Hello again: First, I will try to document what I did to get samba up as an AD DC in the next few days (I will note, as an older mail post stated, it takes a "LONG" time for it to start up when the system boots).
But, I am hoping that someone can help me understand where my ypldap problem is. As I said: --------- While it seems that I can get all the parts running, I am unable to pull account information from samba's ldap server through ypldap (no domain accounts with 'getent passwd', only local accounts). (I probably don't understand it well enough to set up ypldap.conf correctly?) --------- So, all from one of the machines that is a DC (OpenBSD 5.9 GENERIC.MP#1783 amd640 with samba from packages (Version 4.1.22). First, from the command line, I am able to get data from the ldap server included with samba. For example: ldapsearch -x -H "ldap://DC1.samba.domain.com:389" -D "DOMAIN\Administrator" -w "password" -b "dc=samba,dc=domain,dc=com" "(objectClass=posixAccount)" spits out a list of users to the terminal: ... # search result search: 2 result: 0 Success # numResponses: 8 # numEntries: 4 # numReferences: 3 --- And: ldapsearch -x -H "ldap://DC1.samba.domain.com:389" -D "DOMAIN\Administrator" -w "password" -b "dc=samba,dc=domain,dc=com" "(objectClass=group)" gives me: ... # search result search: 2 result: 0 Success # numResponses: 42 # numEntries: 38 # numReferences: 3 --- Using this, I tried to setup ypldap.conf like this: ---- # Global settings domain "samba.domain.com" interval 3600 # Specify the maps that ypldap should provide provide map "passwd.byname" provide map "passwd.byuid" provide map "group.byname" # Directory declaration directory "ldap://DC1.samba.domain.com:389" { binddn "DOMAIN\Administrator" bindcred "password" basedn "dc=samba,dc=domain,dc=com" # passwd maps configuration passwd filter "(objectClass=posixAccount)" attribute name maps to "uid" fixed attribute passwd "*" attribute uid maps to "uidNumber" attribute gid maps to "gidNumber" attribute home maps to "homeDirectory" attribute gecos maps to "gecos" # LDAP users are not interactive system users fixed attribute shell "/sbin/nologin" fixed attribute change "0" fixed attribute expire "0" fixed attribute class "default" # group maps configuration group filter "(objectClass=group)" attribute groupname maps to "cn" fixed attribute grouppasswd "*" fixed attribute groupgid "*" list groupmembers maps to "member" } ---- ypldap -n says the configuration is OK. But, when I try to run it (after "domainname samba.domain.com" and "ypinit -m samba.domain.com" and starting portmap): # ypldap -dv I get: --- startup [debug mode] configuration starting applying configuration connecting to directories starting directory update --- and the terminal hangs.... for longer than it took me to write this email.... when I manually break it, I get: --- ldap client exiting dns engine exiting --- It seems to me that I am doing something wrong in setting up ypldap.conf; but, after spending most of the day (on and off) trying various configuration changes, nothing has changed. I did change of the group map configuration since it appears (to me) that the samba ldap database does not provide GID for "group" entries; but, I don't think that's the problem, is it? Any ideas would be appreciated. Thanks [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]