[OpenIndiana-discuss] Could not setup LDAP for SAMBA
IVO GELOV (CRM)
ivo at crm.walltopia.com
Tue Mar 6 16:59:02 UTC 2012
My native language is not English - so it is possible that am not able to properly
describe the situation. I am patient and will repeat some key moments from my setup:
1) I have run ldapclient and it produced the following files:
/var/ldap/ldap_client_cred:
======================
NS_LDAP_BINDDN= cn=admin,dc=domain,dc=com
NS_LDAP_BINDPASSWD= my-secret
/var/ldap/ldap_client_file:
====================
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 127.0.0.1
NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com
NS_LDAP_CACHETTL= 0
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=users,dc=domain,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=domain,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=users,dc=domain,dc=com
2) I have added "ldap" to nsswitch.conf
/etc/nsswitch.conf:
==============
passwd: files ldap
group: files ldap
3) I have issued "svcadm restart network/ldap/client"
4) I have entries in /etc/passwd
unix:x:104:101::/home/unix:/bin/bash
boss:x:105:101::/home/boss:/bin/bash
5) I have entry in /etc/group
depart::101:tmcdos,unix,boss
6) I am expecting "getent passwd administration" to show info about the LDAP user account
"administration" with password "samba" and same UID/GID as the entry UNIX in /etc/passwd
7) However, getent does not show anything - neither error message nor the expected information
8) And I do not know what is wrong in my setup - because the OS does not tell me the error.
How would I debug the problem ? Probably there is some gotcha, which is not covered in the
popular HOWTOs.
All I wanted is for SAMBA to require different password for each share, but all files
and directories to be owned by a single local OS account (actually 2 accounts - "unix" and "boss")
I am thankful for all your responses - but unfortunately, I am still far from reaching my goal :(
On Tue, 06 Mar 2012 16:18:15 +0200, Jonathan Adams <t12nslookup at gmail.com> wrote:
> /etc/passwd still exists for local users (root should always exist as
> a local user) ... ldap is additional to it (and likewise should never
> have root in it)
>
> zones are really straight forward,
> http://wiki.openindiana.org/oi/7.+Virtualization
>
> you just need a space you want to install the zone in ( a slice of
> disk ) and an IP address ... there are advanced things you can do if
> you want to use virtual nics, and we now have an OI server doing
> stupendous things in zones that we couldn't have done in 4 machines in
> the past.
>
> however, if you don't want to do zones you probably need to run
> "ldapclient" on the server to allow it to authenticate against the
> LDAP server.
>
> something like (if you use an LDAP server name, remember to put it in
> /etc/hosts):
>
> ldapclient manual -a domainName=dc=domain,dc=com -a
> preferredServerList=<LDAP Server ip/name> -a
> authenticationMethod=simple
>
> you may want to set the credentialLevel=proxy (if you have protection
> on who can see the password field of users), or to specify the
> defaultsearchbase ... you should be able to find out more with "man
> ldapclient" ...
>
> you then might need to change /etc/nsswitch.conf to have "passwd:
> files ldap" and "group: files ldap"
>
> make sure files comes first.
>
> you should then be able to "getent passwd administrator"
>
> Jon
>
More information about the OpenIndiana-discuss
mailing list