[Samba] Cannot bind to AD using nslcd
Rowland Penny
rowlandpenny at googlemail.com
Wed Nov 19 11:31:34 MST 2014
On 19/11/14 18:17, Rob Mason wrote:
> On 19/11/2014 18:03, Rowland Penny wrote:
>> On 19/11/14 17:45, Rob Mason wrote:
>>> A little further forward! I've re-provisioned the domain and re-created
>>> the new 'nslcd-connect' user just to be sure.
>>>
>>> 'binddn' is now working - but is complaining about 'uidNumber'. I think
>>> this is now just a mapping issue. Anyone??
>>>
>>> nslcd: [495cff] <passwd(all)> DEBUG:
>>> myldap_search(base="CN=Users,DC=acasta,DC=intra",
>>> filter="(objectClass=user)")
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=Administrator,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)>
>>> CN=Administrator,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)>
>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=krbtgt,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)> CN=krbtgt,CN=Users,DC=acasta,DC=intra:
>>> uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=Guest,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)> CN=Guest,CN=Users,DC=acasta,DC=intra:
>>> uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result(): end of results (4
>>> total)
>>>
>>> The full nslcd.conf is here:
>>>
>>> uid nslcd
>>> gid nslcd
>>> uri ldap://kepler.acasta.intra/
>>> base CN=Users,DC=acasta,DC=intra
>>> binddn CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>> bindpw xxxxxxxx
>>> pagesize 1000
>>> referrals off
>>> filter passwd (objectClass=user)
>>> filter group (objectClass=group)
>>> map passwd uid sAMAccountName
>>> map passwd homeDirectory unixHomeDirectory
>>> map passwd gecos displayName
>>> map passwd gidNumber primaryGroupID
>>> map passwd uidNumber uidNumber
>>> #map group uniqueMember member
>>>
>>>
>>>
>>>
>> Have you given your users the rfc2307 attributes (including uidNumber) ??
>>
>> Rowland
>>
> I'm not sure I understand the question? My smb.conf has the line:
>
> idmap_ldb:use rfc2307 = yes
>
> When I create a domain account then they should just automatically get
> those?
>
>
>
>
>
I wish, no you have to add them yourself, either via a script or with ADUC.
I don't think that you are going to get much further until you add them.
I would suggest that you peruse the samba wiki and Steves blog:
http://linuxcostablanca.blogspot.co.uk/p/samba-4.html
Rowland
More information about the samba
mailing list