[Samba] ldap group authentication refresh

Arthur Odekerken odekerken at gmail.com
Tue Mar 10 13:21:48 GMT 2009

Hi Adam,

nscd wasn't running on my machine.
After setting the option ldapsam:trusted = yes smbd doesn"t start any longer
I get the following error in /var/log/smbd.log:

[2009/03/09 22:01:31, 0] smbd/server.c:main(1063)
  ERROR: failed to setup guest info.

I did add a nobody account & group to my LDAP database with the following

cn: nobody
uid: nobody
uidNumber: 999
gidNumber: 65533
homeDirectory: /dev/null
loginShell: /bin/false
gecos: samba guest domain account
description: samba guest domain account
objectClass: posixAccount
objectClass: sambaSamAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: top
objectClass: person
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaAcctFlags: [NU         ]
sambaPrimaryGroupSID: S-1-0-0
sn: nobody
sambaSID: S-1-5-21-2084689211-3812089025-2812341184-501
sambaDomainName: DOMAIN.TLD

objectClass: posixGroup
objectClass: sambaGroupMapping
cn: nobody
sambaGroupType: 2
displayName: nobody
gidNumber: 65533
sambaSID: S-1-0-0
memberUid: nobody
description: Domain Unix group

What am I doing wrong?


2009/3/9 Adam Tauno Williams <awilliam at whitemice.org>

> On Mon, 2009-03-09 at 19:32 +0100, Arthur Odekerken wrote:
> > I have succesfully setup a Samba server with OpenLDAP authentication.
> > I also managed to authenticate against groups in my LDAP tree, so far so
> > good.
> > The only problem is that whenever I add or remove an entry from the LDAP
> > group, samba doesn't see that immediately. When I restart the samba
> daemon,
> > it does pick up the change in the LDAP group.
> > Can anybody tell me how I can refresh the authentication, without
> restarting
> > the daemon?
> > I am using samba version 3.0.28-1.el5_2.1 on CentOS release 5.2 (Final)
> and
> > OpenLDAP version 2.3.27.
> Try -
> (a) enable ldapsam trusted = yes if you meet the requirements [see
> documentation]
> (b) disable the nscd service
> --
> OpenGroupware developer: awilliam at whitemice.org
> <http://whitemiceconsulting.blogspot.com/>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list