[Samba] FW: LDAP getent issues

Praveen Ghimire PGhimire at sundata.com.au
Sun Apr 8 05:55:18 UTC 2018


Hi,

I've gone through the following link about member server and also the samba 3 by example and can confirm that nsdc is not enabled.
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member


We are having some issues with LDAP authentication. Here is  our setup

PDC  and LDAP(samba classic) = dc01
SambaClassic domain =  stdom
Member server = fs01

We migrated from TDB to LDAP. The old TDB users are able to login to the domain and access file shares without issues. Any new user created in LDAP is not able to access the shares. When trying to create shared drives for the new users in fs01 we get
chown: invalid user: `stdom\\ldaptest01:stdom\\domain users'

the smb.conf for fs01 is
Global parameters
[global]
        workgroup = stdom
        netbios name = fs01
        security = domain
         wins server = 192.168.1.18
#       password server = 192.168.1.18
                local master = no
    domain master = no
    preferred master = no
    domain logons = no
  passdb backend = ldapsam:ldap://192.168.1.18
  ldap admin dn = cn=admin,dc=stdom
  ldap suffix = dc=stdom
  ldap group suffix = ou=groups
  ldap machine suffix = ou=computers
  ldap user suffix = ou=users
  idmap backend = ldap
  ldap idmap suffix = ou=idmap
  idmap config * : backend = ldap
  idmap config * : range = 20000-29999
  idmap config * : ldap_url = ldap://192.168.1.18
  idmap config * : ldap_base_dn = ou=idmap,dc=stdom
  idmap config * : ldap_user_dn = cn=admin,dc=stdom
  ldap delete dn = no
  #ldap password sync = yes
  ldap ssl = off
#winbind expand groups = 1
#winbind trusted domains only = yes
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes

the /etc/nsswitch.conf is
#passwd:         compat
#group:          compat
shadow:         compat
passwd:         winbind files
group:          winbind files

We have tried the files winbind too

Other info:


-          The getent passwd and group seem to be listing outputs from the local passwd and group

-          fs01 is joined to the pdc using net rpc join.

-          getent password doesn't list the new users.

-          wbinfo -u list all the users in LDAP

-          we are using lib-nss in PDC to authenticate the users

-          ufw is disabled in both



Any suggestions?


Regards,

Praveen Ghimire



More information about the samba mailing list