[Samba] SSSD - inconsistent UIDs - was: Trouble getting uids from nslcd
Peter Serbe
peter at serbe.ch
Thu Sep 18 04:23:24 MDT 2014
I followed the advice from Arun, with some mixed success.
For a couple of days I had no success, while constantly
seeing that 'getent passwd' did not list domain users, but
# getent passwd administrator
administrator:*:1855200500:1855200513:Administrator:/home/Administrator:/bin/sh
Finally I got 'getent passwd' working by adding
enumerate = true
to the sssd.conf file *). Apparently this is a bug in sssd,
which may or may not occur. Maybe it would be a good idea,
to add a hint to the wiki documentation, that this option
might be a try when troubleshooting sssd.
But now I see another strange thing: I did deleted my
domain account and added again - but even after a series
of rebooting setfacl uses the old uid. I did delete the
SSSD cache at /var/lib/sss/db/, but this did not have any
effect.
Are there any other places, where I should delete something?
Do I need to disable the idmap_ldb:use rfc2307 entry in
smb.conf? Or would it be best to reprovision samba and
start all over?
Thank You in advance!
Peter
*) got it from here:
http://unixspace.wordpress.com/2013/08/20/rhel-6-system-security-services-daemon-sssd-getent-not-showing-all-ldap-accounts/
Arun Khan schrieb am 09.09.2014 21:55:
> On Tue, Sep 9, 2014 at 8:04 AM, Peter Serbe <peter at serbe.ch> wrote:
>>..
>>
>> The reason can be found in the nslcd.conf
>>
>> ...
>> map passwd uid sAMAccountName
>> ...
>
> Suggest use sssd in place of nslcd. I have posted a copy of my
> sssd.conf that binds to LDAP (Samba4) in a post.
>
> -- Arun Khan
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list