[Samba] nsswitch not working for ldap
Tony Austin
nsswitch.500.jackrabbit at spamgourmet.com
Fri Nov 18 13:32:57 GMT 2005
I am following the instruction in Samba by Example chapter 6 on a RHEL4
server. Everything seems OK until I get to 6.3.5.7, which says to do the
following:-
root# getent passwd | grep Adminstrator
which returns nothing, indicating that the nsswitch (nss_ldap libary) is
not working.
I cannot find anything in any of the log files to give my a clue nor any
hints on how to debug this.
Any suggestions?
My configuration files are as follows:
***** /etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27
20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/redhat/autofs.schema
#include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory #
service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
access to dn.base=""
by self write
by * auth
access to attr=userPassword
by self write
by * auth
access to attr=shadowLastChange
by self write
by * read
access to *
by * write
by anonymous auth
loglevel 256
#schemacheck off
#idletimeout 30
backend ldbm
database ldbm
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
access to dn.base=""
by self write
by * auth
access to attr=userPassword
by self write
by * auth
access to attr=shadowLastChange
by self write
by * read
access to *
by * write
by anonymous auth
loglevel 256
#schemacheck off
#idletimeout 30
backend ldbm
database ldbm
#checkpoint 1024 5
#cachesize 10000
suffix "dc=phoenixinteriorsltd,dc=com"
rootdn "cn=Manager,dc=phoenixinteriorsltd,dc=com"
rootpw xxxxxxxx
directory /var/lib/ldap
# Indices to maintain
#index objectClass eq
#index cn pres,sub,eq
#index sn pres,sub,eq
#index uid pres,sub,eq
#index displayName pres,sub,eq
#index uidNumber eq
#index gidNumber eq
#index memberUID eq
#index sambaSID eq
#index sambaPrimaryGroupSID eq
#index sambaDomainName eq
#index default sub
***** /etc/ldap.conf
SIZELIMIT 12
TIMELIMIT 15
DEREF never
host 127.0.0.1
base dc=phoenixinteriorsltd,dc=com
binddn cn=Manager,dc=phoenixinteriorsltd,dc=com
bindpw xxxxxxxx
timelimit 50
bind_timelimit 50
bind_policy hard
idle_timelimit 3600
pam_password exop
nss_base_passwd ou=People,dc=phoenixinteriorsltd,dc=com?one
nss_base_shadow ou=People,dc=phoenixinteriorsltd,dc=com?one
nss_base_group ou=Groups,dc=phoenixinteriorsltd,dc=com?one
ssl off
***** /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
***** /etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth required pam_nologin.so
auth sufficient pam_ldap.so
#auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
account sufficient pam_ldap.so
password required pam_stack.so service=system-auth
password required pam_ldap.so use_first_pass use_authtok
session required pam_stack.so service=system-auth
session optional pam_console.so
***** /etc/pam.d/passwd
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth sufficient pam_ldap.so
account required pam_stack.so service=system-auth
account sufficient pam_ldap.so
password required pam_stack.so service=system-auth
password required pam_ldap.so use_first_pass use_authtok
***** /etc/pam.d/samba
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
auth sufficient pam_ldap.so
account required pam_stack.so service=system-auth
account sufficient pam_ldap.so
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
password required pam_ldap.so use_first_pass use_authtok
***** /etc/sshd
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
Tony
More information about the samba
mailing list