[Samba] nsswitch not working for ldap

Tony Austin nsswitch.500.jackrabbit at spamgourmet.com
Fri Nov 18 13:32:57 GMT 2005 

I am following the instruction in Samba by Example chapter 6 on a RHEL4
server.  Everything seems OK until I get to 6.3.5.7, which says to do the
following:-

root# getent passwd | grep Adminstrator

which returns nothing, indicating that the nsswitch (nss_ldap libary) is
not working.

I cannot find anything in any of the log files to give my a clue nor any
hints on how to debug this.

Any suggestions?

My configuration files are as follows:

***** /etc/openldap/slapd.conf

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27
20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
#include                /etc/openldap/schema/redhat/autofs.schema
#include                /etc/openldap/schema/redhat/kerberosobject.schema
include         /etc/openldap/schema/samba.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory #
service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

access to dn.base=""
        by self write
        by * auth

access to attr=userPassword
                by self write
                by * auth

access to attr=shadowLastChange
                by self write
                by * read

access to *
                by * write
                by anonymous auth

loglevel        256


#schemacheck    off
#idletimeout    30
backend         ldbm
database        ldbm
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

access to dn.base=""
        by self write
        by * auth

access to attr=userPassword
                by self write
                by * auth

access to attr=shadowLastChange
                by self write
                by * read

access to *
                by * write
                by anonymous auth

loglevel        256


#schemacheck    off
#idletimeout    30
backend         ldbm
database        ldbm
#checkpoint      1024 5
#cachesize       10000
suffix          "dc=phoenixinteriorsltd,dc=com"
rootdn          "cn=Manager,dc=phoenixinteriorsltd,dc=com"
rootpw          xxxxxxxx
directory       /var/lib/ldap

# Indices to maintain
#index objectClass           eq
#index cn                    pres,sub,eq
#index sn                    pres,sub,eq
#index uid                   pres,sub,eq
#index displayName           pres,sub,eq
#index uidNumber             eq
#index gidNumber             eq
#index memberUID             eq
#index sambaSID              eq
#index sambaPrimaryGroupSID  eq
#index sambaDomainName       eq
#index default               sub

***** /etc/ldap.conf

SIZELIMIT 12
TIMELIMIT 15
DEREF  never


host 127.0.0.1

base dc=phoenixinteriorsltd,dc=com
binddn cn=Manager,dc=phoenixinteriorsltd,dc=com
bindpw xxxxxxxx


timelimit 50
bind_timelimit 50
bind_policy hard

idle_timelimit 3600
pam_password exop

nss_base_passwd ou=People,dc=phoenixinteriorsltd,dc=com?one
nss_base_shadow ou=People,dc=phoenixinteriorsltd,dc=com?one
nss_base_group  ou=Groups,dc=phoenixinteriorsltd,dc=com?one

ssl off

***** /etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:      files dns wins


bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus

***** /etc/pam.d/login

#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_nologin.so
auth       sufficient   pam_ldap.so
#auth       required    pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
account    sufficient   pam_ldap.so
password   required     pam_stack.so service=system-auth
password   required     pam_ldap.so use_first_pass use_authtok
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so


***** /etc/pam.d/passwd

#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       sufficient   pam_ldap.so
account    required     pam_stack.so service=system-auth
account    sufficient   pam_ldap.so
password   required     pam_stack.so service=system-auth
password   required     pam_ldap.so use_first_pass use_authtok


***** /etc/pam.d/samba

#%PAM-1.0
auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
auth       sufficient   pam_ldap.so
account    required     pam_stack.so service=system-auth
account    sufficient   pam_ldap.so
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
password   required     pam_ldap.so use_first_pass use_authtok


***** /etc/sshd

#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so


Tony

More information about the samba mailing list