[Samba] nscd, ldap and the root/Administrator account

Adam Tauno Williams awilliam at whitemice.org
Tue May 3 11:17:41 GMT 2005

> I'm using Samba 3 as a PDC with an Openldap backend and  also have a 
> number of Samba domain member servers that lookup the ldap directory for 
> their account information. I use ssh to perform various administration 
> tasks. There is an account called Administrator in the LDAP directory 
> that has a UID of 0 . However, after nscd has been started, the next 
> time i login to one of the member servers using the root account my 
> username is reported as Administrator and not as root as expected. This 
> causes various issues with ssh keys etc..

It only works when you're not running nscd because you're lucky.  NSS
will return the first matching entry for a uidnumber={0} lookup.    It
doesn't really support multiple accounts with the same uidnumber, id
suggest not having a Administration;uidnumber=0 account.  Simply map
Administrator = root in Samba if this is the behaviour you want.

> I have the following lines in my nsswitch.conf file.
> > passwd:     files ldap
> > shadow:     files ldap
> > group:      files ldap
> grepping the output of 'getent passwd' for x:0:
> > root:x:0:0:root:/root:/bin/bash
> > Administrator:x:0:5001:Netbios Domain 
> > Administrator:/home/Administrator:/bin/bash
> When i stop the nscd service the behaviour of the system returns to normal.
> I apologise if this topic is not directly samba related. However, i'm 
> sure somebody else must have come accross this behaviour.

nscd is just a dumb cache,  you're getting the results of a uidnumber=0
lookup into its cache.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050503/55b41821/attachment.bin

More information about the samba mailing list