[Samba] Problem with OpenLDAP/Samba/NSS -> ERROR : User xxx in passdb, but getpwnam() fails!

Vincent Farget farget at olfac.univ-lyon1.fr
Mon Dec 11 07:01:30 GMT 2006 

Hi,

I have solved my problem.

The two last modifications before it works was :


1.)
In the configuration file of the SAMBA server :
I HAVE ADD :
obey pam restrictions = Yes
ldapsam:trusted = Yes
with
encrypt passwords = Yes


2.)
In the configuratin file of the NSS :
I HAVE ADD :
rootbinddn cn=chef,dc=server,dc=domaine,dc=fr

without forgotten the '/etc/ldap.secret' file with the password of the 
'rootbinddn'.


Thanks again.
Bye.
-



Vincent Farget a écrit :
> Hi everybody,
> 
> 
> I have one SAMBA server (with PDC configuration) which is configure to 
> use an OpenLDAP server (on the same local server) where users and 
> computers account are store (I want to have the two Unix/Linux and Samba 
> account attributes stored to use Name Service Switch and Pluggable 
> Authentication Module).
> 
> 
> 
> My problem is as follow :
> If I don't put the following line :
> -> user1:x:527:400:Utilisateur 1:/home/user1:/bin/bash
> in the '/etc/passwd' file, for a user, or :
> -> pc046$:x:1110:582:Compte PC:/dev/null:/bin/false
> for a computer, I can't connect and I have the following error in the 
> '/var/log/samba/log.pc046' log file :
> ..........
> [2006/11/28 11:51:48, 1] auth/auth_util.c:make_server_info_sam(840)
>     User farget in passdb, but getpwnam() fails!
> [2006/11/28 11:51:48, 0] auth/auth_sam.c:check_sam_security(324)
>     check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_NO_SUCH_USER'
> ..........
> 
> however, on my local server, if I type 'getent passwd|grep
> user1', I have/can see the following :
> -> user1:x:527:400:Utilisateur 1:/home/user1:/bin/bash
> and an 'ldapsearch -x -LLL' show me all my directory without any 
> problems !!!!
> 
> 
> I show several other mails from people who have the same 'getpwnam() 
> fails!' error, but I didn't succeed in found the solution !!!
> 
> 
>   So I want to know severals things :
> --------------------------------------
> 
> 1.) What seeks SAMBA precisely when it executes the 'getpwnam()' 
> function ? One or severals specials OpenLDAP attributes ?
> 
> 2.) In the file '/etc/ldap/slapd.conf', what is 'index' used for ?
> Actually I have the following index :
> ..........
> # Indexing options for database #1
> index           objectClass,uidNumber,gidNumber                eq
> index           sambaSID,sambaPrimaryGroupSID,sambaDomainName  eq
> ..........
> Is these indexes Ok ?
> 
> I see that if I add the following line :
> -> index           uid           eq
> the 'ldapsearch -x -LLL' output is EMPTY !!!!
> 
> 
> 
> 
> Here is my Debian Sarge server files configuration :
> -> 'slapd' (OpenLDAP) v2.2.23-8,
> -> 'samba' v3.0.14a-3sarge2,
> -> 'samba-doc' v3.0.14a-3sarge2 with 'smbldap-tools' v0.8.7,
> -> 'libnss-ldap' v238-1,
> 
> 
> ...
> 
> Thanks in advance for your help,
> Best regards.
> 

-- 
M. FARGET Vincent
IGE - Administrateur Systèmes / Informaticien de Laboratoire
UMR 5020 - Laboratoire des Neurosciences et Systemes Sensoriels
Universite Claude Bernard LYON 1 - CNRS
50, avenue Tony Garnier
69366 LYON Cedex 07
## Ce message est signé par un certificat CNRS ##
http://igc.services.cnrs.fr/Doc/General/trust.html
http://www.urec.cnrs.fr/igc/Certifs_CNRS.html
#####
# Pour que la signature soit valide, vous devrez
#  récupérer préalablement le certificat de
#  l'autorité de certification CNRS-Plus en
#  cliquant sur le lien ci dessous :
http://igc.services.cnrs.fr/cgi-bin/viewca?cmd=load&CA=CNRS-Plus&ca=CNRS-Plus

More information about the samba mailing list