[Samba] Solaris nss_ldap vs PADL nss_ldap

albanperso-zatoo at yahoo.com albanperso-zatoo at yahoo.com
Fri Sep 12 13:41:03 GMT 2008 

Thanks Duncan.

Before going to get the nss_ldap, I just create fresh user accounts in my AD and it works fine!
I recreate the existing ones everything is OK. There is no difference detected with the former accounts. so it's an unexplained working tips

So, as an advice from the filed, for future readres of this message, check the entire line of responsablity, starting from the infra to the data (ALL kind of involved data)

Best regards

Alban



----- Message d'origine ----
> De : Duncan Brannen <dbb at st-andrews.ac.uk>
> À : albanperso-zatoo at yahoo.com
> Cc : samba at lists.samba.org
> Envoyé le : Vendredi, 12 Septembre 2008, 13h20mn 30s
> Objet : Re: Re : [Samba] Solaris nss_ldap vs PADL nss_ldap
> 
> 
> Hi Alban,
>                 You can download padl's nss_ldap library from 
> http://www.padl.com/Contents/OpenSourceSoftware.html
> 
> If you've already configured solaris for groups and password in LDAP, it 
> should just work once you replace the Solaris
> nss_ldap with the padl one ( back it up first ;)  and add / configure 
> /etc/ldap.conf
> 
> mine looks like
> 
> > TLS_CACERT /etc/certs/cacert.pem
> > TLSCIPHERSUITE TLSv1
> > host ldap.st-andrews.ac.uk
> > rootbinddn 
> > base ou=People,dc=st-andrews,dc=ac,dc=uk
> > ldap_version 3
> > nss_base_passwd ou=People,dc=st-andrews,dc=ac,dc=uk?one
> > nss_base_shadow ou=People,dc=st-andrews,dc=ac,dc=uk?one
> > nss_base_group          ou=Groups,dc=st-andrews,dc=ac,dc=uk?one
> > ssl start_tls
> > tls_cacertfile /etc/certs/
> > certificate?
> > tls_cacertdir /etc/certs
> > tls_ciphers TLSv1
> With the admin user password in /etc/ldap.secret permission 600.
> 
> 
> You could also try  group: compat as suggested by Douglas Engert,  I've 
> not managed to get back to trying this yet.
> 
> > Have you tried using Solaris version withthis in the nsswitch.conf:
> >
> >  group: compat
> >  group_compat ldap
> >
> > and adding the + in the /etc/group file.
> >
> > This appears to work as expected, getting groups info from both
> > local and ldap.
> >
> > Or (I have not tried this):
> >
> >  group: files [SUCCESS=continue] ldap
> 
> Cheers,
>           Duncan
> 
> 
> 
> albanperso-zatoo at yahoo.com wrote:
> > Hi Duncan,
> >
> > I have the same issue on Solaris and Samba (3.028a and 3.31) that is OK for 
> primary groups but not for secondaries.
> >
> > can you describe how do you get / configurePADL's nss_ldap?
> >
> > Thanks in advance
> >
> > Regards
> >
> > Alban
> >
> >
> > ----- Message d'origine ----
> >  
> >> De : Duncan Brannen 
> >> À : samba at lists.samba.org
> >> Envoyé le : Mercredi, 27 Août 2008, 18h09mn 55s
> >> Objet : [Samba] Solaris nss_ldap vs PADL nss_ldap
> >>
> >>
> >>
> >> Hi All,
> >>           Any thoughts on why, while everything seems ok at the OS level 
> >> (getent , id -a ) Samba
> >> doesn't pickup any supplementary groups when Solaris is configured with 
> >> 'group: files ldap' in
> >> nsswitch.conf and using it's own native nss_ldap.so.1 but does when 
> >> using PADL's nss_ldap?
> >> Everything else is equal.
> >>
> >> Do they use/accept different calls or could it be an openldap vs native 
> >> ldap incompatibility,
> >> Samba being compiled against the openldap libraries.
> >>
> >> Samba seems not to compile against the native libraries due to a lack of 
> >> ldap_start_tls_s
> >>
> >> Solaris 10 and Samba 3.2.2
> >>
> >> Cheers,
> >>           Duncan
> >>
> >> -- 
> >> The University of St Andrews is a charity registered in Scotland : No 
> SC013532
> >>
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/listinfo/samba
> >>    
> >
> >
> >
> >      
> >  
> 
> 
> -- 
> The University of St Andrews is a charity registered in Scotland : No SC013532

More information about the samba mailing list