[Samba] nsswitch not working for ldap

Craig White craigwhite at azapple.com
Fri Nov 18 19:33:55 GMT 2005 

On Fri, 2005-11-18 at 19:10 +0000, Tony Austin wrote:

> >> Nov 18 12:33:18 localhost slapd[2740]: conn=39 op=1 SEARCH RESULT
> >> tag=101
> >> err=32 nentries=0 text=
> >> Nov 18 12:33:18 localhost slapd[2740]: conn=39 fd=17 closed
> >>
> >> So the problem now seems to be that I am not able to get
> >> objectclass=posixGroup items returned.
> >>
> >> I'm not sure what to do now.
> > ----
> > err=32 means 'no such object' which probably comes as no surprise.
> >
> > You now have to look for consistency as objectclass=posixGroup doesn't
> > cut it for Samba.
> >
> 
> I don't quite understand what you are saying here.
> 
> root#getent group
> 
> is looking for posixGroups, this may not be what Samba wants, but I still
> don't understand why it does not return them.
----
actually, I think it will return anything that is listed for group
attribute in /etc/ldap.conf - whether it has posixGroup or not - I'm not
really sure but I think that is the case. All of my entries are at least
posixGroup so I don't know.
----
> 
> Maybe you are also saying that getent should be looking for sambaGroup and
> not posixGroup?
----
no
----
> 
> > was your group configuration correct when you ran smbldap-populate? This
> > would likely account for this issue.
> >
> > According to your initial email...
> >
> > nss_base_group  ou=Groups,dc=phoenixinteriorsltd,dc=com?one
> >
> > so did the configuration for groups in smbldap-tools have that properly
> > set?
> >
> > slapcat |grep sambaGroup
> >
> > Craig
> >
> 
> root#slapcat|grep sambaGroup
> 
> returns a bunch of:-
> 
> objectClass: sambaGroupMapping
> sambaGroupType: 2
----
yeah - that sounds good to me.

the following works for me (adjust your -b (base) and -D
(authentication) as necessary...

[root at srv1 config]# ldapsearch -x -h localhost \
-D 'cn=root,dc=azapple,dc=com' \
-b 'ou=Groups,dc=azapple,dc=com' -W '(cn=*)'

I get a complete listing of the groups and I can see if they have
sambaGroupMapping and posixGroup objectclass or not.

this was interesting also...

# slapcat |grep Groups

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list