[Samba] samba ldap pdc w/unix accounts: local unix and ldap unix users can't resolve uids to names on the server

Noah Dain noahdain at gmail.com
Tue Sep 12 14:20:30 GMT 2006


On 9/11/06, Cleber P. de Souza <cleberps at gmail.com> wrote:
> You'll need setup and start the nscd service on your machine.
> This solve your problem.

well, windbind and nscd don't get along together, as winbind does it's
own caching.

reference:  http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2544165

> On 9/11/06, Noah Dain <noahdain at gmail.com> wrote:
> > * distro: ubuntu breezy ( 6.06 )
> > * samba version: shipped version with updates ( 3.0.22-1ubuntu3.1 )
> > * no ssl
> > * openLDAP is running on the same machine as samba, and referenced as
> > localhost/127.0.0.1 where applicable ( 2.2.26-5ubuntu2.1 )
> > * nscd is not installed, much less running
> >
> > I've set up a samba pdc with ldap by following the Samba Guide very
> > closely, adapting it to Ubuntu/Debian where it seemed applicable, and
> > I've had mostly success.
> >
> > Windows clients work fine:  they can join the domain, roaming profiles
> > work, read/write to their respective shares.
> >
> > However, when logged into the samba/ldap server, local users other
> > than root cannot resolve names in ldap.  No ldap accounts show up for
> > 'getent passwd' or 'getent group'.
> >
> > I can login to the system with an ldap user account, but when I do so I get:
> > NOTE: 'ndain' is a local account. 'dainn' is an ldap account.
> >
> > ndain at sambapdc:~$ su dainn
> > Password:
> > id: cannot find name for group ID 513
> > id: cannot find name for group ID 512
> > I have no name!@sambapdc:/home/ndain$
> >
> > /var/log/syslog records:
> > Sep 11 11:32:49 sambapdc bash: nss_ldap: could not search LDAP server
> > - Operations error
> > Sep 11 11:32:49 sambapdc id: nss_ldap: could not search LDAP server -
> > Operations error
> >
> >
> > However, if I set /etc/libnss-ldap.conf permissions to 644, everything
> > works.  Obviously, this is less than optimal as it has the "root" ldap
> > account password in plaintext.
> >
> >
> > ### nothing below but config files ###
> >
> > ## file: /etc/nsswitch.conf
> > ## edited to incorporate changes from #3:
> > ##http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-nss02
> > passwd:         files ldap
> > group:          files ldap
> > shadow:         files ldap
> > #hosts:          files dns
> > hosts:          files dns wins
> > networks:       files
> > protocols:      db files
> > services:       db files
> > ethers:         db files
> > rpc:            db files
> > netgroup:       nis
> > # end /etc/nsswitch.conf
> >
> > ## file: /etc/libnss-ldap.conf
> > ## ripped from:
> > http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-nss01
> > host 127.0.0.1
> > #base dc=abmas,dc=biz
> > base dc=sysgenmedia,dc=com
> > ldap_version 3
> > binddn cn=manager,dc=sysgenmedia,dc=com
> > bindpw MyPassWord
> > timelimit 50
> > bind_timelimit 50
> > bind_policy hard
> > idle_timelimit 3600
> > pam_password exop
> > #nss_base_passwd ou=People,dc=abmas,dc=biz?one
> > #nss_base_shadow ou=People,dc=abmas,dc=biz?one
> > #nss_base_group  ou=Groups,dc=abmas,dc=biz?one
> > nss_base_passwd ou=People,dc=sysgenmedia,dc=com?one
> > nss_base_shadow ou=People,dc=sysgenmedia,dc=com?one
> > nss_base_group  ou=Groups,dc=sysgenmedia,dc=com?one
> > ssl off
> > ## end file: /etc/nsswitch.conf
> >
> >
> >
> > --
> > Noah Dain
> > "I don't want to make toys, I want to be a dentist!"
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>
>
> --
> ***
> Cleber P. de Souza
>


-- 
Noah Dain
"I don't want to make toys, I want to be a dentist!"


More information about the samba mailing list