[Samba] Mis-behavior of ldap.conf regarding nss? - Samba

This is a discussion on [Samba] Mis-behavior of ldap.conf regarding nss? - Samba ; Hello all, I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP both for samba and for posix accounts. Everything runs fine, except for one problem. I have a ou=People-inactive branch on my ldap server on wich I ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] Mis-behavior of ldap.conf regarding nss?

  1. [Samba] Mis-behavior of ldap.conf regarding nss?

    Hello all,

    I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP
    both for samba and for posix accounts. Everything runs fine, except for
    one problem. I have a ou=People-inactive branch on my ldap server on
    wich I store (guess what?) inactive people. I don't want my system to
    recognize those entries as valid users, so I set my /etc/ldap.conf as
    follows:

    root@mercurio:/etc# grep -v "^#\|^\s*$" ldap.conf
    host 127.0.0.1 192.168.0.207
    base dc=a1,dc=ind
    ldap_version 3
    nss_base_passwd ou=People,dc=a1,dc=ind?one
    nss_base_shadow ou=People,dc=a1,dc=ind?one
    nss_base_group ou=Group,dc=a1,dc=ind?one
    nss_base_hosts ou=Hosts,dc=a1.dc=ind?one
    nss_base_services ou=Services,dc=a1,dc=ind?one
    nss_base_networks ou=Networks,dc=a1,dc=ind?one
    nss_base_protocols ou=Protocols,dc=a1,dc=ind?one
    nss_base_rpc ou=Rpc,dc=a1,dc=ind?one
    nss_base_netmasks ou=Networks,dc=a1,dc=ind?one
    nss_base_aliases ou=Aliases,dc=a1,dc=ind?one
    nss_base_netgroup ou=Netgroup,dc=a1,dc=ind?one
    root@mercurio:/etc#

    I use two servers on the "host" line due to this bug:

    https://launchpad.net/ubuntu/+source...dap/+bug/51315

    The problem arose when I tried to add a new machine to the domain. The
    smbldap-useradd script is able to add the machine entry on ldap, but the
    whole process fails with "User not found" (translated from the
    Portuguese message) on the adding workstation. After googling for about
    3 hours without success, I found that if I just comment out the
    nss_base_* entries, everything works as expected and am able to join a
    machine to the domain.

    The question:

    Is that a samba, nss or smbldap-tools bug? Or is this not a bug, but a
    feature? Or have I lost something?

    Best regards and thanks in advance.

    --
    Marcio Merlone


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Mis-behavior of ldap.conf regarding nss?

    > I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP
    > both for samba and for posix accounts. Everything runs fine, except for
    > one problem. I have a ou=People-inactive branch on my ldap server on
    > wich I store (guess what?) inactive people. I don't want my system to
    > recognize those entries as valid users, so I set my /etc/ldap.conf as
    > follows:
    > nss_base_passwd ou=People,dc=a1,dc=ind?one
    > The problem arose when I tried to add a new machine to the domain. The
    > smbldap-useradd script is able to add the machine entry on ldap, but the
    > whole process fails with "User not found" (translated from the
    > Portuguese message) on the adding workstation. After googling for about
    > 3 hours without success, I found that if I just comment out the
    > nss_base_* entries, everything works as expected and am able to join a
    > machine to the domain.


    Does your script create the machine account object in ou=People? You've
    verified the object is created at all and you can successfully "id
    {machine}$"?

    > Is that a samba, nss or smbldap-tools bug? Or is this not a bug, but a
    > feature? Or have I lost something?


    My guess would be it is bug in your configuration of smbldap-tools.

    --
    Adam Tauno Williams, Network & Systems Administrator
    Consultant - http://www.whitemiceconsulting.com
    Developer - http://www.opengroupware.org

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] Mis-behavior of ldap.conf regarding nss?

    Adam Tauno Williams escreveu:
    >> I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP
    >> both for samba and for posix accounts. Everything runs fine, except for
    >> one problem. I have a ou=People-inactive branch on my ldap server on
    >> wich I store (guess what?) inactive people. I don't want my system to
    >> recognize those entries as valid users, so I set my /etc/ldap.conf as
    >> follows:
    >> nss_base_passwd ou=People,dc=a1,dc=ind?one
    >> The problem arose when I tried to add a new machine to the domain. The
    >> smbldap-useradd script is able to add the machine entry on ldap, but the
    >> whole process fails with "User not found" (translated from the
    >> Portuguese message) on the adding workstation. After googling for about
    >> 3 hours without success, I found that if I just comment out the
    >> nss_base_* entries, everything works as expected and am able to join a
    >> machine to the domain.
    >>

    >
    > Does your script create the machine account object in ou=People? You've
    > verified the object is created at all and you can successfully "id
    > {machine}$"?
    >

    No, it gets created in ou=Host. Isn't it supposed to be this way?

    --
    Marcio Merlone


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread