As you probably realilse, the two separate areas are what samba requires in ldap and what Linux requires - it's likely that you've only populated the samba required stuff.
Think of ldap like a /etc/passwd file with many more columns. You only have the columns for samba but most of the Linix/POSIX columns are missing. There are many ways to deal with this! Too many :-/ but they're all fun :-) ldapmodify is one to look at - you can adjust various items. you could export the whole ldap db using slapcat and then tidy the whole thing before importing it back... I think that both require some extra steps and as soon as you look at them, you'll see which approach suits you. 2009/6/19 Dave Beach <drbe...@rogers.com> > Hello list! I believe I may not have a Samba problem, but rather an LDAP > directory problem. I'm hoping to be redirected towards a more appropriate > mailing list to which I can post. > > I have a Slackware server running Samba and OpenLDAP, and my WinXP clients > authenticate just fine. I migrated from an smbpasswd backend to OpenLDAP > with a BD backend some time ago, using the migration tools provided with > smbldap-tools. Everything has been working fine. > > I now want to bring a Ubuntu workstation online, and authenticate to the > same LDAP database. I've understood that my previous approach was wrong > (trying to somehow get the Ubuntu box to join the domain), and that I > instead need to use nss and pam to point directly to the LDAP database on > the Slackware server. So far, so good. Ubuntu packages sourced and > installed. > > Executing "getent group" on the Ubuntu client produces the expected > results. > Executing "getent passwd" does not; it only shows me a subset of the user > accounts (notably, not my own account which was created prior to > migration). > Fiddling about with a couple of Windows-based ldap query clients, I can see > that there seem to be some differences between accounts that were created > pre-migration and those created post-migration. As an example, accounts > created post-migration seem to have different "objectClass" attributes and > values associated with them than do accounts created pre-migration - and > the > post-migration accounts are all visible with "getent passwd" on the Ubuntu > client. Also, the pre-migration accounts have the "account" objectClass > associated with them, while the post-migration accounts have the "person" > objectClass associated with them. The post-migration accounts also seem to > have the "posixAccount" object class associated with them. There are other > differences, but these strike me (in my ignorance) as possibly being the > source of the problem. > > In case it isn't obvious, I have zero LDAP experience other than this > futzing around I'm doing. It seems fairly obvious that I need to somehow > alter the pre-migration accounts in some way to make them more like the > post-migration accounts, such that I can then log onto the Ubuntu client > with the same user ID with which I log onto the WinXp clients. I'm > reluctant > to do much so far, in fear that I'll manage to irreparably damage the > pre-migration accounts (somehow lose the SID, etc) such that they'll need > to > be re-created, with all the pain that entails on the WinXP clients (I use > local profiles only on the WinXP boxes). > > So, as I said, probably not a Samba problem per se. Would someone be so > kind > as to suggest the proper list in which I can post this problem? > > Thanks very much in advance. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba