[Samba] samba ldap pdc w/unix accounts: local unix and ldap unix users can't resolve uids to names on the server

Cleber P. de Souza cleberps at gmail.com
Tue Sep 12 20:41:04 GMT 2006


Try temporally stop winbind and start nscd to look if your problem is solved.

On 9/12/06, Noah Dain <noahdain at gmail.com> wrote:
> On 9/11/06, Cleber P. de Souza <cleberps at gmail.com> wrote:
> > You'll need setup and start the nscd service on your machine.
> > This solve your problem.
>
> well, windbind and nscd don't get along together, as winbind does it's
> own caching.
>
> reference:  http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2544165
>
> > On 9/11/06, Noah Dain <noahdain at gmail.com> wrote:
> > > * distro: ubuntu breezy ( 6.06 )
> > > * samba version: shipped version with updates ( 3.0.22-1ubuntu3.1 )
> > > * no ssl
> > > * openLDAP is running on the same machine as samba, and referenced as
> > > localhost/127.0.0.1 where applicable ( 2.2.26-5ubuntu2.1 )
> > > * nscd is not installed, much less running
> > >
> > > I've set up a samba pdc with ldap by following the Samba Guide very
> > > closely, adapting it to Ubuntu/Debian where it seemed applicable, and
> > > I've had mostly success.
> > >
> > > Windows clients work fine:  they can join the domain, roaming profiles
> > > work, read/write to their respective shares.
> > >
> > > However, when logged into the samba/ldap server, local users other
> > > than root cannot resolve names in ldap.  No ldap accounts show up for
> > > 'getent passwd' or 'getent group'.
> > >
> > > I can login to the system with an ldap user account, but when I do so I get:
> > > NOTE: 'ndain' is a local account. 'dainn' is an ldap account.
> > >
> > > ndain at sambapdc:~$ su dainn
> > > Password:
> > > id: cannot find name for group ID 513
> > > id: cannot find name for group ID 512
> > > I have no name!@sambapdc:/home/ndain$
> > >
> > > /var/log/syslog records:
> > > Sep 11 11:32:49 sambapdc bash: nss_ldap: could not search LDAP server
> > > - Operations error
> > > Sep 11 11:32:49 sambapdc id: nss_ldap: could not search LDAP server -
> > > Operations error
> > >
> > >
> > > However, if I set /etc/libnss-ldap.conf permissions to 644, everything
> > > works.  Obviously, this is less than optimal as it has the "root" ldap
> > > account password in plaintext.
> > >
> > >
> > > ### nothing below but config files ###
> > >
> > > ## file: /etc/nsswitch.conf
> > > ## edited to incorporate changes from #3:
> > > ##http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-nss02
> > > passwd:         files ldap
> > > group:          files ldap
> > > shadow:         files ldap
> > > #hosts:          files dns
> > > hosts:          files dns wins
> > > networks:       files
> > > protocols:      db files
> > > services:       db files
> > > ethers:         db files
> > > rpc:            db files
> > > netgroup:       nis
> > > # end /etc/nsswitch.conf
> > >
> > > ## file: /etc/libnss-ldap.conf
> > > ## ripped from:
> > > http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-nss01
> > > host 127.0.0.1
> > > #base dc=abmas,dc=biz
> > > base dc=sysgenmedia,dc=com
> > > ldap_version 3
> > > binddn cn=manager,dc=sysgenmedia,dc=com
> > > bindpw MyPassWord
> > > timelimit 50
> > > bind_timelimit 50
> > > bind_policy hard
> > > idle_timelimit 3600
> > > pam_password exop
> > > #nss_base_passwd ou=People,dc=abmas,dc=biz?one
> > > #nss_base_shadow ou=People,dc=abmas,dc=biz?one
> > > #nss_base_group  ou=Groups,dc=abmas,dc=biz?one
> > > nss_base_passwd ou=People,dc=sysgenmedia,dc=com?one
> > > nss_base_shadow ou=People,dc=sysgenmedia,dc=com?one
> > > nss_base_group  ou=Groups,dc=sysgenmedia,dc=com?one
> > > ssl off
> > > ## end file: /etc/nsswitch.conf
> > >
> > >
> > >
> > > --
> > > Noah Dain
> > > "I don't want to make toys, I want to be a dentist!"
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > >
> >
> >
> > --
> > ***
> > Cleber P. de Souza
> >
>
>
> --
> Noah Dain
> "I don't want to make toys, I want to be a dentist!"
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


-- 
***
Cleber P. de Souza


More information about the samba mailing list