[Samba] Winbind and nss-ldap
Rob Thoman
emailthomasrob at gmail.com
Wed Oct 3 06:01:29 UTC 2018
Hi Guys,
Have some issues with winbind and nss-ldap in LDAP based NT4 BDC/fileserver
The DC has the LDAP server role and the BDC connects to it for
authentication.
smb.conf of the BDC
netbios name = TRAC5
local master = no
domain master = no
preferred master = no
domain logons = no
passdb backend = ldapsam:ldap://trac15.ste.com
ldap admin dn = cn=admin,dc=ste,d=com
ldap suffix = dc=ste
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=users
idmap backend = ldap
ldap idmap suffix = ou=idmap
idmap config * : ldap_url = ldap://trac15.ste
idmap config * : ldap_base_dn = ou=idmap,dc=ste,dc=com
idmap config * : ldap_user_dn = cn=admin,dc=ste,dc=com
ldap delete dn = no
ldap ssl = start tls
We've setup libnss-ldap in the servers (both trac15 and trac5)
When we enable winbind service, we get the following error
user 'asmith' (from session setup) not permitted to access this share
(dataldap). In the actual client when you open the share, it prompts for
the login creds again and again
When the winbind is disabled,
The user is able to login and access the shares. The issue seems to be with
the folder permissions. The /home drive is setup with 700 as the mask and
the folder permission in smb.conf. The user can create folders but not
rename them. They can create a text file but not rename them. It comes with
the You need permission from a the following user to make changes. The SID
presented is the SID of the user in LDAP
We have removed and added back the user in the /etc/passwd file in the
fileserver. If we remove it the getent passwd doesn't recoginse the user.
Our nsswitch.conf has files ldap
So basically at this stage we are disabling winbind to get LDAP working
Thank you,
RT
More information about the samba
mailing list