[Samba] Cannot bind to AD using nslcd

Rob Mason rob.mason at acasta.co.uk
Wed Nov 19 11:17:00 MST 2014 

On 19/11/2014 18:03, Rowland Penny wrote:
> On 19/11/14 17:45, Rob Mason wrote:
>> A little further forward!  I've re-provisioned the domain and re-created
>> the new 'nslcd-connect' user just to be sure.
>>
>> 'binddn' is now working - but is complaining about 'uidNumber'. I think
>> this is now just a mapping issue.  Anyone??
>>
>> nslcd: [495cff] <passwd(all)> DEBUG:
>> myldap_search(base="CN=Users,DC=acasta,DC=intra",
>> filter="(objectClass=user)")
>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>> CN=Administrator,CN=Users,DC=acasta,DC=intra
>> nslcd: [495cff] <passwd(all)>
>> CN=Administrator,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>> nslcd: [495cff] <passwd(all)>
>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>> CN=krbtgt,CN=Users,DC=acasta,DC=intra
>> nslcd: [495cff] <passwd(all)> CN=krbtgt,CN=Users,DC=acasta,DC=intra:
>> uidNumber: missing
>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>> CN=Guest,CN=Users,DC=acasta,DC=intra
>> nslcd: [495cff] <passwd(all)> CN=Guest,CN=Users,DC=acasta,DC=intra:
>> uidNumber: missing
>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result(): end of results (4
>> total)
>>
>> The full nslcd.conf is here:
>>
>> uid nslcd
>> gid nslcd
>> uri ldap://kepler.acasta.intra/
>> base CN=Users,DC=acasta,DC=intra
>> binddn CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>> bindpw xxxxxxxx
>> pagesize 1000
>> referrals off
>> filter  passwd  (objectClass=user)
>> filter  group   (objectClass=group)
>> map     passwd  uid                sAMAccountName
>> map     passwd  homeDirectory      unixHomeDirectory
>> map     passwd  gecos              displayName
>> map     passwd  gidNumber          primaryGroupID
>> map     passwd  uidNumber          uidNumber
>> #map     group   uniqueMember       member
>>
>>
>>
>>
> Have you given your users the rfc2307 attributes (including uidNumber) ??
>
> Rowland
>
I'm not sure I understand the question?  My smb.conf has the line:

idmap_ldb:use rfc2307 = yes

When I create a domain account then they should just automatically get
those?

More information about the samba mailing list