Re: [OpenIndiana-discuss] Could not setup LDAP for SAMBA

Tue, 06 Mar 2012 12:34:23 -0800 

Enabling debug for "name-service-cache" and then issuing "getent passwd 
administration"
shows this:

Tue Mar  6 22:30:05.6585--3--27998      lookup_int:
                getpwnam [key=administration]: lookup start
Tue Mar  6 22:30:05.6585--3--27998      lookup_cache:
                getpwnam [key=administration]: cache miss
Tue Mar  6 22:30:05.6586--3--27998      lookup_int:
                getpwnam [key=administration]: name service lookup required
Tue Mar  6 22:30:05.6593--3--27998      lookup_int:
                getpwnam [key=administration]: name service lookup status = 2
Tue Mar  6 22:30:05.6593--3--27998      lookup_int:
                getpwnam [key=administration]: name service lookup failed
Tue Mar  6 22:30:05.6594--3--27998      lookup_int:
                getpwnam [key=administration]: name service lookup failed 
(status=2, errno=0)

and this is not very helpful :(

IVO GELOV

On Tue, 06 Mar 2012 21:17:09 +0200, Jonathan Adams <[email protected]> 
wrote:


my auth from my slapd.conf:

access to dn.base="" by * read
#
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
        by self         write
        by dn="cn=samba_admin,ou=People,dc=domain,dc=com"   read
        by anonymous    auth
        by *            none
#
access to *
        by *            read

my /var/ldap/ldap_client_file:

NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 127.0.0.1
NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= auto_home:nisMapName=auto_home,dc=domain,dc=com
NS_LDAP_ATTRIBUTEMAP= automount:automountKey=cn
NS_LDAP_ATTRIBUTEMAP= automount:automountInformation=nisMapEntry
NS_LDAP_ATTRIBUTEMAP= automount:automountMapName=nisMapName
NS_LDAP_OBJECTCLASSMAP= automount:automount=nisObject
NS_LDAP_OBJECTCLASSMAP= automount:automountMap=nisMap

I don't believe you will want any of the automount stuff, we use
profiles and I've changed the LDAP_SERVERS list so that it doesn't
have all 30 machines in it (we also have syncrepl enabled with chains
to replicas) :)

not sure if the access stuff makes any difference.

you might want to change your bind auth to simple ...

you shouldn't need to put any users in your /etc/passwd.

Jon

_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss


_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss

Reply via email to