[Samba] Discrepancies in getent passwd
John Lewis
oflameo2 at gmail.com
Thu Oct 23 17:48:32 MDT 2014
On 10/23/2014 12:20 PM, John Lewis wrote:
> Let me try again
>
> dictator at keep:~$ sudo cat /etc/nslcd.conf
> # /etc/nslcd.conf
> # nslcd configuration file. See nslcd.conf(5)
> # for details.
>
> # The user and group nslcd should run as.
> uid nslcd
> gid nslcd
>
> # The location at which the LDAP server(s) should be reachable.
> uri ldap://192.168.2.2:389
>
> # The search base that will be used for all queries.
> base dc=d,dc=oflameo,dc=com
>
> # Some seting for AD
> pagesize 1000
> referrals off
>
> # Filters (only required if your accounts doesn't have
> objectClass=posixAccount
> # and your groups haven't objectClass=posixGroup. This objectClasses
> won't be added
> # by ADUC. So they won't be there automatically!)
> filter passwd (objectClass=user)
> filter group (objectClass=group)
>
> # Attribut mappings (depending on your nslcd version, some might not be
> # necessary or can cause errors and can/must be removed)
> map passwd uid sAMAccountName
> map passwd uidNumber uidNumber
> map passwd loginShell loginShell
> map passwd homeDirectory unixHomeDirectory
> map passwd gecos displayName
> map passwd gidNumber primaryGroupID
> map group member member
>
> # Kerberos
> #sasl_mech GSSAPI
> #sasl_realm D.OFLAMEO.COM
> #krb5_ccname /tmp/nslcd.tkt
>
> # The LDAP protocol version to use.
> #ldap_version 3
>
> # LDAP bind (Account in AD that is used from nslcd to bind to the directory)
> binddn cn=ldap-connect,cn=Users,dc=d,dc=oflameo,dc=com
> bindpw [redacted]
>
> # The DN used for password modifications by root.
> #rootpwmoddn cn=admin,cn=Users,dc=d,dc=oflameo,dc=com
>
> # SSL options
> #ssl off
> #tls_reqcert never
>
> # The search scope.
> #scope sub
>
> dictator at drakeburner:~$ sudo cat /etc/nslcd.conf
> # /etc/nslcd.conf
> # nslcd configuration file. See nslcd.conf(5)
> # for details.
>
> # The user and group nslcd should run as.
> uid nslcd
> gid nslcd
>
> # The location at which the LDAP server(s) should be reachable.
> uri ldap://127.0.0.1:389
>
> # The search base that will be used for all queries.
> base dc=d,dc=oflameo,dc=com
>
> # Some seting for AD
> pagesize 1000
> referrals off
>
> # Filters (only required if your accounts doesn't have
> objectClass=posixAccount
> # and your groups haven't objectClass=posixGroup. This objectClasses
> won't be added
> # by ADUC. So they won't be there automatically!)
> filter passwd (objectClass=user)
> filter group (objectClass=group)
>
> # Attribut mappings (depending on your nslcd version, some might not be
> # necessary or can cause errors and can/must be removed)
> map passwd uid sAMAccountName
> map passwd uidNumber uidNumber
> map passwd loginShell loginShell
> map passwd homeDirectory unixHomeDirectory
> map passwd gecos displayName
> map passwd gidNumber primaryGroupID
> map group member member
>
> # Kerberos
> #sasl_mech GSSAPI
> #sasl_realm D.OFLAMEO.COM
> #krb5_ccname /tmp/nslcd.tkt
>
> # The LDAP protocol version to use.
> #ldap_version 3
>
> # LDAP bind (Account in AD that is used from nslcd to bind to the directory)
> binddn cn=ldap-connect,cn=Users,dc=d,dc=oflameo,dc=com
> bindpw [redacted]
>
> # The DN used for password modifications by root.
> #rootpwmoddn cn=administrator,cn=Users,dc=d,dc=oflameo,dc=com
>
> # SSL options
> #ssl off
> #tls_reqcert never
>
> # The search scope.
> #scope sub
>
>
> dictator at keep:~$ getent passwd | grep ldap-connect
> ldap-connect:*:10000:513:::/usr/sbin/nologin
> dictator at keep:~$ getent passwd ldap-connect
> ldap-connect:*:10000:513:::/bin/sh
>
> dictator at drakeburner:~$ getent passwd | grep ldap-connect
> ldap-connect:*:10000:513:::/usr/sbin/nologin
> dictator at drakeburner:~$ getent passwd ldap-connect
> ldap-connect:*:10000:513:::/usr/sbin/nologin
>
> Everything works right on the samba ad dc server drakeburner.
>
I figured it out. It was a caching issue. I waited a little and it is
working. I think I can rush the process by restarting nscd and nslcd.
More information about the samba
mailing list