[Samba] LDAP getent issues
rpenny at samba.org
Sat Apr 7 15:05:46 UTC 2018
On Fri, 6 Apr 2018 07:07:24 +0000
Praveen Ghimire via samba <samba at lists.samba.org> wrote:
> We are having some issues with LDAP authentication. Here is our setup
> PDC and LDAP(samba classic) = dc01
> SambaClassic domain = stdom
> Member server = fs01
> - fs01 is joined to the pdc using net rpc join.
> - getent password doesn't list the new users.
> - wbinfo -u list all the users in LDAP
> - we are using lib-nss in PDC to authenticate the users
> - ufw is disabled in both
I can confirm that a Unix domain member of an NT4-style domain doesn't
work for users, groups yes, users no.
I have tried every permutation of 'idmap config' lines I can think of
including the deprecated 'idmap uid & idmap gid'. Most of the time
'winbind' crashed, but this probably down to the settings in smb.conf,
even though 'testparm' showed no errors.
One very strange thing I had to do (and I have never had to do before),
I had to set the 'netbios name' to the same value as the 'workgroup'
parameter. Without this, neither 'wbinfo -u' or 'wbinfo -g' worked.
The reason seems to be that 'winbind' cannot find a Unix account for
the users. Adding a Unix user doesn't help either.
More information about the samba