Hello all, I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP both for samba and for posix accounts. Everything runs fine, except for one problem. I have a ou=People-inactive branch on my ldap server on wich I store (guess what?) inactive people. I don't want my system to recognize those entries as valid users, so I set my /etc/ldap.conf as follows: root@mercurio:/etc# grep -v "^#\|^\s*$" ldap.conf host 127.0.0.1 192.168.0.207 base dc=a1,dc=ind ldap_version 3 nss_base_passwd ou=People,dc=a1,dc=ind?one nss_base_shadow ou=People,dc=a1,dc=ind?one nss_base_group ou=Group,dc=a1,dc=ind?one nss_base_hosts ou=Hosts,dc=a1.dc=ind?one nss_base_services ou=Services,dc=a1,dc=ind?one nss_base_networks ou=Networks,dc=a1,dc=ind?one nss_base_protocols ou=Protocols,dc=a1,dc=ind?one nss_base_rpc ou=Rpc,dc=a1,dc=ind?one nss_base_netmasks ou=Networks,dc=a1,dc=ind?one nss_base_aliases ou=Aliases,dc=a1,dc=ind?one nss_base_netgroup ou=Netgroup,dc=a1,dc=ind?one root@mercurio:/etc# I use two servers on the "host" line due to this bug: https://launchpad.net/ubuntu/+source/libnss-ldap/+bug/51315 The problem arose when I tried to add a new machine to the domain. The smbldap-useradd script is able to add the machine entry on ldap, but the whole process fails with "User not found" (translated from the Portuguese message) on the adding workstation. After googling for about 3 hours without success, I found that if I just comment out the nss_base_* entries, everything works as expected and am able to join a machine to the domain. The question: Is that a samba, nss or smbldap-tools bug? Or is this not a bug, but a feature? ;) Or have I lost something? Best regards and thanks in advance. -- Marcio Merlone
Adam Tauno Williams
2008-Apr-23 19:31 UTC
[Samba] Mis-behavior of ldap.conf regarding nss?
> I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP > both for samba and for posix accounts. Everything runs fine, except for > one problem. I have a ou=People-inactive branch on my ldap server on > wich I store (guess what?) inactive people. I don't want my system to > recognize those entries as valid users, so I set my /etc/ldap.conf as > follows: > nss_base_passwd ou=People,dc=a1,dc=ind?one > The problem arose when I tried to add a new machine to the domain. The > smbldap-useradd script is able to add the machine entry on ldap, but the > whole process fails with "User not found" (translated from the > Portuguese message) on the adding workstation. After googling for about > 3 hours without success, I found that if I just comment out the > nss_base_* entries, everything works as expected and am able to join a > machine to the domain.Does your script create the machine account object in ou=People? You've verified the object is created at all and you can successfully "id {machine}$"?> Is that a samba, nss or smbldap-tools bug? Or is this not a bug, but a > feature? ;) Or have I lost something?My guess would be it is bug in your configuration of smbldap-tools. -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org