[Samba] Cannot bind to AD using nslcd

Rob Mason rob.mason at acasta.co.uk
Wed Nov 19 11:35:58 MST 2014


On 19/11/2014 18:31, Rowland Penny wrote:
> On 19/11/14 18:17, Rob Mason wrote:
>> On 19/11/2014 18:03, Rowland Penny wrote:
>>> On 19/11/14 17:45, Rob Mason wrote:
>>>> A little further forward!  I've re-provisioned the domain and
>>>> re-created
>>>> the new 'nslcd-connect' user just to be sure.
>>>>
>>>> 'binddn' is now working - but is complaining about 'uidNumber'. I
>>>> think
>>>> this is now just a mapping issue.  Anyone??
>>>>
>>>> nslcd: [495cff] <passwd(all)> DEBUG:
>>>> myldap_search(base="CN=Users,DC=acasta,DC=intra",
>>>> filter="(objectClass=user)")
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>>> CN=Administrator,CN=Users,DC=acasta,DC=intra
>>>> nslcd: [495cff] <passwd(all)>
>>>> CN=Administrator,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>>> nslcd: [495cff] <passwd(all)>
>>>> CN=nslcd-connect,CN=Users,DC=acasta,DC=intra: uidNumber: missing
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>>> CN=krbtgt,CN=Users,DC=acasta,DC=intra
>>>> nslcd: [495cff] <passwd(all)> CN=krbtgt,CN=Users,DC=acasta,DC=intra:
>>>> uidNumber: missing
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result():
>>>> CN=Guest,CN=Users,DC=acasta,DC=intra
>>>> nslcd: [495cff] <passwd(all)> CN=Guest,CN=Users,DC=acasta,DC=intra:
>>>> uidNumber: missing
>>>> nslcd: [495cff] <passwd(all)> DEBUG: ldap_result(): end of results (4
>>>> total)
>>>>
>>>> The full nslcd.conf is here:
>>>>
>>>> uid nslcd
>>>> gid nslcd
>>>> uri ldap://kepler.acasta.intra/
>>>> base CN=Users,DC=acasta,DC=intra
>>>> binddn CN=nslcd-connect,CN=Users,DC=acasta,DC=intra
>>>> bindpw xxxxxxxx
>>>> pagesize 1000
>>>> referrals off
>>>> filter  passwd  (objectClass=user)
>>>> filter  group   (objectClass=group)
>>>> map     passwd  uid                sAMAccountName
>>>> map     passwd  homeDirectory      unixHomeDirectory
>>>> map     passwd  gecos              displayName
>>>> map     passwd  gidNumber          primaryGroupID
>>>> map     passwd  uidNumber          uidNumber
>>>> #map     group   uniqueMember       member
>>>>
>>>>
>>>>
>>>>
>>> Have you given your users the rfc2307 attributes (including
>>> uidNumber) ??
>>>
>>> Rowland
>>>
>> I'm not sure I understand the question?  My smb.conf has the line:
>>
>> idmap_ldb:use rfc2307 = yes
>>
>> When I create a domain account then they should just automatically get
>> those?
>>
>>
>>
>>
>>
> I wish, no you have to add them yourself, either via a script or with
> ADUC.
>
> I don't think that you are going to get much further until you add them.
>
> I would suggest that you peruse the samba wiki and Steves blog:
> http://linuxcostablanca.blogspot.co.uk/p/samba-4.html
>
> Rowland
>
Thanks Rowland - the light is starting to glow!





More information about the samba mailing list