Hi !
Problem:
I have working configuration of samba domain with ldap backend. Users
can log into domain, i can add computers to domain, everything works ok
except that some accounts are not available to getent command (look into
Example).
I thought that my PAM conf was wrong but all services uses system-auth
conf which looks like:
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 typepassword
sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
I made a rebuild of indexes on OpenLDAP also.
Example:
[root@codo /]# smbldap-useradd -a test
[root@codo /]# id test
uid=1369(test) gid=221(Domain Users) grupy=221(Domain Users)
[root@codo /]# getent passwd|grep test
test00001$:x:1222:553:test00001$:/dev/null:/bin/false
test00002$:x:1357:553:test00002$:/dev/null:/bin/false
[root@codo sbin]# smbldap-usershow test
dn: uid=test,ou=Users,dc=DOM,dc=PL
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount
cn: test
sn: test
uid: test
uidNumber: 1369
gidNumber: 221
homeDirectory: /home/users/test
loginShell: /bin/false
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-133419789-486977345-1400590255-3738
sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-1443
sambaHomeDrive: H:
sambaLogonScript: test.cmd
sambaHomePath: \\IO\homes
sambaProfilePath: \\IO\profiles\test
sambaPwdMustChange: 1086697544
sambaLMPassword: 01FC5A6BE7BC6929AA73B435B51404EE
sambaPwdLastSet: 1081945544
sambaAcctFlags: [U]
sambaNTPassword: 0CB6948805F797BF2A92807973B89537
userPassword: {SSHA}C0CRyrR5axrb2UF7Z7cCWdZ+8sF9U4HK
[root@codo root]# mkdir 1
[root@codo root]# chown test 1
[root@codo root]# ls -la|grep test
drwxr-xr-x 2 test root 4096 kwi 14 14:15 1
[root@codo sbin]# smbldap-usershow boka2
dn: uid=Boka2, ou=Users,dc=DOM,dc=PL
sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-1443
displayName: System User
sambaLogonScript: Boka2.cmd
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount
sambaLogonTime: 0
sambaHomeDrive: H:
uid: Boka2
uidNumber: 1041
cn: Boka2
sambaLogoffTime: 2147483647
loginShell: /bin/false
sambaProfilePath: \\IO\profiles\boka2
gidNumber: 221
sambaPwdCanChange: 0
gecos: System User
sambaSID: S-1-5-21-133419789-486977345-1400590255-3082
description: System User
homeDirectory: /home/users/boka2
sambaKickoffTime: 2147483647
sn: Boka2
sambaHomePath: \\IO\homes
sambaPwdMustChange: 1083253082
sambaLMPassword: 7A2743CD214D40FE7584248B8D2C9F9E
sambaPwdLastSet: 1078501082
sambaAcctFlags: [U]
sambaNTPassword: 5CEE4047351006503BC30091562E8EFB
userPassword: {SSHA}c+VaQ4ezXkwqon43/N0fM5ciZJY7N2s5
[root@codo pam.d]# getent passwd|grep boka
Boka2:x:1041:221:System User:/home/users/boka2:/bin/false
Conf:
PDC on rh7.3 with samba-3.0.2a and smbldap-tools
DOMAIN servers on slackware 9.1 with pam/nss/ldap patches
OpenLDAP openldap-2.0.27 on slackware 9.1 with pam/nss/ldap patches
Solution:
not found anything :(
greetz
boka