[Samba] nsswitch not working for ldap
craigwhite at azapple.com
Fri Nov 18 19:33:55 GMT 2005
On Fri, 2005-11-18 at 19:10 +0000, Tony Austin wrote:
> >> Nov 18 12:33:18 localhost slapd: conn=39 op=1 SEARCH RESULT
> >> tag=101
> >> err=32 nentries=0 text=
> >> Nov 18 12:33:18 localhost slapd: conn=39 fd=17 closed
> >> So the problem now seems to be that I am not able to get
> >> objectclass=posixGroup items returned.
> >> I'm not sure what to do now.
> > ----
> > err=32 means 'no such object' which probably comes as no surprise.
> > You now have to look for consistency as objectclass=posixGroup doesn't
> > cut it for Samba.
> I don't quite understand what you are saying here.
> root#getent group
> is looking for posixGroups, this may not be what Samba wants, but I still
> don't understand why it does not return them.
actually, I think it will return anything that is listed for group
attribute in /etc/ldap.conf - whether it has posixGroup or not - I'm not
really sure but I think that is the case. All of my entries are at least
posixGroup so I don't know.
> Maybe you are also saying that getent should be looking for sambaGroup and
> not posixGroup?
> > was your group configuration correct when you ran smbldap-populate? This
> > would likely account for this issue.
> > According to your initial email...
> > nss_base_group ou=Groups,dc=phoenixinteriorsltd,dc=com?one
> > so did the configuration for groups in smbldap-tools have that properly
> > set?
> > slapcat |grep sambaGroup
> > Craig
> root#slapcat|grep sambaGroup
> returns a bunch of:-
> objectClass: sambaGroupMapping
> sambaGroupType: 2
yeah - that sounds good to me.
the following works for me (adjust your -b (base) and -D
(authentication) as necessary...
[root at srv1 config]# ldapsearch -x -h localhost \
-D 'cn=root,dc=azapple,dc=com' \
-b 'ou=Groups,dc=azapple,dc=com' -W '(cn=*)'
I get a complete listing of the groups and I can see if they have
sambaGroupMapping and posixGroup objectclass or not.
this was interesting also...
# slapcat |grep Groups
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba