search for: nss_base_passwd

...: I deleted the following options from the smb.conf #ldap user suffix = ou=People #ldap machine suffix = ou=Computers But I left the options set in my smbldap.conf. usersdn="ou=Users,dc=mydc,dc=com" computersdn="ou=Computers,dc=mydc,dc=com" I set my nss_ldap as such: nss_base_passwd dc=mydc,dc=com?sub nss_base_shadow dc=mydc,dc=com?sub --- The end result is some extra sub queries - which is ok for me. I also get the benefit of having the logical separation between the Users and Computers. I really like that. I am still limited by uid names, and I can think of a fe...

Hello, have some little problems adding user to domain with USRMGR.EXE My System runs on SuSE 9.1 (2.6.5-7.75-default), samba-3.0.4, smbldap-tools-0.8.5, openldap2-2.2.6 If I try to add a new user with USRMGR.EXE I get an error "Access denied", but if I look into LDAP the new user was correctly added to LDAP. If I confirm the error-message and then cancel the "NEW USER"

...ve a question: - In section 6.3.5 (page 150, numerated), there is a note wich says that the computers account must be inside the People container due to an error in samba. Is this true?, or can it be due to the config of the nss-ldap and the pam-ldap modules wich is on the book?: (....) > nss_base_passwd ou=People,dc=abmas,dc=biz?one > nss_base_shadow ou=People,dc=abmas,dc=biz?one > nss_base_group ou=Groups,dc=abmas,dc=biz?one (....) The original config look for user account (including the computers ones) only on the container People, so, when the computers accounts are created, the nss...

...short, first it does: 1. /var/lib/samba/sbin/smbldap-useradd.pl -w 'computer_name$' 2. Then it does getpwnam("computer_name$") The problem is that the second step kept failing because my ldap.conf did not list "ou=Computers,dc=somedomain,dc=org" as a naming context for nss_base_passwd. I updated /etc/ldap.conf to the following and was able to successfully add the computer: nss_base_passwd ou=Users,dc=somedomain,dc=org?one nss_base_passwd ou=Computers,dc=somedomain,dc=org?one # This line was added nss_base_shadow ou=Users,dc=somedomain,dc=org?one nss_bas...

Hiya all, this should hopefully be a simple question. I've noticed that their is a setting: ldap machine suffix Allowing you to put all the machine accounts in a different tree in your ldap directory (which is a definate plus). However, I note, that it is almost impossible to do so. Has anyone done this (eg had machines in ou=Machines,dc=domain,dc=com and people in ou=People,dc=domain,dc=com)?

...AP - so close yet so far :) ...STILL NOT SOLVED On Mon, 2004-07-19 at 19:34, Jos? Ildefonso Camargo Tolosa wrote: > >http://samba.idealx.org/smbldap-howto.fr.html as you > >recommended. I have one big question, which one do I > >put in '/etc/ldap.conf' > > > >nss_base_passwd dc=wbcoll,dc=edu?one > >nss_base_shadow dc=wbcoll,dc=edu?one > >nss_base_group ou=Groups,dc=wbcoll,dc=edu?one > > > >or > > > >nss_base_passwd ou=Users,dc=wbcoll,dc=edu?one > >nss_base_shadow ou=Users,dc=wbcoll,dc=edu?one > >nss_base_gr...

...api:///127.0.0.1 uri ldap://127.0.0.1 ldap_version 3 binddn cn=admin,dc=example,dc=com bindpw mysecret rootbinddn cn=admin,dc=example,dc=com scope sub bind_policy soft pam_filter objectclass=posixAccount pam_login_attribute uid pam_check_host_attr yes pam_member_attribute memberUid pam_password md5 nss_base_passwd ou=people,dc=example,dc=com?sub nss_base_passwd ou=computers,dc=example,dc=com?sub nss_base_group ou=groups,dc=example,dc=com?sub And the smbldap.conf: SID="S-1-5-21-158730468-2379596502-3695168017" sambaDomain="REALM" slaveLDAP="127.0.0.1" slavePort="389"...

...om: http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-nss01 host 127.0.0.1 #base dc=abmas,dc=biz base dc=sysgenmedia,dc=com ldap_version 3 binddn cn=manager,dc=sysgenmedia,dc=com bindpw MyPassWord timelimit 50 bind_timelimit 50 bind_policy hard idle_timelimit 3600 pam_password exop #nss_base_passwd ou=People,dc=abmas,dc=biz?one #nss_base_shadow ou=People,dc=abmas,dc=biz?one #nss_base_group ou=Groups,dc=abmas,dc=biz?one nss_base_passwd ou=People,dc=sysgenmedia,dc=com?one nss_base_shadow ou=People,dc=sysgenmedia,dc=com?one nss_base_group ou=Groups,dc=sysgenmedia,dc=com?one ssl off ## end file...

Hi, I have running LDAP + SAMBA as PDC on gentoo and I have problem with adding machine account. Whem I try add machine account with pdbedit -am 'hostname' I have this error: smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=OFFICE.KENS.PL))] smbldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server

...ou=NIS,ou=Groups ldap machine suffix = ou=machines,ou=Samba,ou=Services ldap idmap suffix = ou=Idmap,ou=Services ldapsam:trusted = yes idmap backend = ldap:ldap://tien.its.umd.umich.edu passdb backend = ldapsam:ldap://tien.its.umd.umich.edu NSS setting nss_base_passwd ou=People nss_base_groups ou=NIS When I attempt to join a workstation to the domain the smbldap- useradd script works and creates the posix entry, but the samba attributes are never add and the workstation returns the error user can not be found. If I try adding the workstation using smbpas...

Hi, I am using Samba 3.0.10 PDC with LDAP as password DB. Before we use smbpasswd as passwd DB and every time I need to add a machine account into /etc/passwd so that the mahcine can join the domain. My understanding for LDAP is, this step is not needed any more since we will put all machine account into "ou=Computers". But I am proved to be wrong. Is this the way Samba works? I

...y/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_ldap.so My /etc/ldap.conf is setup as (world readable): base dc=pds-support,dc=net rootbinddn cn=nssldap,ou=DSA,dc=pds-support,dc=net nss_base_passwd dc=pds-support,dc=net?sub nss_base_shadow dc=pds-support,dc=net?sub nss_base_group ou=Groups,dc=pds-support,dc=net?one ssl no pam_password md5 and my /etc/nsswitch.conf (world readable) passwd: files ldap shadow: files ldap group: files ldap I have /etc/ldap...

...dap.conf *********** uri ldap://yyyy.com host yyyy.com port 389 ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cert /etc/openldap/server.crt tls_key /etc/openldap/server.key tls_cacertfile /etc/openldap/ca.crt base dc=xxxx,dc=xxxx,dc=com binddn cn=Manager,dc=xxxx,dc=xxxx,dc=com bindpw TTTTT nss_base_passwd ou=Users,dc=xxxx,dc=xxxx,dc=com?one nss_base_passwd ou=Computers,dc=xxxx,dc=xxxx,dc=com?one nss_base_shadow ou=Users,dc=xxxx,dc=xxxx,dc=com?one nss_base_group ou=Groups,dc=xxxx,dc=xxxx,dc=com?one nss_base_hosts ou=Hosts,dc=xxxx,dc=xxxx,dc=com?one pam_password md5 /etc/samba/smb.conf...

I finally make it work. The problem was in my nss_ldap.conf file. I was missing a line indicating there were "user" accounts in two different OU : People and Machines. Once this was fixed, I could properly check the trust account with winbindd. in libnss_ldap.conf: nss_base_passwd = ou=People,dc=mydomain,dc=fr and after I added this line nss_base_passwd = ou=Machines,dc=mydomain,dc=fr It did work. > Ok, so I could finally get the level 10 log out of winbindd. > > I started it with winbindd -S -F -i -d 10 > log.winbindd > > The complete log file is availabl...

I very much appreciate the help thus far, but I think it has strayed a bit from the actual problem. The problem is that when I join a system to the samba domain it creates /some/ but not all of the required attributes for the computer account. The process then fails as samba looks in the wrong part of my directory server. I would strongly prefer to put the workstation accounts in their own tree

...files group: files winbind smb.conf winbind use default domain = Yes winbind separator = + winbind enum users = yes winbind enum groups = yes idmap gid = 10000-20000 idmap uid = 10000-20000 #use nss_winbind = yes template homedir = /home/samba/%D/%U template shell = /bin/false ldap.conf #nss_base_passwd ou=People,dc=example,dc=com?one nss_base_passwd dc=example,dc=com #nss_base_shadow ou=People,dc=example,dc=com?one nss_base_shadow dc=example,dc=com ______________________________________________________________________ This email transmission and any docum...

...##host 128.223.78.80 host lauterbur.uoregon.edu base dc=lcni,dc=uoregon,dc=edu scope sub timelimit 30 pam_login_attribute uid pam_filter_class posixAccount ssl start_tls tls_cacertfile /usr/local/etc/cacert.pem tls_ciphers HIGH pam_filter &(objectClass=posixAccount)(description=lauterbur) ##nss_base_passwd ou=people,dc=lcni,dc=uoregon,dc=edu nss_base_passwd ou=People,dc=lcni,dc=uoregon,dc=edu nss_base_passwd ou=Computers,dc=lcni,dc=uoregon,dc=edu ##nss_base_shadow ou=people,dc=lcni,dc=uoregon,dc=edu nss_base_shadow ou=People,dc=lcni,dc=uoregon,dc=edu ##nss_base_group ou=group,dc=lcni,dc=uoregon,dc=ed...

...turned is "The user name could not be found." This is from the w2k machine itself. The release notes for 3.0.11 seem to say adding machines under ou=Computers should work. The IDEALX Samba-OpenLDAP Howto (Revision 1.9) seems to indicate it should work. But ldap.conf needs to be set to: nss_base_passwd dc=somewhere,dc=net?sub nss_base_shadow dc=somewhere,dc=net?sub nss_base_group ou=Group,dc=somewhere,dc=net?one (I did this.) The IDEALX Smbldap-tools User Manual (Release:0.8.7) In section 6.9 on page 18 says no, _unless_ you apply the fix as listed above. Note that the IDEALX howt...

...p backend = ldap:ldap://erde.aag idmap uid = 10000-20000 idmap gid = 10000-20000 winbind trusted domains only = yes deadtime = 15 keepalive = 0 ... shares **************************** /etc/ldap/ldap.conf **************************** BASE dc=aag URI ldap://erde.aag:389 ldap://mond.aag:389 nss_base_passwd ou=users,dc=aag?one nss_base_passwd ou=computers,dc=aag?one nss_base_shadow ou=users,dc=aag?one nss_base_group ou=groups,dc=aag?one TLS_CACERT /etc/ldap/certs/cacert.pem TLS_CERT /etc/ldap/certs/memberserver_cert.pem TLS_KEY /etc/ldap/certs/memberserver_key.pem TLS_CHECKPEER...

...rly documenting their work # /usr/local/etc/ldap.con on ldap server (FreeBSD 8.1) host LBSD.summitnjhome.com base dc=summitnjhome,dc=com sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com bindpw {SSHA}secret scope sub pam_password exop nss_base_passwd ou=staff,dc=summitnjhome,dc=com nss_base_shadow ou=staff,dc=summitnjhome,dc=com # grep for ldap account shows ldap account on the ldap server itself succeeds [root at LBSD2:/usr/local/etc/openldap] #getent passwd | grep walbs walbs:secret/:1002:1003:Walkiria Soares:/home/walbs:/usr/local/bin/bas...