[Samba] nscd, ldap and the root/Administrator account
Adam Tauno Williams
awilliam at whitemice.org
Tue May 3 11:17:41 GMT 2005
> I'm using Samba 3 as a PDC with an Openldap backend and also have a
> number of Samba domain member servers that lookup the ldap directory for
> their account information. I use ssh to perform various administration
> tasks. There is an account called Administrator in the LDAP directory
> that has a UID of 0 . However, after nscd has been started, the next
> time i login to one of the member servers using the root account my
> username is reported as Administrator and not as root as expected. This
> causes various issues with ssh keys etc..
It only works when you're not running nscd because you're lucky. NSS
will return the first matching entry for a uidnumber={0} lookup. It
doesn't really support multiple accounts with the same uidnumber, id
suggest not having a Administration;uidnumber=0 account. Simply map
Administrator = root in Samba if this is the behaviour you want.
> I have the following lines in my nsswitch.conf file.
> > passwd: files ldap
> > shadow: files ldap
> > group: files ldap
> grepping the output of 'getent passwd' for x:0:
> > root:x:0:0:root:/root:/bin/bash
> > Administrator:x:0:5001:Netbios Domain
> > Administrator:/home/Administrator:/bin/bash
> When i stop the nscd service the behaviour of the system returns to normal.
> I apologise if this topic is not directly samba related. However, i'm
> sure somebody else must have come accross this behaviour.
nscd is just a dumb cache, you're getting the results of a uidnumber=0
lookup into its cache.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050503/55b41821/attachment.bin
More information about the samba
mailing list