[Samba] Cannot bind to AD using nslcd

Rowland Penny rowlandpenny at googlemail.com
Wed Nov 19 11:31:34 MST 2014 

On 19/11/14 18:17, Rob Mason wrote:
> On 19/11/2014 18:03, Rowland Penny wrote:
>> On 19/11/14 17:45, Rob Mason wrote:
>>> A little further forward!  I've re-provisioned the domain and re-created
>>> the new 'nslcd-connect' user just to be sure.
>>>
>>> 'binddn' is now working - but is complaining about 'uidNumber'. I think
>>> this is now just a mapping issue.  Anyone??
>>>
>>> nslcd: [495cff] <passwd(all)> DEBUG:
>>> myldap_search(base="CN=Users,DC=acasta,DC=intra",
>>> filter="(objectClass=user)")
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=Administrator,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)>
>>> CN=Administrator,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)>
>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=krbtgt,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)> CN=krbtgt,CN=Users,DC=acasta,DC=intra:
>>> uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>> CN=Guest,CN=Users,DC=acasta,DC=intra
>>> nslcd: [495cff] <passwd(all)> CN=Guest,CN=Users,DC=acasta,DC=intra:
>>> uidNumber: missing
>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result(): end of results (4
>>> total)
>>>
>>> The full nslcd.conf is here:
>>>
>>> uid nslcd
>>> gid nslcd
>>> uri ldap://kepler.acasta.intra/
>>> base CN=Users,DC=acasta,DC=intra
>>> binddn CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>> bindpw xxxxxxxx
>>> pagesize 1000
>>> referrals off
>>> filter  passwd  (objectClass=user)
>>> filter  group   (objectClass=group)
>>> map     passwd  uid                sAMAccountName
>>> map     passwd  homeDirectory      unixHomeDirectory
>>> map     passwd  gecos              displayName
>>> map     passwd  gidNumber          primaryGroupID
>>> map     passwd  uidNumber          uidNumber
>>> #map     group   uniqueMember       member
>>>
>>>
>>>
>>>
>> Have you given your users the rfc2307 attributes (including uidNumber) ??
>>
>> Rowland
>>
> I'm not sure I understand the question?  My smb.conf has the line:
>
> idmap_ldb:use rfc2307 = yes
>
> When I create a domain account then they should just automatically get
> those?
>
>
>
>
>
I wish, no you have to add them yourself, either via a script or with ADUC.

I don't think that you are going to get much further until you add them.

I would suggest that you peruse the samba wiki and Steves blog: 
http://linuxcostablanca.blogspot.co.uk/p/samba-4.html

Rowland

More information about the samba mailing list