[Samba] Users can't login on Samba+Ldap
miguelmedalha at sapo.pt
Tue May 19 18:54:25 GMT 2009
> or are you saying "nss_base_hosts
> ou=Computers,dc=DOMAIN,dc=IT?one" is wrong?
I don't know about NFS, but from the point of view of a Samba PDC the
above is wrong. Computers are also domain users and as such they must be
referred to the "nss_base_passwd" directive.
Quoting from "Samba 3 by Example, Chapter 5. Making Happy Users" which
is dedicated to configuration of a LDAP PDC:
If the container for computer accounts is not the same as that for users
(see the |smb.conf| file entry for |ldap machine suffix|), it may be
necessary to set the following DIT dn in the |/etc/ldap.conf| file:
This instructs LDAP to search for machine as well as user entries from
the top of the DIT down. This is inefficient, but at least should work.
Note: It is possible to specify multiple |nss_base_passwd| entries in
the |/etc/ldap.conf| file; they will be evaluated sequentially. Let us
consider an example of use where the following DIT has been implemented:
- User accounts are stored under the DIT: ou=Users, dc=abmas, dc=biz
- User login accounts are under the DIT: ou=People, ou-Users, dc=abmas,
- Computer accounts are under the DIT: ou=Computers, ou=Users, dc=abmas,
The appropriate multiple entry for the |nss_base_passwd| directive in
the |/etc/ldap.conf| file may be:
More information about the samba