[Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)

Chris Alavoine chrisa at acs-info.co.uk
Tue Jul 9 04:37:02 MDT 2013


Hi Daniel,

This is what I have so far:

- /etc/nslcd.conf should look like this:

 # /etc/nslcd.conf

# nslcd configuration file. See nslcd.conf(5)

# for details.

# The user and group nslcd should run as.

uid nslcd

gid nslcd

# The location at which the LDAP server(s) should be reachable.

uri ldap://10.30.54.2

# The search base that will be used for all queries.

base dc=test,dc=internal,dc=com

binddn cn=nslcd-service,cn=Users,dc=essence,dc=internal,dc=com

bindpw XXXXXX (commented out!)

pagesize 1000
referrals off

# users

map passwd uid sAMAccountName

map passwd gidNumber primaryGroupID

map passwd homeDirectory unixHomeDirectory

# groups

map group cn sAMAccountName

map    group  uniqueMember     member




- Add this to top of /etc/pam.d/common-sessions:

session     required      pam_mkhomedir.so skel=/etc/skel umask=0022


- I also needed to remove nscd otherwise groups were not being updated
correctly:

apt-get remove nscd


This works fine for the *nix side of things, am having further difficulties
getting the Samba side to work. So much so, that I'm considering building a
new Samba member server from scratch using Samba 4 instead of 3.

Thanks,
Chris.




On 9 July 2013 11:30, Daniel Müller <mueller at tropenklinik.de> wrote:

> How about post your nslcd-config? This would be a great help for other
> users.
>
> Greetings
> Daniel
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> Im
> Auftrag von Chris Alavoine
> Gesendet: Montag, 8. Juli 2013 19:13
> An: Marc Muehlfeld
> Cc: samba at lists.samba.org
> Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using
> nslcd)
>
> Hi Marc,
>
> I've had many many problems with Winbind and after a few weeks of dead-ends
> I decided to switch to nslcd and everything started working very nicely, so
> I haven't looked back.
>
> I've just had a major success on getting getent passwd to work by adding
> this to my nslcd.conf:
>
> # users
> map passwd uid sAMAccountName
> map passwd gidNumber primaryGroupID
> map passwd homeDirectory unixHomeDirectory
>
> # groups
> map group cn sAMAccountName
> map    group  uniqueMember     member
>
> This now lets me see all users and groups via getent. Just doing some more
> testing now, but I think this may be fixed.
>
> Typical, you spend all day on something, finally decided to post on samba
> lists and then fix it 5 mins later :)
>
> Thanks for the swift reply though!
>
> Cheers,
> c:)
>
>
>
>
>
> On 8 July 2013 18:05, Marc Muehlfeld <samba at marc-muehlfeld.de> wrote:
>
> > Hello Chris,
> >
> > Am 08.07.2013 18:54, schrieb Chris Alavoine:
> >
> >  My problem is that I have a Samba 3 member server (fileserver) that
> > I'm
> >> trying to get to get work in this scenario. I've installed nslcd and
> >> am using the following conf file:
> >>
> >
> > Why don't you use winbind on your member server?
> > http://wiki.samba.org/index.**php/Samba4/Domain_Member<http://wiki.sam
> > ba.org/index.php/Samba4/Domain_Member>
> >
> >
> >
> >
> >
> >
> >  If I then do a "getent group" I get success and can see all the
> > groups,
> >> however "getent passwd" fails and I see this in the logs:
> >>
> >> Jul  8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry
> >> CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid
> >> value
> >>
> >
> > Does this account have an "uid" attribute in AD?
> >
> >
> >
> > Regards,
> > Marc
> >
>
>
>
> --
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk
> http://twitter.com/#!/alavoinecs
> http://www.linkedin.com/pub/chris-alavoine/39/606/192
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192


More information about the samba mailing list