Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works

[Guillaume Rousse <Guillaume.Rousse [at] inria.fr>]

Douglas E. Engert a écrit :
> philoertel wrote:
> > Thanks for the responses!
> >
> > See I saw a post somewhere else suggesting there might be a problem 
> > with not
> > having uid and gid. But I thought this was a common thing and there 
> > must be
> > a way. I definitely don't have uid in AD. If I can get my AD admins to 
> > work
> > with me, can I just add random uids (>1000)? I don't really understand 
> > why
> > they have to be there for this to work, so I can't figure out if 
> > there's a
> > reasonable workaround.
I don't think you can freely add additional information in AD, tough I'm 
not an expert. Indeed, mapping information (login <-> uid) does not 
mandatorily have to be there.

> > I have users both local and remote because remote doesn't work! But I 
> > think
> > this is the normal way right? Because root's always going to be local? 
> > And
> > at any rate it shouldn't cause any problems.
It's fine to have local and remote users, provided they are distinct set 
of users. Otherwise, you're going into various kind of troubles.

[..]
> and also look at Samba.
And more specifically at winbind.