you still have "ldap" in your /etc/nsswitch.conf on the passwd and
group lines? (are you using nwam?)
does ldapsearch work without a password now?
do you get anything from:
ldapsearch -b ou=users,dc=domain,dc=com -D cn=admin,dc=domain,dc=com
-w my-secret -s one uid=administration
can you re-pas
Enabling debug for "name-service-cache" and then issuing "getent passwd
administration"
shows this:
Tue Mar 6 22:30:05.6585--3--27998 lookup_int:
getpwnam [key=administration]: lookup start
Tue Mar 6 22:30:05.6585--3--27998 lookup_cache:
getpwnam [key=
I have applied your settings, restarted ldapclient and started SLAPD in debug
mode (-d 10)
so I can monitor the console - but when I issue "getent passwd administration",
there is
no change on the debug output, and that means "getent" does not even attempt to
connect to LDAP server ...
On Tue,
my auth from my slapd.conf:
access to dn.base="" by * read
#
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by dn="cn=samba_admin,ou=People,dc=domain,dc=com" read
by anonymousauth
by *none
#
access to *
b
On Tue, 06 Mar 2012 19:16:43 +0200, Jonathan Adams
wrote:
you can have it set up to have all files owned by a single user if
that is what you want, you can do that in the samba configuration ...
Yes, but as you already said - in this case I will need a 1:1 existense of
Solaris
account for
What I'm doing to keep people from logging in via ssh is setting the
shell to /usr/bin/passwd. Then when someone connects with ssh, they
can change their password, but that's all the can do. Their new
password works with CIFS (Samba), since I have:
other password required pam_smb_passwd.so.1 n
On Mar 6, 2012, at 6:18 AM, Jonathan Adams wrote:
> /etc/passwd still exists for local users (root should always exist as
> a local user) ... ldap is additional to it (and likewise should never
> have root in it)
Actually, it is very useful to have an LDAP entry for root, that way you can
track a
you can have it set up to have all files owned by a single user if
that is what you want, you can do that in the samba configuration ...
as I said, the hardest issue is to make your solaris machine an LDAP
client ... I take it that the LDAP server is running on the local
machine?
I'm wondering if
My native language is not English - so it is possible that am not able to
properly
describe the situation. I am patient and will repeat some key moments from my
setup:
1) I have run ldapclient and it produced the following files:
/var/ldap/ldap_client_cred:
==
NS_LDAP_BINDD
Also remember the simple trick, if you want accounts where the user
can not logon, just make their shell /bin/false
On Tue, Mar 6, 2012 at 6:18 PM, Jonathan Adams wrote:
> /etc/passwd still exists for local users (root should always exist as
> a local user) ... ldap is additional to it (and likew
/etc/passwd still exists for local users (root should always exist as
a local user) ... ldap is additional to it (and likewise should never
have root in it)
zones are really straight forward,
http://wiki.openindiana.org/oi/7.+Virtualization
you just need a space you want to install the zone in (
On Tue, 06 Mar 2012 12:01:21 +0200, Jonathan Adams
wrote:
I am including the "samba.schema" in slapd.conf - and I have also this in LDAP:
# Entry 1: ou=users,dc=domain,dc=com
dn: ou=users,dc=domain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: users
# Entry 2: uid=administration
ok, well thats relatively straight forward ...
you might want to do this in a zone on Solaris, if you're worried
about polluting the passwd file because each samba user _does_ need a
user on the system, if you do it in a zone then the zone can be an
LDAP client and you can disable all ssh, telnet
On Mon, 05 Mar 2012 19:55:36 +0200, Jonathan Adams
wrote:
Samba with LDAP is a PITA ... and we use it ...
First off, all users who want to use samba must have real uids on the
system, which means that the host has to be an LDAP client.
Second, since 3.0.24 if you're planning on being a domai
Samba with LDAP is a PITA ... and we use it ...
First off, all users who want to use samba must have real uids on the
system, which means that the host has to be an LDAP client.
Second, since 3.0.24 if you're planning on being a domain server you
need to get hold of the smb-ldap perl tools.
have
I have installed the latest OpenIndiana 151a, SAMBA 3.5.5 and OpenLDAP 2.4.13
SAMBA works in workgroup setup, LDAP server also works - I can bind with the
root DN and I have 5-6 profiles inside (posixAccount).
Unfortunately SAMBA does not trust the uidNumber from LDAP and tries Get_PwNam
without
16 matches
Mail list logo
