Sir,
As you suggested I have already done this settings ('ldap_user_name
=username') 3 year back and due to this our users are able to login in
various service like ssh, imap, pop by sssd service but not able to
connect/authenticate by samba.
As you know in my case due to our customized ldap which start
'uid=numericID' instead of 'uid=username' samba is not able to
find the
user. When I checked the logs it always trying to find the user
'uid=username' I think somewhere in smb.conf it may be possble that we
can
define attribute, please suggest.
requirement we are trying to
configure am already changed to 'ldap_user_name =username' instead of
'ldap_user_name =uid'
etc which was possible with the bel
------
I give in, your problem is likely that sssd and nslcd are searching for
the wrong attribute for your user
This is all from my archives, so things might have changed:
To specify what attribute to use for a users name instead of uid:
sssd:
edit sssd.conf, find the line 'ldap_user_name =' change it to
'ldap_user_name = username'
nslcd:
edit nslcd.conf, find the line 'map passwd uid' change it to 'map
passwd uid username'
See if this fixes your problem.
Rowland
--------
---------- Forwarded message ----------
Date: Tue, 8 Nov 2016 17:06:16 +0530 (IST)
From: Arun Gupta <arung at cdac.in>
To: rpenny at samba.org
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba with customized ldap backend (fwd)
Sir,
below is smb.conf file;
[global]
workgroup = CDAC
server string = Samba Server Version %v
security = DOMAIN
passdb backend = ldapsam:ldap://10.208.1.211/
log file = /var/log/samba/log.%m
max log size = 50
client signing = required
ldap admin dn = cn=manager,dc=cdac,dc=in
ldap passwd sync = only
ldap suffix = ou=User,dc=cdac,dc=in
ldap ssl = no
template shell = /bin/bash
idmap config * : backend = tdb
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon/scripts
read only = No
browseable = No
[homes]
comment = Home Directories
path = /home/%u
read only = No
browseable = No
[sambashare]
path = /sambashare
read only = No
guest ok = Yes
----------------------------
nslcd isn't Samba's either.
Samba recommends using winbind and as such, supports any problems with
its use.
So, as you are looking for advice, then here it is, try using winbind.
I also don't remember you posting your smb.conf, so, if after trying
winbind you still have problems, post your smb.conf
Rowland
---------------------
On Tue, 8 Nov 2016, Arun Gupta wrote:
> Hello Sir,
>
> I have also tried with nslcd and didn't succeeded.
>
> kindly advice.
>
> Regards,
>
> Arun
>
>
> --------------
>
>
>
> Have you asked on the sssd-users mailing list about this ???
>
> If you are using sssd then Samba ISN'T doing the authentication, SSSD
> is.
>
> Rowland
>
>
> ---------- Forwarded message ----------
> Date: Mon, 7 Nov 2016 18:30:51 +0530 (IST)
> From: Arun Gupta <arung at cdac.in>
> To: L.P.H. van Belle <belle at bazuin.nl>
> Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> Subject: Re: [Samba] samba with customized ldap backend
>
> Sir,
>
> As you told that Samba normaly set uid=Username and not the uidNumber. Here
> due some requirement we had configured ldap with dn uid="user's
emp id" and
> it is very well working with all the services like nagios anonymous
> authentication, ssh, smtp, imap authentication, rdesktop means all the
> possible services but I am very badly stuck with samba authentication.
>
> For example I have created below ldif uid='user's empid'
>
> dn: uid=102220,ou=People,dc=pn,ou=User,dc=cdac,dc=in
> empID: 102220
> username: micki
> cn: Demo Account
> centre: PN
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> oldempid: 2220
> mail: micki at cdac.in
> givenName: Demo Accoung
> shadowLastChange: 15587
> loginShell: /bin/bash
> uidNumber: 5345
> gidNumber: 5345
> homeDirectory: /mbox1.1/micki
> userPassword::
> {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcpu6EGYWxZH1O7w13ZocmtLTb9nw=>
sambaPwdLastSet: 1473165911
> sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7
> sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008
> sambaAcctFlags: [UX ]
> sambaNTPassword: 0242A7FEC5CD294F916925766089E573
> uid: 102220
> description: Unix
>
> ## pdbedit -L -v -u 102220
> -----------------------------
> Unix username: 102220
> NT username: 102220
> Account Flags: [UX ]
> User SID: S-1-5-21-4079184197-2446238136-3299756537-1008
> Finding user 102220
> Trying _Get_Pwnam(), username as lowercase is 102220
> Checking combinations of 0 uppercase letters in 102220
> Get_Pwnam_internals didn't find user [102220]!
> Primary Group SID: (NULL SID)
> Full Name: Demo Account
> Home Directory: \\report\102220
> HomeDir Drive:
> Logon Script:
> Profile Path: \\report\102220\profile
> Domain: REPORT
> Account desc: Unix
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: never
> Kickoff time: never
> Password last set: Tue, 06 Sep 2016 18:15:11 IST
> Password can change: Tue, 06 Sep 2016 18:15:11 IST
> Password must change: Tue, 19 Jan 2038 08:44:07 IST
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> ----------------------
>
> here Unix username found 102220 and I am able to authenticate by uid
(102220
> ) instead of username (micki), if we can customze somwhere in samba search
> pattern I am sure my goal will be complete for that kindly give me some
> suggestions for the same
>
> Regard
> Arun
>
> On Wed, 12 Oct 2016, L.P.H. van Belle wrote:
>
>> Your error.
>>
>>>> dn: uid=102220,ou=User,dc=example,dc=com
>>>> uid: 102220
>>>> username: test1
>>
>> Samba normaly set uid=Username and not the uidNumber
>> First find why you have uid=Number and not uid=Username.
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Arun
Gupta via
>>> samba
>>> Verzonden: woensdag 12 oktober 2016 11:56
>>> Aan: mathias dufresne
>>> CC: samba
>>> Onderwerp: Re: [Samba] samba with customized ldap backend
>>>
>>>
>>> Sir,
>>>
>>>
>>> No AD, that's some NT4 domain.
>>> Yes, it has no AD
>>>
>>> - No Winbind because Winbind is using samacccountname as user login
and
>>> not UID.
>>> --> Not configured
>>>
>>>> - Issue happens on Linux or UNIX clients.
>>> On both client
>>>
>>>
>>> I am using sssd and pam_ldap for user retrival and modified
>>> pam_login_attribute (pam_ldap.conf file) to username instead of uid
(by
>>> default value) so I am very well able to authenticate with many
services
>>> like ssh, smtp
>>> auth etc but in sabma case it is trying to contact uid='numeric
value'
>>> instead of username=test1.
>>>
>>> I think somewhere in configuration, we may define username
attribute
>>> instead of uid which is samba configured.
>>>
>>> Regards,
>>> Arun
>>>
>>>
>>>
>>>
>>> On Wed, 12 Oct 2016, mathias dufresne wrote:
>>>
>>>> I have to assume much, I'll try. So...
>>>> - No AD, that's some NT4 domain.
>>>> - No Winbind because Winbind is using samacccountname as user
login and
>>> not UID.
>>>> - Issue happens on Linux or UNIX clients.
>>>>
>>>>
>>>> The question is what tool (SSSD, pam_ldap / nss_ldap, nslcd...)
are you
>>> using to retrieve information from LDAP to forge users on system
side.
>>>>
>>>> Once you get an answer to this previous question check how to
configure
>>> that tool to tell it that uid is uid and login. Most of them can do
that.
>>>>
>>>> 2016-10-12 7:30 GMT+02:00 Arun Gupta via samba <samba at
lists.samba.org>:
>>>> Sir,
>>>>
>>>> Please help me out
>>>>
>>>> Regards,
>>>> Arun
>>>>
>>>> On Tue, 4 Oct 2016, Arun Gupta wrote:
>>>>
>>>> Dear All,
>>>>
>>>> I have configured ldap with uid='some
numeric' instead of
>>> uid=username
>>>>
>>>> like that;
>>>>
>>>> dn: uid=102220,ou=User,dc=example,dc=com
>>>> uid: 102220
>>>> username: test1
>>>> cn: Test Account
>>>> objectClass: inetOrgPerson
>>>> objectClass: posixAccount
>>>> objectClass: top
>>>> objectClass: shadowAccount
>>>> objectClass: sambaSamAccount
>>>> mail: test1 at cdac.in
>>>> shadowLastChange: 15587
>>>> loginShell: /bin/bash
>>>> uidNumber: 5345
>>>> gidNumber: 5345
>>>> homeDirectory: /home/test1
>>>> userPassword:
{SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcnw=>>>>
sambaPwdLastSet: 1473165911
>>>> sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7
>>>> sambaSID:
S-1-5-21-4079184197-2446238136-3299756537-1008
>>>> sambaAcctFlags: [UX ]
>>>> sambaNTPassword: 0242A7FEC5CD294F916925766089E573
>>>>
>>>>
>>>> when I configured samba with ldap backend then
samba is not
>>> able to get user information (because samba always search attribute
>>>> uid=numeric), but when I replace uid=username
(uid=test1
>>> instead of uid=102220) it works and authenticate successful.
>>>>
>>>> As I have 3000+ users in ldap and it is not
possible to
>>> change to all user settings, request to you kindly give me some
clue to
>>> find out
>>>> the solution, I will highly obliged for the same.
>>>>
>>>>
>>>>
>>>>
>
--
Thanks & Regards,
Arun Kumar Gupta
Mail Administrator
HPC Infrastructure and Ecosystem Group
Centre for Development of Advanced Computing
Savitribai Phule Pune University Campus
PUNE-Maharastra
Phone : +91-20-25704347
WEB : http://www.cdac.in/
-------------------------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
-------------------------------------------------------------------------------------------------------------------------------
On Wed, 9 Nov 2016 15:46:15 +0530 (IST) Arun Gupta <arung at cdac.in> wrote:> Sir, > > As you suggested I have already done this settings ('ldap_user_name > =username') 3 year back and due to this our users are able to login > in various service like ssh, imap, pop by sssd service but not able > to connect/authenticate by samba. > > As you know in my case due to our customized ldap which start > 'uid=numericID' instead of 'uid=username' samba is not able to find > the user. When I checked the logs it always trying to find the user > 'uid=username' I think somewhere in smb.conf it may be possble that > we can define attribute, please suggest. > > > > requirement we are trying to > configure am already changed to 'ldap_user_name =username' instead > of 'ldap_user_name =uid' > > > etc which was possible with the belOK, you have a strange setup, I have suggested how you could possibly configure sssd or nslcd and neither work. I have also pointed out that by using sssd or nslcd, Samba is NOT doing the authentication. So, as far as I can see, you have two options, either change your setup to use proper uid's or ask on the relevant list: https://lists.fedorahosted.org/admin/lists/sssd-users.lists.fedorahosted.org/ Or https://lists.arthurdejong.org/nss-pam-ldapd-users/ If what you are trying to do is possible with sssd or nslcd, then one of the links should help you, I am fairly sure you do not have a Samba problem. Rowland
Sir, My setup is able to Samba authenticate by using of SSSD or nslcd but I have to use 102220 (numeric) instead of username. Okay I will explore on nss-pam-ldap, let's see. Thanks for your support/effort/suggestions. Regards, Arun __________________ OK, you have a strange setup, I have suggested how you could possibly configure sssd or nslcd and neither work. I have also pointed out that by using sssd or nslcd, Samba is NOT doing the authentication. So, as far as I can see, you have two options, either change your setup to use proper uid's or ask on the relevant list: https://lists.fedorahosted.org/admin/lists/sssd-users.lists.fedorahosted.org/ Or https://lists.arthurdejong.org/nss-pam-ldapd-users/ If what you are trying to do is possible with sssd or nslcd, then one of the links should help you, I am fairly sure you do not have a Samba problem. Rowland ________ On Wed, 9 Nov 2016, Arun Gupta wrote:> Sir, > > As you suggested I have already done this settings ('ldap_user_name > =username') 3 year back and due to this our users are able to login in > various service like ssh, imap, pop by sssd service but not able to > connect/authenticate by samba. > > As you know in my case due to our customized ldap which start 'uid=numericID' > instead of 'uid=username' samba is not able to find the user. When I checked > the logs it always trying to find the user 'uid=username' I think somewhere > in smb.conf it may be possble that we can define attribute, please suggest. > > > > requirement we are trying to configure am already changed to 'ldap_user_name > =username' instead of 'ldap_user_name =uid' > > > etc which was possible with the bel > ------ > > I give in, your problem is likely that sssd and nslcd are searching for > the wrong attribute for your user > > This is all from my archives, so things might have changed: > > To specify what attribute to use for a users name instead of uid: > > sssd: > > edit sssd.conf, find the line 'ldap_user_name =' change it to > 'ldap_user_name = username' > > nslcd: > > edit nslcd.conf, find the line 'map passwd uid' change it to 'map > passwd uid username' > > See if this fixes your problem. > > Rowland > > -------- > > ---------- Forwarded message ---------- > Date: Tue, 8 Nov 2016 17:06:16 +0530 (IST) > From: Arun Gupta <arung at cdac.in> > To: rpenny at samba.org > Cc: samba at lists.samba.org > Subject: Re: [Samba] samba with customized ldap backend (fwd) > > Sir, > > below is smb.conf file; > > [global] > workgroup = CDAC > server string = Samba Server Version %v > security = DOMAIN > passdb backend = ldapsam:ldap://10.208.1.211/ > log file = /var/log/samba/log.%m > max log size = 50 > client signing = required > ldap admin dn = cn=manager,dc=cdac,dc=in > ldap passwd sync = only > ldap suffix = ou=User,dc=cdac,dc=in > ldap ssl = no > template shell = /bin/bash > idmap config * : backend = tdb > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon/scripts > read only = No > browseable = No > > [homes] > comment = Home Directories > path = /home/%u > read only = No > browseable = No > > [sambashare] > path = /sambashare > read only = No > guest ok = Yes > > > ---------------------------- > nslcd isn't Samba's either. > > Samba recommends using winbind and as such, supports any problems with > its use. > > So, as you are looking for advice, then here it is, try using winbind. > > I also don't remember you posting your smb.conf, so, if after trying > winbind you still have problems, post your smb.conf > > Rowland > > --------------------- > > > On Tue, 8 Nov 2016, Arun Gupta wrote: > >> Hello Sir, >> >> I have also tried with nslcd and didn't succeeded. >> >> kindly advice. >> >> Regards, >> >> Arun >> >> >> -------------- >> >> >> >> Have you asked on the sssd-users mailing list about this ??? >> >> If you are using sssd then Samba ISN'T doing the authentication, SSSD >> is. >> >> Rowland >> >> >> ---------- Forwarded message ---------- >> Date: Mon, 7 Nov 2016 18:30:51 +0530 (IST) >> From: Arun Gupta <arung at cdac.in> >> To: L.P.H. van Belle <belle at bazuin.nl> >> Cc: "samba at lists.samba.org" <samba at lists.samba.org> >> Subject: Re: [Samba] samba with customized ldap backend >> >> Sir, >> >> As you told that Samba normaly set uid=Username and not the uidNumber. Here >> due some requirement we had configured ldap with dn uid="user's emp id" and >> it is very well working with all the services like nagios anonymous >> authentication, ssh, smtp, imap authentication, rdesktop means all the >> possible services but I am very badly stuck with samba authentication. >> >> For example I have created below ldif uid='user's empid' >> >> dn: uid=102220,ou=People,dc=pn,ou=User,dc=cdac,dc=in >> empID: 102220 >> username: micki >> cn: Demo Account >> centre: PN >> objectClass: inetOrgPerson >> objectClass: posixAccount >> objectClass: top >> objectClass: shadowAccount >> objectClass: sambaSamAccount >> oldempid: 2220 >> mail: micki at cdac.in >> givenName: Demo Accoung >> shadowLastChange: 15587 >> loginShell: /bin/bash >> uidNumber: 5345 >> gidNumber: 5345 >> homeDirectory: /mbox1.1/micki >> userPassword:: >> {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcpu6EGYWxZH1O7w13ZocmtLTb9nw=>> sambaPwdLastSet: 1473165911 >> sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7 >> sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008 >> sambaAcctFlags: [UX ] >> sambaNTPassword: 0242A7FEC5CD294F916925766089E573 >> uid: 102220 >> description: Unix >> >> ## pdbedit -L -v -u 102220 >> ----------------------------- >> Unix username: 102220 >> NT username: 102220 >> Account Flags: [UX ] >> User SID: S-1-5-21-4079184197-2446238136-3299756537-1008 >> Finding user 102220 >> Trying _Get_Pwnam(), username as lowercase is 102220 >> Checking combinations of 0 uppercase letters in 102220 >> Get_Pwnam_internals didn't find user [102220]! >> Primary Group SID: (NULL SID) >> Full Name: Demo Account >> Home Directory: \\report\102220 >> HomeDir Drive: >> Logon Script: >> Profile Path: \\report\102220\profile >> Domain: REPORT >> Account desc: Unix >> Workstations: >> Munged dial: >> Logon time: 0 >> Logoff time: never >> Kickoff time: never >> Password last set: Tue, 06 Sep 2016 18:15:11 IST >> Password can change: Tue, 06 Sep 2016 18:15:11 IST >> Password must change: Tue, 19 Jan 2038 08:44:07 IST >> Last bad password : 0 >> Bad password count : 0 >> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> ---------------------- >> >> here Unix username found 102220 and I am able to authenticate by uid >> (102220 ) instead of username (micki), if we can customze somwhere in samba >> search pattern I am sure my goal will be complete for that kindly give me >> some suggestions for the same >> >> Regard >> Arun >> >> On Wed, 12 Oct 2016, L.P.H. van Belle wrote: >> >>> Your error. >>> >>>>> dn: uid=102220,ou=User,dc=example,dc=com >>>>> uid: 102220 >>>>> username: test1 >>> >>> Samba normaly set uid=Username and not the uidNumber >>> First find why you have uid=Number and not uid=Username. >>> >>> >>> Greetz, >>> >>> Louis >>> >>> >>> >>>> -----Oorspronkelijk bericht----- >>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Arun Gupta via >>>> samba >>>> Verzonden: woensdag 12 oktober 2016 11:56 >>>> Aan: mathias dufresne >>>> CC: samba >>>> Onderwerp: Re: [Samba] samba with customized ldap backend >>>> >>>> >>>> Sir, >>>> >>>> >>>> No AD, that's some NT4 domain. >>>> Yes, it has no AD >>>> >>>> - No Winbind because Winbind is using samacccountname as user login and >>>> not UID. >>>> --> Not configured >>>> >>>>> - Issue happens on Linux or UNIX clients. >>>> On both client >>>> >>>> >>>> I am using sssd and pam_ldap for user retrival and modified >>>> pam_login_attribute (pam_ldap.conf file) to username instead of uid (by >>>> default value) so I am very well able to authenticate with many services >>>> like ssh, smtp >>>> auth etc but in sabma case it is trying to contact uid='numeric value' >>>> instead of username=test1. >>>> >>>> I think somewhere in configuration, we may define username attribute >>>> instead of uid which is samba configured. >>>> >>>> Regards, >>>> Arun >>>> >>>> >>>> >>>> >>>> On Wed, 12 Oct 2016, mathias dufresne wrote: >>>> >>>>> I have to assume much, I'll try. So... >>>>> - No AD, that's some NT4 domain. >>>>> - No Winbind because Winbind is using samacccountname as user login and >>>> not UID. >>>>> - Issue happens on Linux or UNIX clients. >>>>> >>>>> >>>>> The question is what tool (SSSD, pam_ldap / nss_ldap, nslcd...) are you >>>> using to retrieve information from LDAP to forge users on system side. >>>>> >>>>> Once you get an answer to this previous question check how to configure >>>> that tool to tell it that uid is uid and login. Most of them can do that. >>>>> >>>>> 2016-10-12 7:30 GMT+02:00 Arun Gupta via samba <samba at lists.samba.org>: >>>>> Sir, >>>>> >>>>> Please help me out >>>>> >>>>> Regards, >>>>> Arun >>>>> >>>>> On Tue, 4 Oct 2016, Arun Gupta wrote: >>>>> >>>>> Dear All, >>>>> >>>>> I have configured ldap with uid='some numeric' instead of >>>> uid=username >>>>> >>>>> like that; >>>>> >>>>> dn: uid=102220,ou=User,dc=example,dc=com >>>>> uid: 102220 >>>>> username: test1 >>>>> cn: Test Account >>>>> objectClass: inetOrgPerson >>>>> objectClass: posixAccount >>>>> objectClass: top >>>>> objectClass: shadowAccount >>>>> objectClass: sambaSamAccount >>>>> mail: test1 at cdac.in >>>>> shadowLastChange: 15587 >>>>> loginShell: /bin/bash >>>>> uidNumber: 5345 >>>>> gidNumber: 5345 >>>>> homeDirectory: /home/test1 >>>>> userPassword: {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcnw=>>>>> sambaPwdLastSet: 1473165911 >>>>> sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7 >>>>> sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008 >>>>> sambaAcctFlags: [UX ] >>>>> sambaNTPassword: 0242A7FEC5CD294F916925766089E573 >>>>> >>>>> >>>>> when I configured samba with ldap backend then samba is not >>>> able to get user information (because samba always search attribute >>>>> uid=numeric), but when I replace uid=username (uid=test1 >>>> instead of uid=102220) it works and authenticate successful. >>>>> >>>>> As I have 3000+ users in ldap and it is not possible to >>>> change to all user settings, request to you kindly give me some clue to >>>> find out >>>>> the solution, I will highly obliged for the same. >>>>> >>>>> >>>>> >>>>> >> > >-- Thanks & Regards, Arun Kumar Gupta Mail Administrator HPC Infrastructure and Ecosystem Group Centre for Development of Advanced Computing Savitribai Phule Pune University Campus PUNE-Maharastra Phone : +91-20-25704347 WEB : http://www.cdac.in/ ------------------------------------------------------------------------------------------------------------------------------- [ C-DAC is on Social-Media too. Kindly follow us at: Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ] This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. -------------------------------------------------------------------------------------------------------------------------------
On Thu, 10 Nov 2016 17:22:12 +0530 (IST) Arun Gupta <arung at cdac.in> wrote:> Sir, > > My setup is able to Samba authenticate by using of SSSD or nslcd but > I have to use 102220 (numeric) instead of username.No you don't, you have chosen to.> > Okay I will explore on nss-pam-ldap, let's see. >nss-pam-ldap != nss-pam-ldapd nss-pam-ldapd is nslcd Rowland