[Samba] Cannot bind to AD using nslcd

John Yocum jtyocum at uw.edu
Wed Nov 19 11:19:46 MST 2014 

On 11/19/2014 10:17 AM, Rob Mason wrote:
> On 19/11/2014 18:03, Rowland Penny wrote:
>> On 19/11/14 17:45, Rob Mason wrote:
>>> A little further forward!  I've re-provisioned the domain and re-created
>>> the new 'nslcd-connect' user just to be sure.
>>>
>>> 'binddn' is now working - but is complaining about 'uidNumber'. I think
>>> this is now just a mapping issue.  Anyone??
>>>
>>> nslcd: [495cff] <passwd(all)> DEBUG:
>>> myldap_search(base="CN=Users,DC=acasta,DC=intra",
>>> filter="(objectClass=user)")
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=Administrator,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)>
>>> CN=Administrator,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)>
>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=krbtgt,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)> CN=krbtgt,CN=Users,DC=acasta,DC=intra:
>>> uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=Guest,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)> CN=Guest,CN=Users,DC=acasta,DC=intra:
>>> uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result(): end of results (4
>>> total)
>>>
>>> The full nslcd.conf is here:
>>>
>>> uid nslcd
>>> gid nslcd
>>> uri ldap://kepler.acasta.intra/
>>> base CN=Users,DC=acasta,DC=intra
>>> binddn CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>> bindpw xxxxxxxx
>>> pagesize 1000
>>> referrals off
>>> filter  passwd  (objectClass=user)
>>> filter  group   (objectClass=group)
>>> map     passwd  uid                sAMAccountName
>>> map     passwd  homeDirectory      unixHomeDirectory
>>> map     passwd  gecos              displayName
>>> map     passwd  gidNumber          primaryGroupID
>>> map     passwd  uidNumber          uidNumber
>>> #map     group   uniqueMember       member
>>>
>>>
>>>
>>>
>> Have you given your users the rfc2307 attributes (including uidNumber) ??
>>
>> Rowland
>>
> I'm not sure I understand the question?  My smb.conf has the line:
> 
> idmap_ldb:use rfc2307 = yes
> 
> When I create a domain account then they should just automatically get
> those?
> 
> 
> 
> 
> 

No, you have to assign the uidNumber, gidNumber, etc. to each account
and group. If you're using RSAT to manage users, you'll need Server for
NIS Tools installed.

-- 
John Yocum, Systems Administrator, DEOHS

More information about the samba mailing list