[Samba] Users can't login on Samba+Ldap

John Du jjohndu at gmail.com
Tue May 19 20:01:28 GMT 2009


Miguel Medalha wrote:
>
>> or are you  saying "nss_base_hosts        
>> ou=Computers,dc=DOMAIN,dc=IT?one" is wrong?
>>
>
>
> I don't know about NFS, but from the point of view of a Samba PDC the 
> above is wrong. Computers are also domain users and as such they must 
> be referred to the "nss_base_passwd" directive.
>
> Quoting from "Samba 3 by Example, Chapter 5. Making Happy Users" which 
> is dedicated to configuration of a LDAP PDC:
>
> «
>
> If the container for computer accounts is not the same as that for 
> users (see the |smb.conf| file entry for |ldap machine suffix|), it 
> may be necessary to set the following DIT dn in the |/etc/ldap.conf| 
> file:
>
> nss_base_passwd dc=abmas,dc=biz?sub
>
> This instructs LDAP to search for machine as well as user entries from 
> the top of the DIT down. This is inefficient, but at least should 
> work. Note: It is possible to specify multiple |nss_base_passwd| 
> entries in the |/etc/ldap.conf| file; they will be evaluated 
> sequentially. Let us consider an example of use where the following 
> DIT has been implemented:
>
> - User accounts are stored under the DIT: ou=Users, dc=abmas, dc=biz
>
> - User login accounts are under the DIT: ou=People, ou-Users, 
> dc=abmas, dc=biz
>
> - Computer accounts are under the DIT: ou=Computers, ou=Users, 
> dc=abmas, dc=biz
>
> The appropriate multiple entry for the |nss_base_passwd| directive in 
> the |/etc/ldap.conf| file may be:
>
> nss_base_passwd ou=People,ou=Users,dc=abmas,dc=org?one
> nss_base_passwd ou=Computers,ou=Users,dc=abmas,dc=org?one
>
> »
>
>
Thank you very much for the information!


More information about the samba mailing list