On Thu, 2005-12-08 at 23:42 +0100, WebMaster wrote:
> El Jueves, 8 de Diciembre de 2005 15:53, Josh Kelley escribió:
> > Did you make sure to set rootbinddn in /etc/ldap.conf and the root
> > password in /etc/ldap.secret? Otherwise, getent shadow runs as an
> > unprivileged user, even as root. Did you check permissions on
> > /etc/ldap.secret (should be mode 0600)?

> Ooops, I had 0644 for /etc/ldap.secret. May it be the problem?

No - as long as root can read the file, it's not a problem.

It is however - REALLY BAD IDEA - to have /etc/ldap.secret anything
other than 0600. It lets everyone one in the world read your rootbinddn
> I have to wait
> monday for having access to XP machines, now I only can get ssh access.
> I can not understand why, if I copy the user data to /etc/passwd from ldap,
> (not /etc/shadow ) the user can log in, and when I delete the user
> from /etc/passwd I get a getpwnam failure. But I can use usrmgr.exe and
> smbclient works with the user data in ldap only, with no warning.
> I have kerberos running and have a DNS sever (with AD zones) in the same linux
> machine.

if you can 'getent passwd|grep USER_NAME' then it works, if you can't,
then it doesn't work. When you add USER_NAME to /etc/passwd, it
obviously works. You have to fix your nss/ldap.conf situation so it can
get posix users from LDAP


To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba