest nss_ldap source to work). Why are you
using IDEALX source and not Padl anyway?

1: Red Hat's authconfig for Red Hat's Openldap deprecated standard version
(2.0.27) is poison: it ruins /etc/pam.conf and nsswitch.conf is poison -
it ruins both. You have to knuckle down and get used to configuring both
pam_ldap and nss_ldap by hand; this can take time;

2: pam_ldap should not be necessary for Samba - it seems to use 100% nss
for authentication.

My advice is, to go back to Red Hat's nss_ldap rpm, learn to configure
/etc/ldap.conf and nsswitch.conf by hand and get off the Red Hat Openldap
versions (including 2.1.22). The only stable OL versions are 2.2.17 and
upward, though configuring them with the requisite, patched BDB 4.2.52
will cost you both time and sweat .(


mail: tonye at billy.demon.nl

More information about the samba mailing list