[Samba] Samba + LDAP NSS resolving

linuxlady linuxlady2714 at gmail.com
Tue Jun 14 20:58:52 GMT 2005 

I'm sure it's not the docs, just me.  I used the other docs from
idealx because I had problems with the smbldap-tools - but I managed
to solve those problems and add entries.

 I went back and checked the configuration for nss_ldap and pam_ldap -
but it still didn't work.  I'm using Chapter 5 of the Samba Docs:
http://us3.samba.org/samba/docs/man/Samba-Guide/happy.html

getent passwd | grep testuser1
In the logs:
conn=120 op=0 RESULT tag=97 err=49 text=

And the windows domain groups are not mapped to the UNIX groups:
net groupmap list
Domain Admins (S-1-5-21-306150234-1547186280-1464621331-512) -> 512
Domain Users (S-1-5-21-306150234-1547186280-1464621331-513) -> 513
Domain Guests (S-1-5-21-306150234-1547186280-1464621331-514) -> 514
Domain Computers (S-1-5-21-306150234-1547186280-1464621331-515) -> 515
Administrators (S-1-5-32-544) -> 544
Account Operators (S-1-5-32-548) -> 548
Print Operators (S-1-5-32-550) -> 550
Backup Operators (S-1-5-32-551) -> 551
Replicators (S-1-5-32-552) -> 552

Maybe I should just start over.  Where in the samba docs would be a
good place to start for using Samba with LDAP?  This is the second
time I've started over already - I've never gotten it to work
completely.

Thanks,

Yasi



On 6/13/05, John H Terpstra <jht at samba.org> wrote:
> On Monday 13 June 2005 19:58, linuxlady wrote:
> > I'm using the howto from idealx and the samba-guide to configure a
> > samba server with LDAP backend.
> 
> I am the author of the Samba-Guide.  Frankly, if my documentation does not
> solve your problem then it is broken and useless! You should not need more
> documentation than the official Samba documentation.
> 
> Please help me to understand what is broken. I humbly apologize that my
> documentation is so bad.
> 
> >
> > The config works fine until I get to the step:
> 
> Which document are you following, which section, and which step number?
> 
> >
> > getent passwd | grep root
> >
> > It doesn't query any of the LDAP entries that were added with
> > smbldap-populate or smbldap-useradd - it only returns local entries.
> 
> This means that your nss_ldap library is either defective - or is
> mis-configured.
> 
> >
> > I've checked the nsswitch.conf, ldap.conf, smbldap.conf, log files.
> >
> > I can query the ldap database directly and see the entries.
> >
> > What could be the problem?  What else can I check?
> 
> Well, lots! You will need to be more specific - in fact completely specific
> about every step you have followed. The Samba-Guide was recently updated
> using SUSE 9.3 professional - So I know it can work!
> 
> In the technical discussion in chapter 5 I have detailed how to debug LDAP and
> NSS_LDAP operation. Which of those steps have you followed to diagnose the
> problem?
> 
> >
> > I'm using SuSE 9.3,  Samba 3.0.13-1.1, openLDAP 2.2.23-6,
> > smbldap-tools-0.91.
> 
> - John T.
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
> 
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
>

More information about the samba mailing list