[Samba] nsswitch not working for ldap

Tony Austin nsswitch at gigaday.com
Fri Nov 18 19:10:19 GMT 2005 

>> root#getent group|grep Domain
>>
>> still produces no result and even adding an account
>>
>> root#smbldap-groupadd -a Accounts
>>
>> produces no result from
>>
>> root#getent group|grep Accounts
>>
>> although,
>>
>> root#slapcat|less
>>
>> shows Accounts to be present as objectclass: posixGroup
>>
>> root#getent group
>>
>> returns only the /etc/group entries and logs as:-
>>
>> Nov 18 12:33:18 localhost slapd[2740]: conn=39 fd=17 ACCEPT from
>> IP=127.0.0.1:33021 (IP=0.0.0.0:389)
>> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=0 BIND
>> dn="cn=Manager,dc=phoenixinteriorsltd,dc=com" method=128
>> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=0 BIND
>> dn="cn=Manager,dc=phoenixinteriorsltd,dc=com" mech=SIMPLE ssf=0
>> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=0 RESULT tag=97 err=0
>> text=
>> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=1 SRCH
>> base="ou=Groups,dc=phoenixinteriorsltd,dc=com" scope=1 deref=0
>> filter="(&(objectClass=posixGroup))"
>> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=1 SRCH attr=cn
>> userPassword memberUid uniqueMember gidNumber
>> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=1 SEARCH RESULT
>> tag=101
>> err=32 nentries=0 text=
>> Nov 18 12:33:18 localhost slapd[2740]: conn=39 fd=17 closed
>>
>> So the problem now seems to be that I am not able to get
>> objectclass=posixGroup items returned.
>>
>> I'm not sure what to do now.
> ----
> err=32 means 'no such object' which probably comes as no surprise.
>
> You now have to look for consistency as objectclass=posixGroup doesn't
> cut it for Samba.
>

I don't quite understand what you are saying here.

root#getent group

is looking for posixGroups, this may not be what Samba wants, but I still
don't understand why it does not return them.

Maybe you are also saying that getent should be looking for sambaGroup and
not posixGroup?

> was your group configuration correct when you ran smbldap-populate? This
> would likely account for this issue.
>
> According to your initial email...
>
> nss_base_group  ou=Groups,dc=phoenixinteriorsltd,dc=com?one
>
> so did the configuration for groups in smbldap-tools have that properly
> set?
>
> slapcat |grep sambaGroup
>
> Craig
>

root#slapcat|grep sambaGroup

returns a bunch of:-

objectClass: sambaGroupMapping
sambaGroupType: 2

Is this what it should be?  Seems likely to me.

Tony

More information about the samba mailing list