My native language is not English - so it is possible that am not able to properly describe the situation. I am patient and will repeat some key moments from my setup:
1) I have run ldapclient and it produced the following files: /var/ldap/ldap_client_cred: ====================== NS_LDAP_BINDDN= cn=admin,dc=domain,dc=com NS_LDAP_BINDPASSWD= my-secret /var/ldap/ldap_client_file: ==================== NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= 127.0.0.1 NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com NS_LDAP_CACHETTL= 0 NS_LDAP_AUTH= simple NS_LDAP_SEARCH_SCOPE= one NS_LDAP_SEARCH_REF= TRUE NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=users,dc=domain,dc=com NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=domain,dc=com NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=users,dc=domain,dc=com 2) I have added "ldap" to nsswitch.conf /etc/nsswitch.conf: ============== passwd: files ldap group: files ldap 3) I have issued "svcadm restart network/ldap/client" 4) I have entries in /etc/passwd unix:x:104:101::/home/unix:/bin/bash boss:x:105:101::/home/boss:/bin/bash 5) I have entry in /etc/group depart::101:tmcdos,unix,boss 6) I am expecting "getent passwd administration" to show info about the LDAP user account "administration" with password "samba" and same UID/GID as the entry UNIX in /etc/passwd 7) However, getent does not show anything - neither error message nor the expected information 8) And I do not know what is wrong in my setup - because the OS does not tell me the error. How would I debug the problem ? Probably there is some gotcha, which is not covered in the popular HOWTOs. All I wanted is for SAMBA to require different password for each share, but all files and directories to be owned by a single local OS account (actually 2 accounts - "unix" and "boss") I am thankful for all your responses - but unfortunately, I am still far from reaching my goal :( On Tue, 06 Mar 2012 16:18:15 +0200, Jonathan Adams <[email protected]> wrote:
/etc/passwd still exists for local users (root should always exist as a local user) ... ldap is additional to it (and likewise should never have root in it) zones are really straight forward, http://wiki.openindiana.org/oi/7.+Virtualization you just need a space you want to install the zone in ( a slice of disk ) and an IP address ... there are advanced things you can do if you want to use virtual nics, and we now have an OI server doing stupendous things in zones that we couldn't have done in 4 machines in the past. however, if you don't want to do zones you probably need to run "ldapclient" on the server to allow it to authenticate against the LDAP server. something like (if you use an LDAP server name, remember to put it in /etc/hosts): ldapclient manual -a domainName=dc=domain,dc=com -a preferredServerList=<LDAP Server ip/name> -a authenticationMethod=simple you may want to set the credentialLevel=proxy (if you have protection on who can see the password field of users), or to specify the defaultsearchbase ... you should be able to find out more with "man ldapclient" ... you then might need to change /etc/nsswitch.conf to have "passwd: files ldap" and "group: files ldap" make sure files comes first. you should then be able to "getent passwd administrator" Jon
_______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
