[Samba] user creation with samba-tool issue

dahopkins at comcast.net dahopkins at comcast.net
Thu Oct 24 11:12:19 MDT 2013

I'll think about it. We had some serious authentication issues which appear to have been caused by a suspected bug with the built-in DNS capability of Samba4 so I'm leery of testing this at the moment. We disabled dnsupdates which has mitigated the issue until we can migrate to using bind as an external DNS. Once we have everything working well again, I'll see if just adding those lines to nslcd.conf works.

Dave Hopkins

----- Original Message -----
On Thu, 2013-10-24 at 17:46 +0100, Rowland Penny wrote:

> >
> >
> Hi Steve, if nss-ldapd relies on the posix objectClasses, then in my 
> opinion, against an AD server it is broken
> Any Linux tool that you use against a Samba4, must also work against a 
> windows server WITHOUT any modifications, sorry to say but samba-tool 
> fails on this at the moment because it adds the totally un-needed posix 
> objectClasses.
> Rowland
Hi Rowland
nss-ldapd works OK without, _but_ we have to use filters to get at the
posix attributes. As we do with nss-ldap. sssd and winbind work with
whatever is already present in AD.

Just for the OP's sake, maybe he could try without the posixAccount and
have a go with:
filter  passwd  (objectClass=user) 
filter  group (objectClass=group)
in /etc/nslcd.conf


More information about the samba mailing list