I've found somewhere (I'm looking again for the document) that from a certain
version it doesn't need anymore the file libnss_ldap.conf/secret because it's
all configured from ldap.conf/secret (and I don't have libnss_ldap files).
Anyway I checked with the getent command and I obtain only entries from
/etc/passwd end group files.
I'd like to store all the windows user and workstation informations on LDAP
limiting only the administrative user to passwd.
François Legal wrote:
To be honest, I don't know very well all the ldap client configuration
stuff. Anyway, nss is not (AFAIK) configured in /etc/ldap.conf.
You should have a libnss_ldap.conf/secret files containing the ldap
configuration (bind DN/pwd suffix for users, suffix for groups...) so that
NSS can successfully lookup the directory when it has to find user/group
information.
You can see if it is configured properly by doing getent group and getent
passwd
These commands shall display all the groups and user found on the system.
That is each user and group present in /etc/passwd /etc/group plus each
user contained in maybe ou=Users,dc=yourcompany,dc=com and
ou=Groups,dc=yourcompany,dc=com and (that one is important too)
ou=Machines,dc=yourcompany,dc=com from your directory.
Note that if you plan to only use ldap to store user information, you
should no more have real users/groups in /etc/passwd and /etc/group
François
On Mon, 11 May 2009 16:51:47 +0200, dogb...@infinito.it wrote:
I'm checking /etc/ldap.conf and it seems that at the end of this file it
was
added a line with the following directive:
nss_initgroups_ignoreusers
that included more or less every single entry contained in my /etc/passwd
file at the time of the ldap configuration.
is that normal behaviour ?
Thanks,
Riccardo
did you properly configure nssldap ?
On Mon, 11 May 2009 14:25:05 +0200, dogb...@infinito.it wrote:
Hi,
I've migrated from an old samba installation (Samba as PDC) that
used
TDB
backend for password.
I've setup a box with ubuntu and samba 3 + ldap and I imported the
old
users.
Old users works fine.
I have problems with new users and machines.
Old users works but they don't show up with smbldap-usershow command
and
I've problem in changing their passwords. If I check the ldap db I
can
find
them (with both ldapsearch and slapcat).
New users created with smbldap-useradd can be seen with
smbldap-usershow
command but can't make a logon on workstation
If I join a workstation (directly by the workstation) it is added to
ldap
db
but it doesn't see the domain until I manually add an entry for it
in
/etc/passwd
Checking the user entry for two users I can find the following
differences.
BERENICE is an user imported from the old system and is working
fine:
dn: uid=berenice,ou=Users,dc=DOMAIN,dc=IT
uid: berenice
sambaSID: S-1-5-21-1234567890-123456789-123456789-2018
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
displayName: berenice
sambaLogonTime: 0
sambaLogoffTime: 4294967295
sambaKickoffTime: 4294967295
sambaPwdCanChange: 1161193814
sambaPwdMustChange: 4294967295
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPasswordHistory:
0000000000000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1161193814
sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
sambaAcctFlags: [U ]
sambaBadPasswordCount: 0
sambaBadPasswordTime: 0
objectClass: sambaSamAccount
objectClass: account
structuralObjectClass: account
entryUUID: af11fe14-8e7a-102d-9b4e-27169ab1b87f
creatorsName: cn=admin,dc=DOMAIN,dc=IT
createTimestamp: 20090214003220Z
entryCSN: 20090214003220.132569Z#000000#000#000000
modifiersName: cn=admin,dc=DOMAIN,dc=IT
modifyTimestamp: 20090214003220Z
ADAM is a fresly created user and can't logon to workstation:
dn: uid=adam,ou=Users,dc=DOMAIN,dc=IT
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: adam
sn: adam
givenName: adam
uid: adam
uidNumber: 1004
gidNumber: 513
homeDirectory: /home/adam
loginShell: /bin/bash
gecos: System User
structuralObjectClass: inetOrgPerson
entryUUID: f9326600-8e7a-102d-9bb5-27169ab1b87f
creatorsName: cn=admin,dc=DOMAIN,dc=IT
createTimestamp: 20090214003424Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: adam
sambaSID: S-1-5-21-1234567890-123456789-123456789-3008
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
sambaLogonScript: logon.bat
sambaProfilePath: serverprofilesadam
sambaHomePath: serveradam
sambaHomeDrive: C:
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaAcctFlags: [U]
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPwdLastSet: 1234571674
sambaPwdMustChange: 1238459674
userPassword:: e1NTSEF9SStEUWVhay9tV2ROTGtOZy9QSlRqTDIrdmM1d1V6ZE4=
shadowLastChange: 14289
shadowMax: 45
entryCSN: 20090214003434.475223Z#000000#000#000000
modifiersName: cn=admin,dc=DOMAIN,dc=IT
modifyTimestamp: 20090214003434Z
Any help would be appreciated.
Thanks,
Riccardo
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
