On Thu, 2005-12-08 at 23:42 +0100, WebMaster wrote: > El Jueves, 8 de Diciembre de 2005 15:53, Josh Kelley escribió: > > Did you make sure to set rootbinddn in /etc/ldap.conf and the root > > password in /etc/ldap.secret? Otherwise, getent shadow runs as an > > unprivileged user, even as root. Did you check permissions on > > /etc/ldap.secret (should be mode 0600)? > > Ooops, I had 0644 for /etc/ldap.secret. May it be the problem? ---- No - as long as root can read the file, it's not a problem.
It is however - REALLY BAD IDEA - to have /etc/ldap.secret anything other than 0600. It lets everyone one in the world read your rootbinddn password. ---- > I have to wait > monday for having access to XP machines, now I only can get ssh access. > > I can not understand why, if I copy the user data to /etc/passwd from ldap, > (not /etc/shadow ) the user can log in, and when I delete the user > from /etc/passwd I get a getpwnam failure. But I can use usrmgr.exe and > smbclient works with the user data in ldap only, with no warning. > > I have kerberos running and have a DNS sever (with AD zones) in the same > linux > machine. ---- if you can 'getent passwd|grep USER_NAME' then it works, if you can't, then it doesn't work. When you add USER_NAME to /etc/passwd, it obviously works. You have to fix your nss/ldap.conf situation so it can get posix users from LDAP Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba