[Samba] Samba/LDAP Question

Hector Blanco white.lists at gmail.com
Sat Mar 1 16:55:57 GMT 2008


Well... I've got this in the /etc/ldap.conf:

nss_base_passwd         ou=People,dc=jome?one
nss_base_shadow         ou=People,dc=jome?one
nss_base_group          ou=Group,dc=jome?one
nss_base_hosts          ou=Hosts,dc=jome?one

I added the nss_base_passwd   ou=Hosts,dc=jome?one  but nothing seems
to change... I don't know if I removed properly the nscd cache when
retying... I rebooted the computer... Is that ok or do I have to do
something else?

Thanks for everything

2008/2/29, Jerome Tournier <jtournier at gmail.com>:
> Hi,
>  just one idea: have you configured nss_ldap to resolve account in ou=Computers ?
>  ie, in /etc/ldap.conf, have you the 2 lines:
>  nss_base_passwd   ou=Users,......?sub
>  nss_base_passwd   ou=Computers,......?sub
>
>  If not, add ou=Computers and remove any nscd cache before re-trying.
>  --
>  Jérôme
>
>
>  On Mon, Feb 4, 2008 at 4:33 PM, Frank J. Pellegrino
>  <frank.pellegrino at sju.edu> wrote:
>  > We have just setup Samba 3.0.28 with LDAP support.  We are using a Sun One
>  >  5.2 LDAP server.
>  >
>  >  We are having a problem when a new machine joins the domain.
>  >  Here is a snippet of our smb.conf file
>  >    add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>  >    ldap machine suffix = ou=computers
>  >    ldap user suffix = ou=People
>  >
>  >  When a new machine attempts to join the domain a new entry is created in
>  >  ou=computers as expected.  This entry has only the posixAccount information
>  >  and no Samba info.  However, the machine reports that it failed to join the
>  >  domain.  Log entries on both samba and LDAP tell me that after the entry is
>  >  created, samba is trying to find that entry in ou=people instead of
>  >  ou=computers.
>  >
>  >  Attempting to add the machine again gives us an error that the machine
>  >  already exists.
>  >
>  >  I modified smbldap-useradd to include the sambaSamAccount information when
>  >  the entry is created.  The first attempt to join the domain still fails,
>  >  however trying again succeeds.
>  >
>  >  In another test, I removed the modifications from smbldap-useradd and
>  >  modified the smbldap.conf file so that it thought the machines container
>  >  was ou=people.  With this change the new machine was able to join the
>  >  domain on the first try.  The problem here is that we don't want the
>  >  machines mixed in with the users.
>  >
>  >  So from this I determined that after creating the new entry for the
>  >  machine, Samba then goes and looks for that entry in ou=people instead of
>  >  ou=computers.  My guess is that there is a bug in the code that looks at
>  >  the wrong configuration entry.
>  >
>  >  I have tried looking through the C code on my own.  I'm only familiar with
>  >  C so I haven't made as much progress as I'd like.
>  >
>  >  Is this a known bug?  Is it possible that we have a configuration wrong
>  >  somewhere?
>  >
>  >  Can anyone point me to the correct C file so I can try and fix this?
>  >
>  >  I'd appreciate any help I can get.
>  >
>  >  Thanks.
>  >
>  >
>  >  --
>  >  To unsubscribe from this list go to the following URL and read the
>  >  instructions:  https://lists.samba.org/mailman/listinfo/samba
>  >
>
>
>
>
> --
>  Jérôme
>
> --
>  To unsubscribe from this list go to the following URL and read the
>  instructions:  https://lists.samba.org/mailman/listinfo/samba
>


More information about the samba mailing list