[Samba] Re: pdbedit dosen't send the sambaSID to the ldap
Harry Jede
walk2sun at arcor.de
Tue Mar 24 14:42:03 GMT 2009
Am Dienstag, 24. März 2009 12:56 schrieb LiPi -:
> The question was exactly the same than the one that was in the link I
> wrote :p
> http://www.mail-archive.com/samba@lists.samba.org/msg99530.html
>
>
> But now, 1h later it's time to answer myself:
>
> If somebody needs to solve the mentionated problem, it only must be
> two things:
>
> apt-get install libnss-ldap libpam-ldap
> emacs /etc/ldap.conf and fill it with (according to their params):
Which version of Debian do you use? This setup is outdated for years.
Read the man pages and the docs for this two packages.
>
> <<<<--start ldap.conf>>>>
> host 127.0.0.1
> base dc=ctest
> uri ldap://127.0.0.1
> ldap_version 3
> rootbinddn cn=admin,dc=ctest
> port 389
>
> nss_base_passwd ou=Users,dc=ctest?one
> nss_base_passwd ou=Computers,dc=ctest?one
> nss_base_shadow ou=Users,dc=ctest?one
You really like to poll your "shadow file" over an unprotected network?
Remember, it contains the passwords.
If you do this ONLY on the loopback network, it may be OK.
> nss_base_group ou=Groups,dc=ctest?one
> <<<<--end ldap.conf>>>>
>
> and /etc/nsswitch.conf:
> <<<<--start nsswitch.conf>>>>
> passwd: compat ldap
> group: compat ldap
> shadow: compat ldap
>
> hosts: files dns
> networks: files
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
> netgroup: nis
> <<<---end nsswitch.conf>>>
>
> Then, getent passwd and getent group must show ldap entries, and then
> joining to a domain and the creation of automatic machine samba
> accounts is well done.
>
> Thank you all!
--
Gruss
Harry Jede
More information about the samba
mailing list