[Samba] Strange nslcd error with ldap database

2013-03-16 Thread Bethel, Zach 
Greetings,

I've got a S4 DC joined to a Windows 2008 R2 DC. I'm using the s4bind scripts 
to add uidNumber/gidNumber/etc entries to LDAP, and I've got nss-pam-ldap 
installed on the S4 server. I had this working back in December, but since 
installing the latest stable build, getent passwd is throwing this error,

[8b4567] passwd=myuser passwd entry CN=myuser,CN=Users,DC=...,DC=...,DC=... 
does not contain uidNumber value

Interestingly, after creating a user on the linux side, if I point nslcd at the 
Windows DC, it retrieves the ldap entry just fine. I get nothing from the S4 
server. I've done ldbsearch on the local ldap database and uidNumber is 
definitely there. I'm not sure if there's really something else going on, but 
I'm at a loss of what to do.

I don't think it's a Kerberos issue, because it authenticates fine. It's not my 
local nslcd client, because I can connect to the Windows DC (via getent passwd) 
which has the same replicated database and it displays the user data.

Has anyone experienced this?
Thanks


The information in this communication is intended solely for the individual or 
entity to whom it is addressed. It may contain confidential or legally 
privileged information. If you are not the intended recipient, any disclosure, 
copying, distribution or reliance on the contents of this information is 
strictly prohibited, and may be unlawful. If you have received this 
communication in error, please notify us immediately by responding to the 
sender of this email, and then delete it from your system. Taylor University is 
not liable for the inaccurate or improper transmission of the information 
contained in this communication or for any delay in its receipt.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Strange nslcd error with ldap database

2013-03-16 Thread Bethel, Zach 
I wanted to add that it appears nslcd is incapable of seeing any of the 
posixAccount attributes from the Samba LDAP server. It balks at 
unixHomeDirectory, uidNumber, and gidNumber. However, if I do:

map uidNumber codePage (or some other random AD attribute)
map gidNumber codePage

It displays the user in getent (with the wrong uid and gid, obviously).
What gives? Is there some permission issue with those entries? I can do 
ldapsearch and see them just fine. I even added administrator credentials to 
nslcd and I still get the issue. Oddly enough, if I point nslcd at the windows 
DCs, it works great.

Argh.


From: Bethel, Zach
Sent: Thursday, January 31, 2013 4:31 PM
To: samba@lists.samba.org
Subject: Strange nslcd error with ldap database

Greetings,

I've got a S4 DC joined to a Windows 2008 R2 DC. I'm using the s4bind scripts 
to add uidNumber/gidNumber/etc entries to LDAP, and I've got nss-pam-ldap 
installed on the S4 server. I had this working back in December, but since 
installing the latest stable build, getent passwd is throwing this error,

[8b4567] passwd=myuser passwd entry CN=myuser,CN=Users,DC=...,DC=...,DC=... 
does not contain uidNumber value

Interestingly, after creating a user on the linux side, if I point nslcd at the 
Windows DC, it retrieves the ldap entry just fine. I get nothing from the S4 
server. I've done ldbsearch on the local ldap database and uidNumber is 
definitely there. I'm not sure if there's really something else going on, but 
I'm at a loss of what to do.

I don't think it's a Kerberos issue, because it authenticates fine. It's not my 
local nslcd client, because I can connect to the Windows DC (via getent passwd) 
which has the same replicated database and it displays the user data.

Has anyone experienced this?
Thanks


The information in this communication is intended solely for the individual or 
entity to whom it is addressed. It may contain confidential or legally 
privileged information. If you are not the intended recipient, any disclosure, 
copying, distribution or reliance on the contents of this information is 
strictly prohibited, and may be unlawful. If you have received this 
communication in error, please notify us immediately by responding to the 
sender of this email, and then delete it from your system. Taylor University is 
not liable for the inaccurate or improper transmission of the information 
contained in this communication or for any delay in its receipt.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba