Web lists-archives.com

Re: [Samba] add machine script not running

On Fri, 2017-11-17 at 09:03 +0100, Daniel Berteaud via samba wrote:
> Le 16/11/2017 à 19:30, Andrew Bartlett via samba a écrit :
> > 
> > > But unlike nss-ldap, sssd does provide some caching mecanism that's
> > > why I think it's this part which breaks something.
> > > 
> > > Switching to nss-ldap+pam-ldap instead of sssd makes everything
> > > working. I just don't understand why. How can this makes samba
> > > ignore "add machine script" and instead try to create the entry
> > > directly ?
> > 
> > This is executed when the posix account doesn't exist, so it depends on
> > the return value of getpwnam(), which in turn makes nss calls.
> It's still not very clear to me. When the posix account does not exist, 
> samba should call the "add machine script". But in my case, the account 
> didn't existed, but instead of calling add machine script, samba tried 
> to create directly the user in the LDAP tree, not through my custom 
> script. It's this part that I don't understand.

The two parts are de-coupled, we add entries to LDAP if they don't
exist.  This is independent of the add user script.

The only time we combine it all is with the editposix thing, which in
hindsight is what we should have done by default all along.


Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba