[Samba] Re: pdbedit dosen't send the sambaSID to the ldap

Harry Jede walk2sun at arcor.de
Tue Mar 24 14:42:03 GMT 2009


Am Dienstag, 24. März 2009 12:56 schrieb LiPi -:
> The question was exactly the same than the one that was in the link I
> wrote :p
> http://www.mail-archive.com/samba@lists.samba.org/msg99530.html
>
>
> But now, 1h later it's time to answer myself:
>
> If somebody needs to solve the mentionated problem, it only must be
> two things:
>
> apt-get install libnss-ldap libpam-ldap
> emacs /etc/ldap.conf and fill it with (according to their params):
Which version of Debian do you use? This setup is outdated for years.

Read the man pages and the docs for this two packages.

>
> <<<<--start ldap.conf>>>>
> host 127.0.0.1
> base dc=ctest
> uri ldap://127.0.0.1
> ldap_version 3
> rootbinddn cn=admin,dc=ctest
> port 389
>
> nss_base_passwd         ou=Users,dc=ctest?one
> nss_base_passwd         ou=Computers,dc=ctest?one
> nss_base_shadow         ou=Users,dc=ctest?one
You really like to poll your "shadow file" over an unprotected network? 
Remember, it contains the passwords.
If you do this ONLY on the loopback network, it may be OK.

> nss_base_group          ou=Groups,dc=ctest?one
> <<<<--end ldap.conf>>>>
>
> and /etc/nsswitch.conf:
> <<<<--start nsswitch.conf>>>>
> passwd:         compat ldap
> group:          compat ldap
> shadow:         compat ldap
>
> hosts:          files dns
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> netgroup:       nis
> <<<---end nsswitch.conf>>>
>
> Then, getent passwd and getent group must show ldap entries, and then
> joining to a domain and the creation of automatic machine samba
> accounts is well done.
>


> Thank you all!

-- 

Gruss
	Harry Jede


More information about the samba mailing list