[Samba] nsswitch not working for ldap

Craig White craigwhite at azapple.com
Fri Nov 18 18:52:53 GMT 2005 

On Fri, 2005-11-18 at 18:39 +0000, Tony Austin wrote:

> 
> I am a bit further forward with this.  I think 'Samba by Example' is a bit
> misleading, it says to do:-
> 
> root#getent passwd|grep Administrator
> 
> but AFAICS there has been no Administrator account set up by
> smbldap-populate.pl, hence no result comes back
----
probably assumes a different version of smbldap-tools

the version that I installed from RHEL didn't add an account
'Administrator' but added an account called 'root' to LDAP (uid=0)

This probably accounts for your confusion
----
> 
> root#smbldap-useradd -a fren
> 
> adds an account and this can is returned by
> 
> root#getent passwd|grep fren
> 
> However,
> 
> root#getent group|grep Domain
> 
> still produces no result and even adding an account
> 
> root#smbldap-groupadd -a Accounts
> 
> produces no result from
> 
> root#getent group|grep Accounts
> 
> although,
> 
> root#slapcat|less
> 
> shows Accounts to be present as objectclass: posixGroup
> 
> root#getent group
> 
> returns only the /etc/group entries and logs as:-
> 
> Nov 18 12:33:18 localhost slapd[2740]: conn=39 fd=17 ACCEPT from
> IP=127.0.0.1:33021 (IP=0.0.0.0:389)
> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=0 BIND
> dn="cn=Manager,dc=phoenixinteriorsltd,dc=com" method=128
> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=0 BIND
> dn="cn=Manager,dc=phoenixinteriorsltd,dc=com" mech=SIMPLE ssf=0
> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=0 RESULT tag=97 err=0 text=
> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=1 SRCH
> base="ou=Groups,dc=phoenixinteriorsltd,dc=com" scope=1 deref=0
> filter="(&(objectClass=posixGroup))"
> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=1 SRCH attr=cn
> userPassword memberUid uniqueMember gidNumber
> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=1 SEARCH RESULT tag=101
> err=32 nentries=0 text=
> Nov 18 12:33:18 localhost slapd[2740]: conn=39 fd=17 closed
> 
> So the problem now seems to be that I am not able to get
> objectclass=posixGroup items returned.
> 
> I'm not sure what to do now.
----
err=32 means 'no such object' which probably comes as no surprise.

You now have to look for consistency as objectclass=posixGroup doesn't
cut it for Samba.

was your group configuration correct when you ran smbldap-populate? This
would likely account for this issue.

According to your initial email...

nss_base_group  ou=Groups,dc=phoenixinteriorsltd,dc=com?one

so did the configuration for groups in smbldap-tools have that properly
set?

slapcat |grep sambaGroup

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list