Dale,
I followed the guide from ubuntu website adding some other detailed because it
seems that those info aren't complete:
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
at this point:
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html#openldap-auth-config
I used a command "dpkg-reconfigure ldap-auth-config" that create an ldap.conf
files with the parameters I entered. I think that this script also took every
entry found in the /etc/passwd file and added to the nss_initgroups_ignoreusers
directive.
Anyway I will chek the guides you geve me.
Thanks
Dale Schroeder wrote:
Riccardo,
I use Debian, so setup should be similar to Ubuntu. Do you have
libnss-ldap and libpam-ldap installed? They were necessary for
Samba/ldap to work.
Have you modified nsswitch.conf and pam.d to use ldap? Note: Although
others have mentioned the possibility, I did not have to modify
ldap.conf at all for this to work.
Here are two different approaches to making this work. They might
possibly fill in some of the blanks.
https://help.ubuntu.com/community/OpenLDAP-SambaPDC-OrgInfo-Posix
http://wiki.makethemove.net/index.php?title=LDAP-Samba
Dale
dogbert wrote:
I've found somewhere (I'm looking again for the document) that from a
certain version it doesn't need anymore the file
libnss_ldap.conf/secret because it's all configured from
ldap.conf/secret (and I don't have libnss_ldap files).
Anyway I checked with the getent command and I obtain only entries
from /etc/passwd end group files.
I'd like to store all the windows user and workstation informations on
LDAP limiting only the administrative user to passwd.
François Legal wrote:
To be honest, I don't know very well all the ldap client configuration
stuff. Anyway, nss is not (AFAIK) configured in /etc/ldap.conf.
You should have a libnss_ldap.conf/secret files containing the ldap
configuration (bind DN/pwd suffix for users, suffix for groups...) so
that
NSS can successfully lookup the directory when it has to find user/group
information.
You can see if it is configured properly by doing getent group and
getent
passwd
These commands shall display all the groups and user found on the
system.
That is each user and group present in /etc/passwd /etc/group plus each
user contained in maybe ou=Users,dc=yourcompany,dc=com and
ou=Groups,dc=yourcompany,dc=com and (that one is important too)
ou=Machines,dc=yourcompany,dc=com from your directory.
Note that if you plan to only use ldap to store user information, you
should no more have real users/groups in /etc/passwd and /etc/group
François
On Mon, 11 May 2009 16:51:47 +0200, [email protected] wrote:
I'm checking /etc/ldap.conf and it seems that at the end of this
file it
was
added a line with the following directive:
nss_initgroups_ignoreusers
that included more or less every single entry contained in my
/etc/passwd
file at the time of the ldap configuration.
is that normal behaviour ?
Thanks,
Riccardo
did you properly configure nssldap ?
On Mon, 11 May 2009 14:25:05 +0200, [email protected] wrote:
Hi,
I've migrated from an old samba installation (Samba as PDC) that
used
TDB
backend for password.
I've setup a box with ubuntu and samba 3 + ldap and I imported the
old
users.
Old users works fine.
I have problems with new users and machines.
Old users works but they don't show up with smbldap-usershow command
and
I've problem in changing their passwords. If I check the ldap db I
can
find
them (with both ldapsearch and slapcat).
New users created with smbldap-useradd can be seen with
smbldap-usershow
command but can't make a logon on workstation
If I join a workstation (directly by the workstation) it is added to
ldap
db
but it doesn't see the domain until I manually add an entry for it
in
/etc/passwd
Checking the user entry for two users I can find the following
differences.
BERENICE is an user imported from the old system and is working
fine:
dn: uid=berenice,ou=Users,dc=DOMAIN,dc=IT
uid: berenice
sambaSID: S-1-5-21-1234567890-123456789-123456789-2018
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
displayName: berenice
sambaLogonTime: 0
sambaLogoffTime: 4294967295
sambaKickoffTime: 4294967295
sambaPwdCanChange: 1161193814
sambaPwdMustChange: 4294967295
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPasswordHistory:
0000000000000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1161193814
sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
sambaAcctFlags: [U ]
sambaBadPasswordCount: 0
sambaBadPasswordTime: 0
objectClass: sambaSamAccount
objectClass: account
structuralObjectClass: account
entryUUID: af11fe14-8e7a-102d-9b4e-27169ab1b87f
creatorsName: cn=admin,dc=DOMAIN,dc=IT
createTimestamp: 20090214003220Z
entryCSN: 20090214003220.132569Z#000000#000#000000
modifiersName: cn=admin,dc=DOMAIN,dc=IT
modifyTimestamp: 20090214003220Z
ADAM is a fresly created user and can't logon to workstation:
dn: uid=adam,ou=Users,dc=DOMAIN,dc=IT
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: adam
sn: adam
givenName: adam
uid: adam
uidNumber: 1004
gidNumber: 513
homeDirectory: /home/adam
loginShell: /bin/bash
gecos: System User
structuralObjectClass: inetOrgPerson
entryUUID: f9326600-8e7a-102d-9bb5-27169ab1b87f
creatorsName: cn=admin,dc=DOMAIN,dc=IT
createTimestamp: 20090214003424Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: adam
sambaSID: S-1-5-21-1234567890-123456789-123456789-3008
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
sambaLogonScript: logon.bat
sambaProfilePath: serverprofilesadam
sambaHomePath: serveradam
sambaHomeDrive: C:
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaAcctFlags: [U]
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPwdLastSet: 1234571674
sambaPwdMustChange: 1238459674
userPassword:: e1NTSEF9SStEUWVhay9tV2ROTGtOZy9QSlRqTDIrdmM1d1V6ZE4=
shadowLastChange: 14289
shadowMax: 45
entryCSN: 20090214003434.475223Z#000000#000#000000
modifiersName: cn=admin,dc=DOMAIN,dc=IT
modifyTimestamp: 20090214003434Z
Any help would be appreciated.
Thanks,
Riccardo
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
