[Samba] Cannot bind to AD using nslcd

Rob Mason rob.mason at acasta.co.uk
Wed Nov 19 11:31:57 MST 2014 

On 19/11/2014 18:19, John Yocum wrote:
> On 11/19/2014 10:17 AM, Rob Mason wrote:
>> On 19/11/2014 18:03, Rowland Penny wrote:
>>> On 19/11/14 17:45, Rob Mason wrote:
>>>> A little further forward!  I've re-provisioned the domain and re-created
>>>> the new 'nslcd-connect' user just to be sure.
>>>>
>>>> 'binddn' is now working - but is complaining about 'uidNumber'. I think
>>>> this is now just a mapping issue.  Anyone??
>>>>
>>>> nslcd: [495cff] <passwd(all)> DEBUG:
>>>> myldap_search(base="CN=Users,DC=acasta,DC=intra",
>>>> filter="(objectClass=user)")
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>>> CN=Administrator,CN=Users,DC=acasta,DC=intra
>>>> nslcd: [495cff] <passwd(all)>
>>>> CN=Administrator,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>>> nslcd: [495cff] <passwd(all)>
>>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>>> CN=krbtgt,CN=Users,DC=acasta,DC=intra
>>>> nslcd: [495cff] <passwd(all)> CN=krbtgt,CN=Users,DC=acasta,DC=intra:
>>>> uidNumber: missing
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>>> CN=Guest,CN=Users,DC=acasta,DC=intra
>>>> nslcd: [495cff] <passwd(all)> CN=Guest,CN=Users,DC=acasta,DC=intra:
>>>> uidNumber: missing
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result(): end of results (4
>>>> total)
>>>>
>>>> The full nslcd.conf is here:
>>>>
>>>> uid nslcd
>>>> gid nslcd
>>>> uri ldap://kepler.acasta.intra/
>>>> base CN=Users,DC=acasta,DC=intra
>>>> binddn CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>>> bindpw xxxxxxxx
>>>> pagesize 1000
>>>> referrals off
>>>> filter  passwd  (objectClass=user)
>>>> filter  group   (objectClass=group)
>>>> map     passwd  uid                sAMAccountName
>>>> map     passwd  homeDirectory      unixHomeDirectory
>>>> map     passwd  gecos              displayName
>>>> map     passwd  gidNumber          primaryGroupID
>>>> map     passwd  uidNumber          uidNumber
>>>> #map     group   uniqueMember       member
>>>>
>>>>
>>>>
>>>>
>>> Have you given your users the rfc2307 attributes (including uidNumber) ??
>>>
>>> Rowland
>>>
>> I'm not sure I understand the question?  My smb.conf has the line:
>>
>> idmap_ldb:use rfc2307 = yes
>>
>> When I create a domain account then they should just automatically get
>> those?
>>
>>
>>
>>
>>
> No, you have to assign the uidNumber, gidNumber, etc. to each account
> and group. If you're using RSAT to manage users, you'll need Server for
> NIS Tools installed.
>
Thanks John - I'll investigate that.

More information about the samba mailing list