[Samba] Mis-behavior of ldap.conf regarding nss?

Marcio Merlone marcio.merlone at a1.ind.br
Wed Apr 23 19:09:23 GMT 2008

Hello all,

I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP 
both for samba and for posix accounts. Everything runs fine, except for 
one problem. I have a ou=People-inactive branch on my ldap server on 
wich I store (guess what?) inactive people. I don't want my system to 
recognize those entries as valid users, so I set my /etc/ldap.conf as 

root at mercurio:/etc# grep -v "^#\|^\s*$" ldap.conf
base dc=a1,dc=ind
ldap_version 3
nss_base_passwd         ou=People,dc=a1,dc=ind?one
nss_base_shadow         ou=People,dc=a1,dc=ind?one
nss_base_group          ou=Group,dc=a1,dc=ind?one
nss_base_hosts          ou=Hosts,dc=a1.dc=ind?one
nss_base_services       ou=Services,dc=a1,dc=ind?one
nss_base_networks       ou=Networks,dc=a1,dc=ind?one
nss_base_protocols      ou=Protocols,dc=a1,dc=ind?one
nss_base_rpc            ou=Rpc,dc=a1,dc=ind?one
nss_base_netmasks       ou=Networks,dc=a1,dc=ind?one
nss_base_aliases        ou=Aliases,dc=a1,dc=ind?one
nss_base_netgroup       ou=Netgroup,dc=a1,dc=ind?one
root at mercurio:/etc#

I use two servers on the "host" line due to this bug:


The problem arose when I tried to add a new machine to the domain. The 
smbldap-useradd script is able to add the machine entry on ldap, but the 
whole process fails with "User not found" (translated from the 
Portuguese message) on the adding workstation. After googling for about 
3 hours without success, I found that if I just comment out the 
nss_base_* entries, everything works as expected and am able to join a 
machine to the domain.

The question:

Is that a samba, nss or smbldap-tools bug? Or is this not a bug, but a 
feature? ;) Or have I lost something?

Best regards and thanks in advance.

Marcio Merlone

More information about the samba mailing list