Hello again )
I have followed your suggestion. changed the ldap.conf so the nsswitch will do sub search and changed the nss_passwd/group/shadow to search at the root of the database. Still no luck.
Can you 'finger' the computer accounts? That should show if the NSS is configured correctly. I had a similar problem with 'smbpasswd -a -m' not finding my machine accounts under 'ou=Computers' and made a similar modification to that recently suggested, which (for me) solved the problem.
Original /etc/ldap.conf snippet: base dc=internal,dc=avlsi,dc=com pam_filter objectclass=posixAccount pam_password exop nss_base_passwd ou=People,dc=internal,dc=avlsi,dc=com?one nss_base_shadow ou=People,dc=internal,dc=avlsi,dc=com?one nss_base_group ou=Groups,dc=internal,dc=avlsi,dc=com?one
Revised /etc/ldap.conf snippet: base dc=internal,dc=avlsi,dc=com pam_filter objectclass=posixAccount pam_password exop nss_base_passwd dc=internal,dc=avlsi,dc=com?sub nss_base_shadow ou=People,dc=internal,dc=avlsi,dc=com?one nss_base_group ou=Groups,dc=internal,dc=avlsi,dc=com?one
You do not have to have an Administrator account with uid=0, but you do need to have -some- account with uid=0.
I put the following in LDAP to satisfy that requirement: dn: uid=root,ou=people,dc=internal,dc=avlsi,dc=com objectClass: account objectClass: sambaSamAccount sambaPwdCanChange: 1072123497 sambaPwdLastSet: 1072123497 sambaAcctFlags: [U ] displayName: root sambaSID: S-1-5-21-3418961212-346530541-152393462-1000 sambaLMPassword: NICE-TRY sambaNTPassword: NICE-TRY uid: root sambaPwdMustChange: 2147483647 sambaPrimaryGroupSID: S-1-5-21-3418961212-346530541-152393462-512 (root's posixaccount is in local files, not LDAP)
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
