On 9/11/06, Cleber P. de Souza <[EMAIL PROTECTED]> wrote:
You'll need setup and start the nscd service on your machine. This solve your problem.
well, windbind and nscd don't get along together, as winbind does it's own caching. reference: http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2544165
On 9/11/06, Noah Dain <[EMAIL PROTECTED]> wrote: > * distro: ubuntu breezy ( 6.06 ) > * samba version: shipped version with updates ( 3.0.22-1ubuntu3.1 ) > * no ssl > * openLDAP is running on the same machine as samba, and referenced as > localhost/127.0.0.1 where applicable ( 2.2.26-5ubuntu2.1 ) > * nscd is not installed, much less running > > I've set up a samba pdc with ldap by following the Samba Guide very > closely, adapting it to Ubuntu/Debian where it seemed applicable, and > I've had mostly success. > > Windows clients work fine: they can join the domain, roaming profiles > work, read/write to their respective shares. > > However, when logged into the samba/ldap server, local users other > than root cannot resolve names in ldap. No ldap accounts show up for > 'getent passwd' or 'getent group'. > > I can login to the system with an ldap user account, but when I do so I get: > NOTE: 'ndain' is a local account. 'dainn' is an ldap account. > > [EMAIL PROTECTED]:~$ su dainn > Password: > id: cannot find name for group ID 513 > id: cannot find name for group ID 512 > I have no [EMAIL PROTECTED]:/home/ndain$ > > /var/log/syslog records: > Sep 11 11:32:49 sambapdc bash: nss_ldap: could not search LDAP server > - Operations error > Sep 11 11:32:49 sambapdc id: nss_ldap: could not search LDAP server - > Operations error > > > However, if I set /etc/libnss-ldap.conf permissions to 644, everything > works. Obviously, this is less than optimal as it has the "root" ldap > account password in plaintext. > > > ### nothing below but config files ### > > ## file: /etc/nsswitch.conf > ## edited to incorporate changes from #3: > ##http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-nss02 > passwd: files ldap > group: files ldap > shadow: files ldap > #hosts: files dns > hosts: files dns wins > networks: files > protocols: db files > services: db files > ethers: db files > rpc: db files > netgroup: nis > # end /etc/nsswitch.conf > > ## file: /etc/libnss-ldap.conf > ## ripped from: > http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-nss01 > host 127.0.0.1 > #base dc=abmas,dc=biz > base dc=sysgenmedia,dc=com > ldap_version 3 > binddn cn=manager,dc=sysgenmedia,dc=com > bindpw MyPassWord > timelimit 50 > bind_timelimit 50 > bind_policy hard > idle_timelimit 3600 > pam_password exop > #nss_base_passwd ou=People,dc=abmas,dc=biz?one > #nss_base_shadow ou=People,dc=abmas,dc=biz?one > #nss_base_group ou=Groups,dc=abmas,dc=biz?one > nss_base_passwd ou=People,dc=sysgenmedia,dc=com?one > nss_base_shadow ou=People,dc=sysgenmedia,dc=com?one > nss_base_group ou=Groups,dc=sysgenmedia,dc=com?one > ssl off > ## end file: /etc/nsswitch.conf > > > > -- > Noah Dain > "I don't want to make toys, I want to be a dentist!" > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- *** Cleber P. de Souza
-- Noah Dain "I don't want to make toys, I want to be a dentist!" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba