[Samba] getent group fails - fixed

Dale Schroeder dale at BriannasSaladDressing.com
Fri Jun 24 12:05:50 MDT 2011 

On 06/24/2011 2:56 AM, Dermot wrote:
> On 24 June 2011 05:48, Christian PERRIER<bubulle at debian.org>  wrote:
>> Quoting Dermot (paikkos at googlemail.com):
>>
>>> Perhaps I am not understanding you correctly because that runs counter
>>> my experience. The settings in my /etc/ldap/ldap.conf were correct
>>> whereas the ones in /etc/libnss-ldap.conf were not. It was the search
>>> filters from libnss-ldap.conf that were being used when I did `getent
>>> group`. I think your telling me that getent is tied to the nss
>>> framework so would use that config because that's what I told
>>> nsswitch.conf to do. I would have thought, but I am no expert, that
>>> samba would have used the config from smb.conf and that ldapsearch
>>> (and anything else that didn't have hooks else where) would use
>>> /etc/ldap/ldap.conf.
>>
>> Please note that Debian has *two* packages for nss-ldap:
>>
>> mykerinos:/home/cperrier# apt-cache search nss ldap naming service
>> libnss-ldap - NSS module for using LDAP as a naming service
>> libnss-ldapd - NSS module for using LDAP as a naming service
>>
>> IIRC (but you probably want to check this), the latter is more
>> actively maintained than the former.
> I asked about that on the samba IRC two days ago:
>
> (14:33:17)<>: On my distro (Debian), I have two options for NSS 1)
> libnss_ldap and 2) libnss_ldapd (Source: nss-pam-ldapd) . Does anyone
> know which one I should use?
>
> now I have my answer but it looks like I installed the lesser
> maintained version :/
>
> 	libnss_ldap.so.2 (libc6,x86-64) =>  /lib/libnss_ldap.so.2
> 	libnss_ldap.so (libc6,x86-64) =>  /usr/lib/libnss_ldap.so
> 	libnss_ldap-2.7.so (libc6,x86-64) =>  /lib/libnss_ldap-2.7.so
>
> Thanks,
> Dermot.

Looks like there's a migration happening.  On the libnss-ldap package 
webpage ( http://packages.debian.org/squeeze/libnss-ldap ) it says:

Packages providing libnss-ldap

libnss-ldapd

Under experimental, it describes libnss-ldap as a virtual package: 
http://packages.debian.org/experimental/libnss-ldap

One way or another, you will eventually have libnss-ldapd.

Dale

More information about the samba mailing list