Dear All,
I have configured ldap with uid='some numeric' instead of uid=username
like that;
dn: uid=102220,ou=User,dc=example,dc=com
uid: 102220
username: test1
cn: Test Account
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: sambaSamAccount
mail: test1 at cdac.in
shadowLastChange: 15587
loginShell: /bin/bash
uidNumber: 5345
gidNumber: 5345
homeDirectory: /home/test1
userPassword: {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcnw=sambaPwdLastSet: 1473165911
sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7
sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008
sambaAcctFlags: [UX ]
sambaNTPassword: 0242A7FEC5CD294F916925766089E573
when I configured samba with ldap backend then samba is not able to get
user information (because samba always search attribute uid=numeric), but
when I replace uid=username (uid=test1 instead of uid=102220) it works and
authenticate successful.
As I have 3000+ users in ldap and it is not possible to change to all user
settings, request to you kindly give me some clue to find out the
solution, I will highly obliged for the same.
--
Thanks & Regards,
Arun Kumar Gupta
-------------------------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
-------------------------------------------------------------------------------------------------------------------------------
Sir, Please help me out Regards, Arun On Tue, 4 Oct 2016, Arun Gupta wrote:> Dear All, > > I have configured ldap with uid='some numeric' instead of uid=username > > like that; > > dn: uid=102220,ou=User,dc=example,dc=com > uid: 102220 > username: test1 > cn: Test Account > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > objectClass: shadowAccount > objectClass: sambaSamAccount > mail: test1 at cdac.in > shadowLastChange: 15587 > loginShell: /bin/bash > uidNumber: 5345 > gidNumber: 5345 > homeDirectory: /home/test1 > userPassword: {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcnw=> sambaPwdLastSet: 1473165911 > sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7 > sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008 > sambaAcctFlags: [UX ] > sambaNTPassword: 0242A7FEC5CD294F916925766089E573 > > > when I configured samba with ldap backend then samba is not able to get user > information (because samba always search attribute uid=numeric), but when I > replace uid=username (uid=test1 instead of uid=102220) it works and > authenticate successful. > > As I have 3000+ users in ldap and it is not possible to change to all user > settings, request to you kindly give me some clue to find out the solution, I > will highly obliged for the same. > >------------------------------------------------------------------------------------------------------------------------------- [ C-DAC is on Social-Media too. Kindly follow us at: Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ] This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. -------------------------------------------------------------------------------------------------------------------------------
I have to assume much, I'll try. So... - No AD, that's some NT4 domain. - No Winbind because Winbind is using samacccountname as user login and not UID. - Issue happens on Linux or UNIX clients. The question is what tool (SSSD, pam_ldap / nss_ldap, nslcd...) are you using to retrieve information from LDAP to forge users on system side. Once you get an answer to this previous question check how to configure that tool to tell it that uid is uid and login. Most of them can do that. 2016-10-12 7:30 GMT+02:00 Arun Gupta via samba <samba at lists.samba.org>:> Sir, > > Please help me out > > Regards, > Arun > > > On Tue, 4 Oct 2016, Arun Gupta wrote: > > Dear All, >> >> I have configured ldap with uid='some numeric' instead of uid=username >> >> like that; >> >> dn: uid=102220,ou=User,dc=example,dc=com >> uid: 102220 >> username: test1 >> cn: Test Account >> objectClass: inetOrgPerson >> objectClass: posixAccount >> objectClass: top >> objectClass: shadowAccount >> objectClass: sambaSamAccount >> mail: test1 at cdac.in >> shadowLastChange: 15587 >> loginShell: /bin/bash >> uidNumber: 5345 >> gidNumber: 5345 >> homeDirectory: /home/test1 >> userPassword: {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcnw=>> sambaPwdLastSet: 1473165911 >> sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7 >> sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008 >> sambaAcctFlags: [UX ] >> sambaNTPassword: 0242A7FEC5CD294F916925766089E573 >> >> >> when I configured samba with ldap backend then samba is not able to get >> user information (because samba always search attribute uid=numeric), but >> when I replace uid=username (uid=test1 instead of uid=102220) it works and >> authenticate successful. >> >> As I have 3000+ users in ldap and it is not possible to change to all >> user settings, request to you kindly give me some clue to find out the >> solution, I will highly obliged for the same. >> >> >> > > ------------------------------------------------------------ > ------------------------------------------------------------------- > [ C-DAC is on Social-Media too. Kindly follow us at: > Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ] > > This e-mail is for the sole use of the intended recipient(s) and may > contain confidential and privileged information. If you are not the > intended recipient, please contact the sender by reply e-mail and destroy > all copies and the original message. Any unauthorized review, use, > disclosure, dissemination, forwarding, printing or copying of this email > is strictly prohibited and appropriate legal action will be taken. > ------------------------------------------------------------ > ------------------------------------------------------------------- > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Am 12.10.2016 um 07:30 schrieb Arun Gupta via samba:> Sir, > > Please help me out > > Regards, > Arun > > On Tue, 4 Oct 2016, Arun Gupta wrote: > >> Dear All, >> >> I have configured ldap with uid='some numeric' instead of uid=username >> >> like that; >> >> dn: uid=102220,ou=User,dc=example,dc=com >> uid: 102220 >> username: test1 >> cn: Test Account >> objectClass: inetOrgPerson >> objectClass: posixAccount >> objectClass: top >> objectClass: shadowAccount >> objectClass: sambaSamAccount >> mail: test1 at cdac.in >> shadowLastChange: 15587 >> loginShell: /bin/bash >> uidNumber: 5345 >> gidNumber: 5345 >> homeDirectory: /home/test1 >> userPassword: {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcnw=>> sambaPwdLastSet: 1473165911 >> sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7 >> sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008 >> sambaAcctFlags: [UX ] >> sambaNTPassword: 0242A7FEC5CD294F916925766089E573 >> >> >> when I configured samba with ldap backend then samba is not able to >> get user information (because samba always search attribute >> uid=numeric), but when I replace uid=username (uid=test1 instead of >> uid=102220) it works and authenticate successful. >> >> As I have 3000+ users in ldap and it is not possible to change to all >> user settings, request to you kindly give me some clue to find out >> the solution, I will highly obliged for the same. >> >> >Hello Arun, So samba generates an differnt type of ldap query if uid is an numeric value? Can you post the queries (from ldap log) with numeric and string queries? achim~
On Tue, 2016-10-04 at 18:07 +0530, Arun Gupta via samba wrote:> Dear All, > > I have configured ldap with uid='some numeric' instead of > uid=usernameThis seems like a really bad idea.> like that; > > dn: uid=102220,ou=User,dc=example,dc=com > uid: 102220I can only imagine this causing much confusion. Is this still the posix username, just contining digits, or the kernel UID number? The posix username just containing digits might work, but many parts of linux assuming numeric usernames are uid valies, eg in config files). When I went to uni (ANU in Canberra), they gave us logins with our student number, but always s123456 (later u123456), but never without a prefix. I always suggest learning from the practice of others rather than being the special case. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba