[Samba] Trouble getting uids from nslcd

Rowland Penny rowlandpenny at googlemail.com
Tue Sep 9 03:26:07 MDT 2014

On 09/09/14 03:34, Peter Serbe wrote:
> Dear Group,
> I want to establish a AD controller for my home network on a
> Raspberry Pi. I use Raspbian Wheezy and installed Bind 9.9.5
> and Samba 4.1.12 from the sources (applying some spare patience...).
> I used these commands for configure and provisioning:
> ./configure --prefix=/usr/local/samba \
>              --with-piddir=/usr/local/samba/var/run \
>              --with-syslog \
>              --with-quotas \
>              --with-acl-support \
>              --enable-debug \
>              --enable-selftest
Hi, as most of the above are the defaults, you could just have 
configured with:

./configure --enable-debug --enable-selftest

but having said that, unless you are expecting problems and will need to 
debug samba, you might as well have gone:


> and
> samba-tool domain provision --use-rfc2307 --interactive   .
> Everything went relatively smooth, but I am totally stuck
> while trying to get the domain users to the local system.
> I decided to use nslcd and followed the corresponding
> wiki page. The command 'getent passwd' simply doesn't show
> the domain users, and I narrowed down the problem.
> In the daemon.log I see:
> Sep  9 04:00:10 charon nslcd[3045]: [8b4567] <passwd(all)>
>    CN=CHARON,OU=Domain Controllers,DC=serbe,DC=lokal:
>    sAMAccountName: non-numeric
> Sep  9 04:00:10 charon nslcd[3045]: [8b4567] <passwd(all)>
>    CN=Administrator,CN=Users,DC=serbe,DC=lokal:
>    sAMAccountName: non-numeric
> ...
> The reason can be found in the nslcd.conf
> ...
> map     passwd  uid                sAMAccountName
> ...
> I used ldbsearch to read the data records containing the
> information on the users
> ldbsearch -H st/dc/private/sam.ldb '(objectclass=person)'

So you set the install prefix to '/usr/local/samba' and are not 
searching the correct place, you should be searching in 
> and found that there is no field, which would be readily
> suited to serve as uid. Especially the sAMAcountName, which
> is in the wiki is used to derive the uid, is a text
> string, e.g. dns-server1 or Administrator and the like.
This is because you are mistaking 'uid' for 'uidNumber'. 'uid' is indeed 
used for the users name, 'uidNumber' is the field you are looking for, 
this holds the RFC2307 id number of the user.

> So my question is: is there an easy way, to get a suitable
> field, or is there any other trick, to make nslcd to
> get me uid's?
If you must use nlscd, have a look here:


> Needless to say, that a solution would
> preferred, that would not require to recompile the
> sources (it takes about 8 hours on the Raspi).
> Doing a new provisioning is no problem. But then some
> guidance would be welcomed, on which data to delete
> in order to get a clean provisioning output.

You shouldn't have to recompile, just use the right path to the database ;-)

> The AD controller will later be joined by a pretty
> powerful (and power hungry) file server. Only the Raspi
> will be switched on 24/7, and that's why DNS and AD
> are there.
> Best regards
> Peter

More information about the samba mailing list