[Samba] Trouble getting uids from nslcd
Peter Serbe
peter at serbe.ch
Mon Sep 8 20:34:13 MDT 2014
Dear Group,
I want to establish a AD controller for my home network on a
Raspberry Pi. I use Raspbian Wheezy and installed Bind 9.9.5
and Samba 4.1.12 from the sources (applying some spare patience...).
I used these commands for configure and provisioning:
./configure --prefix=/usr/local/samba \
--with-piddir=/usr/local/samba/var/run \
--with-syslog \
--with-quotas \
--with-acl-support \
--enable-debug \
--enable-selftest
and
samba-tool domain provision --use-rfc2307 --interactive .
Everything went relatively smooth, but I am totally stuck
while trying to get the domain users to the local system.
I decided to use nslcd and followed the corresponding
wiki page. The command 'getent passwd' simply doesn't show
the domain users, and I narrowed down the problem.
In the daemon.log I see:
Sep 9 04:00:10 charon nslcd[3045]: [8b4567] <passwd(all)>
CN=CHARON,OU=Domain Controllers,DC=serbe,DC=lokal:
sAMAccountName: non-numeric
Sep 9 04:00:10 charon nslcd[3045]: [8b4567] <passwd(all)>
CN=Administrator,CN=Users,DC=serbe,DC=lokal:
sAMAccountName: non-numeric
...
The reason can be found in the nslcd.conf
...
map passwd uid sAMAccountName
...
I used ldbsearch to read the data records containing the
information on the users
ldbsearch -H st/dc/private/sam.ldb '(objectclass=person)'
and found that there is no field, which would be readily
suited to serve as uid. Especially the sAMAcountName, which
is in the wiki is used to derive the uid, is a text
string, e.g. dns-server1 or Administrator and the like.
So my question is: is there an easy way, to get a suitable
field, or is there any other trick, to make nslcd to
get me uid's?
Needless to say, that a solution would
preferred, that would not require to recompile the
sources (it takes about 8 hours on the Raspi).
Doing a new provisioning is no problem. But then some
guidance would be welcomed, on which data to delete
in order to get a clean provisioning output.
The AD controller will later be joined by a pretty
powerful (and power hungry) file server. Only the Raspi
will be switched on 24/7, and that's why DNS and AD
are there.
Best regards
Peter
More information about the samba
mailing list