[Samba] FW: LDAP getent issues
Praveen Ghimire
PGhimire at sundata.com.au
Sun Apr 8 05:55:18 UTC 2018
Hi,
I've gone through the following link about member server and also the samba 3 by example and can confirm that nsdc is not enabled.
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
We are having some issues with LDAP authentication. Here is our setup
PDC and LDAP(samba classic) = dc01
SambaClassic domain = stdom
Member server = fs01
We migrated from TDB to LDAP. The old TDB users are able to login to the domain and access file shares without issues. Any new user created in LDAP is not able to access the shares. When trying to create shared drives for the new users in fs01 we get
chown: invalid user: `stdom\\ldaptest01:stdom\\domain users'
the smb.conf for fs01 is
Global parameters
[global]
workgroup = stdom
netbios name = fs01
security = domain
wins server = 192.168.1.18
# password server = 192.168.1.18
local master = no
domain master = no
preferred master = no
domain logons = no
passdb backend = ldapsam:ldap://192.168.1.18
ldap admin dn = cn=admin,dc=stdom
ldap suffix = dc=stdom
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=users
idmap backend = ldap
ldap idmap suffix = ou=idmap
idmap config * : backend = ldap
idmap config * : range = 20000-29999
idmap config * : ldap_url = ldap://192.168.1.18
idmap config * : ldap_base_dn = ou=idmap,dc=stdom
idmap config * : ldap_user_dn = cn=admin,dc=stdom
ldap delete dn = no
#ldap password sync = yes
ldap ssl = off
#winbind expand groups = 1
#winbind trusted domains only = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
the /etc/nsswitch.conf is
#passwd: compat
#group: compat
shadow: compat
passwd: winbind files
group: winbind files
We have tried the files winbind too
Other info:
- The getent passwd and group seem to be listing outputs from the local passwd and group
- fs01 is joined to the pdc using net rpc join.
- getent password doesn't list the new users.
- wbinfo -u list all the users in LDAP
- we are using lib-nss in PDC to authenticate the users
- ufw is disabled in both
Any suggestions?
Regards,
Praveen Ghimire
More information about the samba
mailing list