[Samba] Trouble getting uids from nslcd

Peter Serbe peter at serbe.ch
Mon Sep 8 20:34:13 MDT 2014

Dear Group, 

I want to establish a AD controller for my home network on a 
Raspberry Pi. I use Raspbian Wheezy and installed Bind 9.9.5 
and Samba 4.1.12 from the sources (applying some spare patience...). 

I used these commands for configure and provisioning:

./configure --prefix=/usr/local/samba \
            --with-piddir=/usr/local/samba/var/run \
            --with-syslog \
            --with-quotas \
            --with-acl-support \
            --enable-debug \


samba-tool domain provision --use-rfc2307 --interactive   .

Everything went relatively smooth, but I am totally stuck 
while trying to get the domain users to the local system. 
I decided to use nslcd and followed the corresponding 
wiki page. The command 'getent passwd' simply doesn't show 
the domain users, and I narrowed down the problem. 

In the daemon.log I see:

Sep  9 04:00:10 charon nslcd[3045]: [8b4567] <passwd(all)> 
  CN=CHARON,OU=Domain Controllers,DC=serbe,DC=lokal: 
  sAMAccountName: non-numeric
Sep  9 04:00:10 charon nslcd[3045]: [8b4567] <passwd(all)> 
  sAMAccountName: non-numeric

The reason can be found in the nslcd.conf

map     passwd  uid                sAMAccountName

I used ldbsearch to read the data records containing the 
information on the users

ldbsearch -H st/dc/private/sam.ldb '(objectclass=person)'

and found that there is no field, which would be readily 
suited to serve as uid. Especially the sAMAcountName, which 
is in the wiki is used to derive the uid, is a text 
string, e.g. dns-server1 or Administrator and the like. 

So my question is: is there an easy way, to get a suitable 
field, or is there any other trick, to make nslcd to 
get me uid's?

Needless to say, that a solution would 
preferred, that would not require to recompile the 
sources (it takes about 8 hours on the Raspi). 
Doing a new provisioning is no problem. But then some 
guidance would be welcomed, on which data to delete 
in order to get a clean provisioning output. 

The AD controller will later be joined by a pretty 
powerful (and power hungry) file server. Only the Raspi 
will be switched on 24/7, and that's why DNS and AD 
are there. 

Best regards

More information about the samba mailing list