Hi, I'm using Samba 3 as a PDC with an Openldap backend and also have a number of Samba domain member servers that lookup the ldap directory for their account information. I use ssh to perform various administration tasks. There is an account called Administrator in the LDAP directory that has a UID of 0 . However, after nscd has been started, the next time i login to one of the member servers using the root account my username is reported as Administrator and not as root as expected. This causes various issues with ssh keys etc.. I have the following lines in my nsswitch.conf file.> passwd: files ldap > shadow: files ldap > group: files ldap >grepping the output of 'getent passwd' for x:0:> root:x:0:0:root:/root:/bin/bash > Administrator:x:0:5001:Netbios Domain > Administrator:/home/Administrator:/bin/bashWhen i stop the nscd service the behaviour of the system returns to normal. I apologise if this topic is not directly samba related. However, i'm sure somebody else must have come accross this behaviour. Thanks, Ian
Adam Tauno Williams
2005-May-03 11:18 UTC
[Samba] nscd, ldap and the root/Administrator account
> I'm using Samba 3 as a PDC with an Openldap backend and also have a > number of Samba domain member servers that lookup the ldap directory for > their account information. I use ssh to perform various administration > tasks. There is an account called Administrator in the LDAP directory > that has a UID of 0 . However, after nscd has been started, the next > time i login to one of the member servers using the root account my > username is reported as Administrator and not as root as expected. This > causes various issues with ssh keys etc..It only works when you're not running nscd because you're lucky. NSS will return the first matching entry for a uidnumber={0} lookup. It doesn't really support multiple accounts with the same uidnumber, id suggest not having a Administration;uidnumber=0 account. Simply map Administrator = root in Samba if this is the behaviour you want.> I have the following lines in my nsswitch.conf file. > > passwd: files ldap > > shadow: files ldap > > group: files ldap > grepping the output of 'getent passwd' for x:0: > > root:x:0:0:root:/root:/bin/bash > > Administrator:x:0:5001:Netbios Domain > > Administrator:/home/Administrator:/bin/bash > When i stop the nscd service the behaviour of the system returns to normal. > I apologise if this topic is not directly samba related. However, i'm > sure somebody else must have come accross this behaviour.nscd is just a dumb cache, you're getting the results of a uidnumber=0 lookup into its cache. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050503/55b41821/attachment.bin
John H Terpstra
2005-May-03 11:52 UTC
[Samba] nscd, ldap and the root/Administrator account
On Tuesday 03 May 2005 04:55, Ian Clancy wrote:> Hi, > I'm using Samba 3 as a PDC with an Openldap backend and also have a > number of Samba domain member servers that lookup the ldap directory for > their account information. I use ssh to perform various administration > tasks. There is an account called Administrator in the LDAP directory > that has a UID of 0 . However, after nscd has been started, the next > time i login to one of the member servers using the root account my > username is reported as Administrator and not as root as expected. This > causes various issues with ssh keys etc.. > > I have the following lines in my nsswitch.conf file. > > > passwd: files ldap > > shadow: files ldap > > group: files ldap > > grepping the output of 'getent passwd' for x:0: > > root:x:0:0:root:/root:/bin/bash > > Administrator:x:0:5001:Netbios Domain > > Administrator:/home/Administrator:/bin/bash > > When i stop the nscd service the behaviour of the system returns to normal. > I apologise if this topic is not directly samba related. However, i'm > sure somebody else must have come accross this behaviour.I wish someone would document that! Oops, maybe it is. Did you check the documentation? http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf http://www.samba.org/samba/docs/Samba-Guide.pdf If you can't find it in there please let me know so it can get fixed. Defective documentation is such a pain in the neck! Really - it is! - John T. -- John H Terpstra, CTO PrimaStasys Inc. Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.