Hey all,

I hope this is the correct forum for this question. If not, I apologies.

We have encountered a strange issue with getent passwd where several of the users that have been given UNIX IDs with in Active Directory do not show while others do. If you execute a getent passwd <specific user> it will display the expected information pertaining to that user.

We are using CentOS 5.1 with OpenLDAP 2.3.27 client. We are also using Windows 2003 R2 for the domain controller.

This problem is not a show stopper but it is a pain. It is an inconsistency that we would like to fix. (I don't like inconsistencies. ~(8-{)} )

Below are the configuration files used on each of the Linux clients. If AD information is needed I will have to drag it out of the windows administrator.

Thanks you all in advance for the help,

DHM

======== BEGIN: /etc/ldap.conf ==============
host {Domain Controller1}
port 389
ldap_version 3
base dc=xxx1,dc=xxx2,dc=xxx3
deref always
uri ldap://{Domain Controller1}/

binddn {A user}
bindpw {A password}

ssl no
scope sub
timelimit 30
bind_timelimit 30
idle_timelimit 3600
referrals no

nss_base_passwd dc=xxx1,dc=xxx2,dc=xxx3?sub
nss_base_shadow dc=xxx1,dc=xxx2,dc=xxx3?sub
nss_base_group dc=xxx1,dc=xxx2,dc=xxx3?sub

nss_map_objectclass posixAccount user
nss_map_objectclass posixGroup group
nss_map_objectclass shadowAccount user
nss_map_attribute uniqueMember member
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute gecos name

pam_filter objectclass=user
======== END: /etc/ldap.conf ==============

============ BEGIN: /etc/krb5.conf ===================
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = XXX1.XXX2.XXX3
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_keytab_name = FILE:/etc/krb5.keytab

dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
XXX1.XXX2.XXX3 = {
kdc = {Domain Controller1}
kdc = {Domain Controller2}
passwd_server = {Domain Controller1}
admin_server = {Domain Controller1}
default_domain = xxx1.xxx2.xxx3
}

[domain_realm]
xxx1.xxx2.xxx3 = XXX1.XXX2.XXX3
.xxx1.xxx2.xxx3 = XXX1.XXX2.XXX3

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
============ END: /etc/krb5.conf ===================

============ BEGIN: /etc/samba/smb.conf ===================
workgroup = {WG name}

realm = xxx1.xxx2.xxx3
security = ads

client schannel = no
use spnego = yes
client use spnego = yes

domain master = no
local master = no
preferred master = no
os level = 99

encrypt passwords = yes
password server = {Domain Controller1}
use kerberos keytab = true

log file = /var/log/samba/%m.log
max log size = 50
dns proxy = no
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=4096 SO_SNDBUF=4096
hosts allow = all
============ END: /etc/samba/smb.conf ===================