samba - Aug 2005 - Documentation clarification re: SLES9 and nsswitch

Hello,
I've been unable to succeed with Samba-Ldap setup on SLES9 until this
evening.
I thought I had a PAM issue but that was not the case.
To cut to the chase, I ran Yast's 'ldap-server' module without any
changes
as it found the ldap server settings.
Once finished I could join the domain from XP Pro which is what I was
unable to do.  I checked what Yast did and it
reset /etc/nsswitch.conf -with- the 'compat' entries that are
not to be used accorting to the 'Examples' Doc's:
http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-PAM-NSS
[note the warning box re: Suse at 5.4-5.5]

On my Centos4.1 box, the 'compat' lines were removed and the server
works fine.
On SLES9 I can only succeed with 'compat'. Remove them and it fails to
find 'root' username to join.
Re: the Docs, I guess I assumed that Suse9 and SLES9 would act the same way.
They must not.  I'll have to setup a Suse9 box to test it.

Can anyone verify this please?

Thanks in advance to the samba team and everyone here who helps out
on the list.

Kevin B

On Tuesday 02 August 2005 23:03, Kevin B wrote:
> Hello,
> I've been unable to succeed with Samba-Ldap setup on SLES9 until this
> evening.
> I thought I had a PAM issue but that was not the case.
> To cut to the chase, I ran Yast's 'ldap-server' module without
any changes
> as it found the ldap server settings.
> Once finished I could join the domain from XP Pro which is what I was
> unable to do.  I checked what Yast did and it
> reset /etc/nsswitch.conf -with- the 'compat' entries that are
Did you also check to see how yast2 configured your /etc/ldap.conf file?
> not to be used accorting to the 'Examples' Doc's:
> http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-PAM-NSS
> [note the warning box re: Suse at 5.4-5.5]
You can use the SUSE provided method - but it is unique to SUSE Linux. The 
documentation provides a method of implementation that is fully portable 
across Linux systems.
>
> On my Centos4.1 box, the 'compat' lines were removed and the server
> works fine.
> On SLES9 I can only succeed with 'compat'. Remove them and it fails
to
> find 'root' username to join.
Did you follow the diagnostic info provided in chapter 5? What did you find?
> Re: the Docs, I guess I assumed that Suse9 and SLES9 would act the same
> way. They must not.  I'll have to setup a Suse9 box to test it.
The devil is in all the details. I suggest that to get a handle on the 
differences you need to compare the SUSE yast2 generated configuration with 
the example configurations I provided in the Samba3-ByExample book.

Also, in chapter 5, section 5.3.1.7, you will find detailed diagnostic hints 
by which you can debug the LDAP/NSS configuration. Have fun!
> Can anyone verify this please?
What answer are you looking for? How much more detail that I have already 
provided do you believe is needed to remove all doubt?

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.