Boggin's picture

Mediaserver includes Samba and Webmin. I use JumpCloud's LDAP-as-a-Service. I know that Samba can authenticate to JumpCloud's LDAP service but how do I configure this for Samba Windows File Sharing?

I've posted this question to SuperUser but there's been no comments yet.

Webmin provides access to "Edit Config File". I've used the following based on a JumpCloud LDAP NAS/Samba Integration Step-by-Step Worksheet (note: obviously not my actual org id or user id).

I checked with JumpCloud and they believe my configuration is correct for LDAP.

I've run smbpasswd -w my-samba-passwd and restarted the fileserver.

The error in the Samba logs is:

Failed to find a Unix account for 'my-user'
User 'my-user' in passdb, but getpwnam() fails!

For Debian 9 Stretch, which is the underlying OS for the TKL Fileserver, LDAP/NSS is set up from the configuration screens with these installs:
apt-get install libnss-ldapd
apt-get install libpam-ldapd

I've run through the elements in the Debian wiki for LDAP NSS and my configuration appears correct but getent passwd doesn't return the users from JumpCloud so it's probable that the configuration of NSS is incorrect?

Jeremy Davis's picture

Unfortunately my Windows knowledge/experience is really out of date. And as such, my only real experience with Samba in more recent times is fairly simple testing.

My initial suspicion was that it may be something that we're pre-configuring that doesn't play well with your desired usage. However, after trawling through the buildcode, I can't find anything there that seems likely to be causing this (other than the default samba.conf - which you've clearly edited).

I assume that you've restarted Samba, but just in case, please make sure you restart it to apply the config changes.

Beyond that, I have no idea. Although there is a section in the Samba wiki which may be relevant? Beyond that, I did find a few old Stack Exchange posts which may (or may not) provide some hints and/or further ideas? (apologies if they're not as relevant as I might hope):

  • User in passdb, but getpwnam() fails! (StackOverflow)
  • User in passdb, but getpwnam() fails! (ServerFault)
  • samba with OpenLDAP - NT_STATUS_NO_SUCH_USER (Unix/Linux Stack Exchange)
  • Boggin's picture

    Thanks, Jeremy,

    I think it may be something to do with the ordering of the NSS load and the start of Samba services, as those StackExchange questions show.

    I've decided it was a bit too much fiddling so I'm not using JumpCloud for access to the fileserver. I create duplicate account on the TKL Fileserver for each user (with the same passwords). Luckily, I don't have to do regular password recycling!

    Add new comment