[Samba] LDAP getent issues

Rowland Penny rpenny at samba.org
Sat Apr 7 15:05:46 UTC 2018


On Fri, 6 Apr 2018 07:07:24 +0000
Praveen Ghimire via samba <samba at lists.samba.org> wrote:

> Hi,
> 
> We are having some issues with LDAP authentication. Here is  our setup
> 
> PDC  and LDAP(samba classic) = dc01
> SambaClassic domain =  stdom
> Member server = fs01
> 
> -          fs01 is joined to the pdc using net rpc join.
> -          getent password doesn't list the new users.
> -          wbinfo -u list all the users in LDAP
> -          we are using lib-nss in PDC to authenticate the users
> -          ufw is disabled in both
> 

I can confirm that a Unix domain member of an NT4-style domain doesn't
work for users, groups yes, users no.

I have tried every permutation of 'idmap config' lines I can think of
including the deprecated 'idmap uid & idmap gid'. Most of the time
'winbind' crashed, but this probably down to the settings in smb.conf,
even though 'testparm' showed no errors.

One very strange thing I had to do (and I have never had to do before),
I had to set the 'netbios name' to the same value as the 'workgroup'
parameter. Without this, neither 'wbinfo -u' or 'wbinfo -g' worked.

The reason seems to be that 'winbind' cannot find a Unix account for
the users. Adding a Unix user doesn't help either.

Rowland



More information about the samba mailing list