[Samba] Samba/LDAP Question
Hector Blanco
white.lists at gmail.com
Sat Mar 1 16:55:57 GMT 2008
Well... I've got this in the /etc/ldap.conf:
nss_base_passwd ou=People,dc=jome?one
nss_base_shadow ou=People,dc=jome?one
nss_base_group ou=Group,dc=jome?one
nss_base_hosts ou=Hosts,dc=jome?one
I added the nss_base_passwd ou=Hosts,dc=jome?one but nothing seems
to change... I don't know if I removed properly the nscd cache when
retying... I rebooted the computer... Is that ok or do I have to do
something else?
Thanks for everything
2008/2/29, Jerome Tournier <jtournier at gmail.com>:
> Hi,
> just one idea: have you configured nss_ldap to resolve account in ou=Computers ?
> ie, in /etc/ldap.conf, have you the 2 lines:
> nss_base_passwd ou=Users,......?sub
> nss_base_passwd ou=Computers,......?sub
>
> If not, add ou=Computers and remove any nscd cache before re-trying.
> --
> Jérôme
>
>
> On Mon, Feb 4, 2008 at 4:33 PM, Frank J. Pellegrino
> <frank.pellegrino at sju.edu> wrote:
> > We have just setup Samba 3.0.28 with LDAP support. We are using a Sun One
> > 5.2 LDAP server.
> >
> > We are having a problem when a new machine joins the domain.
> > Here is a snippet of our smb.conf file
> > add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
> > ldap machine suffix = ou=computers
> > ldap user suffix = ou=People
> >
> > When a new machine attempts to join the domain a new entry is created in
> > ou=computers as expected. This entry has only the posixAccount information
> > and no Samba info. However, the machine reports that it failed to join the
> > domain. Log entries on both samba and LDAP tell me that after the entry is
> > created, samba is trying to find that entry in ou=people instead of
> > ou=computers.
> >
> > Attempting to add the machine again gives us an error that the machine
> > already exists.
> >
> > I modified smbldap-useradd to include the sambaSamAccount information when
> > the entry is created. The first attempt to join the domain still fails,
> > however trying again succeeds.
> >
> > In another test, I removed the modifications from smbldap-useradd and
> > modified the smbldap.conf file so that it thought the machines container
> > was ou=people. With this change the new machine was able to join the
> > domain on the first try. The problem here is that we don't want the
> > machines mixed in with the users.
> >
> > So from this I determined that after creating the new entry for the
> > machine, Samba then goes and looks for that entry in ou=people instead of
> > ou=computers. My guess is that there is a bug in the code that looks at
> > the wrong configuration entry.
> >
> > I have tried looking through the C code on my own. I'm only familiar with
> > C so I haven't made as much progress as I'd like.
> >
> > Is this a known bug? Is it possible that we have a configuration wrong
> > somewhere?
> >
> > Can anyone point me to the correct C file so I can try and fix this?
> >
> > I'd appreciate any help I can get.
> >
> > Thanks.
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> >
>
>
>
>
> --
> Jérôme
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list