Anyone have any ideas on this? (Really, any ideas at all are
welcome.) Thanks.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Fri, 27 Mar 2009, Chris St. Pierre wrote:
> I have the exact same problem as this guy:
>
> http://lists.samba.org/archive/samba/2006-September/125699.html
>
> He describes it much better and in much more detail than I could, so
> I'll let him speak for me.
>
> Unfortunately, I don't have the same solution. nss_ldap is configured
> properly, and things like 'getent passwd' and 'id
machine-acct$' show
> the machine accounts as expected:
>
> % getent passwd | grep stpierre
> stpierre:x:2273:4000:Christopher St
> Pierre:/home/faculty/stpierre:/bin/zsh
> stpierre-pc$:*:1944:1000:Computer:/dev/null:/bin/false
> % id stpierre-pc$
> uid=1944(stpierre-pc$) gid=1000 groups=1000
>
> Unfortunately, "fix nss_ldap" is about the only suggestion I
could
> find on this problem on Google. Any other suggestions? Thanks!
>
> I'm running samba 3.0.33 on RHEL 5. /etc/ldap.conf (nss_ldap.conf on
> other distros):
>
> uri ldap://ldap.nebrwesleyan.edu
> base o=NebrWesleyan.edu,o=isp
> timelimit 30
> bind_timelimit 30
> bind_policy soft
> nss_initgroups_ignoreusers root,ldap
> ssl start_tls
> tls_checkpeer no
>
> The [global] section of smb.conf:
>
> [global]
> server string = Huxley
> workgroup = NWU_HUXLEY
> netbios name = Huxley
>
> log level = 1
> log file = /var/log/samba/%U.%m.log
> max log size = 102400
>
> add machine script = /usr/sbin/smbldap-useradd -t 10 -w '%m'
>
> bind interfaces only = true
> interfaces = 10.1.1.44
>
> logon path > logon home > logon drive >
> socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 SO_KEEPALIVE
> max smbd processes = 0
>
> encrypt passwords = yes
> domain logons = yes domain master = yes local master = yes preferred master
=
> yes security = user os level = 33 wins server = 10.9.1.12
> admin users = +ntadmin
>
> passdb backend = ldapsam:ldap://ldap.nebrwesleyan.edu
> ldap suffix = o=nebrwesleyan.edu,o=isp ldap machine suffix = ou=People ldap
> user suffix = ou=People ldap group suffix = ou=Groups ldap admin dn =
> cn=directory manager ldap ssl = off
>
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
> blocking locks = no
> unix extensions = no
> include = /etc/samba/%U.inc
>
> Chris St. Pierre
> Unix Systems Administrator
> Nebraska Wesleyan University
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>