[Samba] nscd, ldap and the root/Administrator account

Ian Clancy clancyian at cel.ie
Tue May 3 11:40:40 GMT 2005 

Adam Tauno Williams wrote:

>>I'm using Samba 3 as a PDC with an Openldap backend and  also have a 
>>number of Samba domain member servers that lookup the ldap directory
>>    
>>
>for 
>  
>
>>their account information. I use ssh to perform various administration
>>    
>>
>
>  
>
>>tasks. There is an account called Administrator in the LDAP directory 
>>that has a UID of 0 . However, after nscd has been started, the next 
>>time i login to one of the member servers using the root account my 
>>username is reported as Administrator and not as root as expected.
>>    
>>
>This 
>  
>
>>causes various issues with ssh keys etc..
>>    
>>
>
>It only works when you're not running nscd because you're lucky.  NSS
>will return the first matching entry for a uidnumber={0} lookup.
>
I would have though that it works because  i have 'files' before 'ldap' 
in the nsswitch.conf file

>    It
>doesn't really support multiple accounts with the same uidnumber, id
>suggest not having a Administration;uidnumber=0 account.  Simply map
>Administrator = root in Samba if this is the behaviour you want.
>
>  
>
I'm not sure how to map Administrator = root. Sounds like a good idea. I 
will have to look into this.

>>I have the following lines in my nsswitch.conf file.
>>    
>>
>>>passwd:     files ldap
>>>shadow:     files ldap
>>>group:      files ldap
>>>      
>>>
>>grepping the output of 'getent passwd' for x:0:
>>    
>>
>>>root:x:0:0:root:/root:/bin/bash
>>>Administrator:x:0:5001:Netbios Domain 
>>>Administrator:/home/Administrator:/bin/bash
>>>      
>>>
>>When i stop the nscd service the behaviour of the system returns to
>>    
>>
>normal.
>  
>
>>I apologise if this topic is not directly samba related. However, i'm 
>>sure somebody else must have come accross this behaviour.
>>    
>>
>
>nscd is just a dumb cache,  you're getting the results of a uidnumber=0
>lookup into its cache.
>  
>
Thanks for your reply

-- 
Ian Clancy
IT Systems Engineer
Connaught Electronics Ltd.
Dunmore Rd,
Tuam,
Co. Galway,
Ireland.

P : ++353 93 23151
F : ++353 93 23110
E : mailto:clancyian at cel.ie
W : http://www.cel-europe.com

More information about the samba mailing list