[OpenIndiana-discuss] Could not setup LDAP for SAMBA

IVO GELOV (CRM) ivo at crm.walltopia.com
Tue Mar 6 20:33:37 UTC 2012


Enabling debug for "name-service-cache" and then issuing "getent passwd administration"
shows this:

Tue Mar  6 22:30:05.6585--3--27998      lookup_int:
                 getpwnam [key=administration]: lookup start
Tue Mar  6 22:30:05.6585--3--27998      lookup_cache:
                 getpwnam [key=administration]: cache miss
Tue Mar  6 22:30:05.6586--3--27998      lookup_int:
                 getpwnam [key=administration]: name service lookup required
Tue Mar  6 22:30:05.6593--3--27998      lookup_int:
                 getpwnam [key=administration]: name service lookup status = 2
Tue Mar  6 22:30:05.6593--3--27998      lookup_int:
                 getpwnam [key=administration]: name service lookup failed
Tue Mar  6 22:30:05.6594--3--27998      lookup_int:
                 getpwnam [key=administration]: name service lookup failed (status=2, errno=0)

and this is not very helpful :(

IVO GELOV

On Tue, 06 Mar 2012 21:17:09 +0200, Jonathan Adams <t12nslookup at gmail.com> wrote:

> my auth from my slapd.conf:
>
> access to dn.base="" by * read
> #
> access to attrs=userPassword,sambaLMPassword,sambaNTPassword
>         by self         write
>         by dn="cn=samba_admin,ou=People,dc=domain,dc=com"   read
>         by anonymous    auth
>         by *            none
> #
> access to *
>         by *            read
>
> my /var/ldap/ldap_client_file:
>
> NS_LDAP_FILE_VERSION= 2.0
> NS_LDAP_SERVERS= 127.0.0.1
> NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com
> NS_LDAP_AUTH= simple
> NS_LDAP_CACHETTL= 43200
> NS_LDAP_PROFILE= default
> NS_LDAP_CREDENTIAL_LEVEL= proxy
> NS_LDAP_SERVICE_SEARCH_DESC= auto_home:nisMapName=auto_home,dc=domain,dc=com
> NS_LDAP_ATTRIBUTEMAP= automount:automountKey=cn
> NS_LDAP_ATTRIBUTEMAP= automount:automountInformation=nisMapEntry
> NS_LDAP_ATTRIBUTEMAP= automount:automountMapName=nisMapName
> NS_LDAP_OBJECTCLASSMAP= automount:automount=nisObject
> NS_LDAP_OBJECTCLASSMAP= automount:automountMap=nisMap
>
> I don't believe you will want any of the automount stuff, we use
> profiles and I've changed the LDAP_SERVERS list so that it doesn't
> have all 30 machines in it (we also have syncrepl enabled with chains
> to replicas) :)
>
> not sure if the access stuff makes any difference.
>
> you might want to change your bind auth to simple ...
>
> you shouldn't need to put any users in your /etc/passwd.
>
> Jon
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss



More information about the OpenIndiana-discuss mailing list