[Samba] Discrepancies in getent passwd

John Lewis oflameo2 at gmail.com
Thu Oct 23 10:20:20 MDT 2014


Let me try again

dictator at keep:~$ sudo cat /etc/nslcd.conf
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://192.168.2.2:389

# The search base that will be used for all queries.
base dc=d,dc=oflameo,dc=com

# Some seting for AD
pagesize 1000
referrals off

# Filters (only required if your accounts doesn't have
objectClass=posixAccount
# and your groups haven't objectClass=posixGroup. This objectClasses
won't be added
# by ADUC. So they won't be there automatically!)
filter  passwd  (objectClass=user)
filter  group   (objectClass=group)

# Attribut mappings (depending on your nslcd version, some might not be
# necessary or can cause errors and can/must be removed)
map     passwd  uid                sAMAccountName
map     passwd  uidNumber          uidNumber
map     passwd  loginShell         loginShell
map     passwd  homeDirectory      unixHomeDirectory
map     passwd  gecos              displayName
map     passwd  gidNumber          primaryGroupID
map     group   member             member

# Kerberos
#sasl_mech GSSAPI
#sasl_realm D.OFLAMEO.COM
#krb5_ccname /tmp/nslcd.tkt

# The LDAP protocol version to use.
#ldap_version 3

# LDAP bind (Account in AD that is used from nslcd to bind to the directory)
binddn cn=ldap-connect,cn=Users,dc=d,dc=oflameo,dc=com
bindpw [redacted]

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,cn=Users,dc=d,dc=oflameo,dc=com

# SSL options
#ssl off
#tls_reqcert never

# The search scope.
#scope sub

dictator at drakeburner:~$ sudo cat /etc/nslcd.conf
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://127.0.0.1:389

# The search base that will be used for all queries.
base dc=d,dc=oflameo,dc=com

# Some seting for AD
pagesize 1000
referrals off

# Filters (only required if your accounts doesn't have
objectClass=posixAccount
# and your groups haven't objectClass=posixGroup. This objectClasses
won't be added
# by ADUC. So they won't be there automatically!)
filter  passwd  (objectClass=user)
filter  group   (objectClass=group)

# Attribut mappings (depending on your nslcd version, some might not be
# necessary or can cause errors and can/must be removed)
map     passwd  uid                sAMAccountName
map     passwd  uidNumber          uidNumber
map     passwd  loginShell         loginShell
map     passwd  homeDirectory      unixHomeDirectory
map     passwd  gecos              displayName
map     passwd  gidNumber          primaryGroupID
map     group   member             member

# Kerberos
#sasl_mech GSSAPI
#sasl_realm D.OFLAMEO.COM
#krb5_ccname /tmp/nslcd.tkt

# The LDAP protocol version to use.
#ldap_version 3

# LDAP bind (Account in AD that is used from nslcd to bind to the directory)
binddn cn=ldap-connect,cn=Users,dc=d,dc=oflameo,dc=com
bindpw [redacted]

# The DN used for password modifications by root.
#rootpwmoddn cn=administrator,cn=Users,dc=d,dc=oflameo,dc=com

# SSL options
#ssl off
#tls_reqcert never

# The search scope.
#scope sub


dictator at keep:~$ getent passwd | grep ldap-connect
ldap-connect:*:10000:513:::/usr/sbin/nologin
dictator at keep:~$ getent passwd ldap-connect
ldap-connect:*:10000:513:::/bin/sh

dictator at drakeburner:~$ getent passwd | grep ldap-connect
ldap-connect:*:10000:513:::/usr/sbin/nologin
dictator at drakeburner:~$ getent passwd ldap-connect
ldap-connect:*:10000:513:::/usr/sbin/nologin

Everything works right on the samba ad dc server drakeburner.



More information about the samba mailing list