Hello How can I create single samba users database in OpenLDAP without creating local user account? I am successful create SambaSamAccount with Samba 3.0beta3. But following "Samba HOWTO Collection" (from 3.0beta3), ldapsam is just password backend and not provided replacement of /etc/passwd. There is sambaIdmapEntry in ldap schemas in samba 3.0beta3, but samba don`t use it. May be it is for winbind only? I can do this with PAM, but in this case samba must have "encrypt passwords = No". But it is impossible for me. Please give me some ideas, links, etc. Thanks. Raul.
On Thu, 2003-08-07 at 17:10, Raul Umyarov wrote:> Hello > > How can I create single samba users database in OpenLDAP without creating local user account? > > I am successful create SambaSamAccount with Samba 3.0beta3. But following "Samba HOWTO Collection" (from 3.0beta3), ldapsam is just password backend and not provided replacement of /etc/passwd. > > There is sambaIdmapEntry in ldap schemas in samba 3.0beta3, but > samba don`t use it. May be it is for winbind only?Correct - much to my disappointment, this code was removed during the Samba 3.0 beta process. It is now only used by winbind. However, you have always needed to have the users in nsswitch, the usual solution being to use nss_ldap. (Which will give you a similar result, in the end). Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030807/94f0ba20/attachment.bin
On 7 Aug 2003, Andrew Bartlett wrote:> On Thu, 2003-08-07 at 17:10, Raul Umyarov wrote: > > Hello > > > > How can I create single samba users database in OpenLDAP without > > creating local user account? > > > > I am successful create SambaSamAccount with Samba 3.0beta3. But > > following "Samba HOWTO Collection" (from 3.0beta3), ldapsam is just > > password backend and not provided replacement of /etc/passwd. > > > > There is sambaIdmapEntry in ldap schemas in samba 3.0beta3, but > > samba don`t use it. May be it is for winbind only? > > Correct - much to my disappointment, this code was removed during the > Samba 3.0 beta process. It is now only used by winbind. > > However, you have always needed to have the users in nsswitch, the usual > solution being to use nss_ldap. (Which will give you a similar result, > in the end).Just to clarify things, the code was removed because there were various problems and inconsistencies in the idmap layer. It was not pulled out willy nilly. Andrew knows this but just failed to mention it. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997)
> > There is sambaIdmapEntry in ldap schemas in samba 3.0beta3, but > > samba don`t use it. May be it is for winbind only? > > Correct - much to my disappointment, this code was removed during the > Samba 3.0 beta process. It is now only used by winbind. > > However, you have always needed to have the users in nsswitch, the usual > solution being to use nss_ldap. (Which will give you a similar result, > in the end). > > Andrew BartlettBut I had error with nss_ldap only auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: user auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User user! It is work fine after installing pam_ldap. Thanks. Raul.