ldapsam:trusted broken
Andreas Schultz
andreas.schultz at gmail.com
Thu Apr 15 08:42:53 MDT 2010
Hi,
At least in 3.5.2 and 3.4.7 ldapsam:trusted in specific configurations
is broken.
Before a machine trust account could be stored in LDAP subtree that
was not mapped into passwd and group databases. This now failes. Here
is a short log extratc from 3.5.2:
[2010/04/15 15:17:17.417546, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: VMS001$
[2010/04/15 15:17:17.430060, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: VMS001$
[2010/04/15 15:17:17.430378, 1] auth/auth_util.c:580(make_server_info_sam)
User VMS001$ in passdb, but getpwnam() fails!
[2010/04/15 15:17:17.430405, 0] auth/auth_sam.c:490(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2010/04/15 15:17:17.430447, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [VMS001$] -> [VMS001$]
FAILED with error NT_STATUS_NO_SUCH_USER
The machine entry is found in LDAP, but samba (unsuccesfull) attempts
the fill the passwd structure.
I guess the assumption was that pdb_get_username() in
make_server_info_sam() would get the passwd structure from the cache.
However, it appears that the passwd structure is never added to the
cache in first place.
I tried to find what has changed to cause this, but so far without luck.
Andreas
More information about the samba-technical
mailing list