[Samba] Samba + LDAP NSS resolving
linuxlady2714 at gmail.com
Tue Jun 14 20:58:52 GMT 2005
I'm sure it's not the docs, just me. I used the other docs from
idealx because I had problems with the smbldap-tools - but I managed
to solve those problems and add entries.
I went back and checked the configuration for nss_ldap and pam_ldap -
but it still didn't work. I'm using Chapter 5 of the Samba Docs:
getent passwd | grep testuser1
In the logs:
conn=120 op=0 RESULT tag=97 err=49 text=
And the windows domain groups are not mapped to the UNIX groups:
net groupmap list
Domain Admins (S-1-5-21-306150234-1547186280-1464621331-512) -> 512
Domain Users (S-1-5-21-306150234-1547186280-1464621331-513) -> 513
Domain Guests (S-1-5-21-306150234-1547186280-1464621331-514) -> 514
Domain Computers (S-1-5-21-306150234-1547186280-1464621331-515) -> 515
Administrators (S-1-5-32-544) -> 544
Account Operators (S-1-5-32-548) -> 548
Print Operators (S-1-5-32-550) -> 550
Backup Operators (S-1-5-32-551) -> 551
Replicators (S-1-5-32-552) -> 552
Maybe I should just start over. Where in the samba docs would be a
good place to start for using Samba with LDAP? This is the second
time I've started over already - I've never gotten it to work
On 6/13/05, John H Terpstra <jht at samba.org> wrote:
> On Monday 13 June 2005 19:58, linuxlady wrote:
> > I'm using the howto from idealx and the samba-guide to configure a
> > samba server with LDAP backend.
> I am the author of the Samba-Guide. Frankly, if my documentation does not
> solve your problem then it is broken and useless! You should not need more
> documentation than the official Samba documentation.
> Please help me to understand what is broken. I humbly apologize that my
> documentation is so bad.
> > The config works fine until I get to the step:
> Which document are you following, which section, and which step number?
> > getent passwd | grep root
> > It doesn't query any of the LDAP entries that were added with
> > smbldap-populate or smbldap-useradd - it only returns local entries.
> This means that your nss_ldap library is either defective - or is
> > I've checked the nsswitch.conf, ldap.conf, smbldap.conf, log files.
> > I can query the ldap database directly and see the entries.
> > What could be the problem? What else can I check?
> Well, lots! You will need to be more specific - in fact completely specific
> about every step you have followed. The Samba-Guide was recently updated
> using SUSE 9.3 professional - So I know it can work!
> In the technical discussion in chapter 5 I have detailed how to debug LDAP and
> NSS_LDAP operation. Which of those steps have you followed to diagnose the
> > I'm using SuSE 9.3, Samba 3.0.13-1.1, openLDAP 2.2.23-6,
> > smbldap-tools-0.91.
> - John T.
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
More information about the samba