[Samba] [POSIBLE BUG?] samba+ldap+smbldap-tools

Jose Pedro Andres jpandres at sescam.jccm.es
Thu Oct 2 16:28:27 GMT 2003


Hi:
	today i discover a problem in smbldap-tools that ( IMHO ) can be the reason
because the XP`s profiles becomes corrupt, and get us a lot of problems.

	I work in a environment that has a lot of XP clients, and a linux Red Hat 8.0
Server, running samba 2.2.8a, which validate the users into a Iplanet LDAP
server.
	In order to create/modify/delete users, I use sambaldap-tools.

	this morning i discover thar, on a XP client, the access rights on the
profile directory of a user ( u1 ) was changed. The user wich owns the
directory didn't have access to his profile, and other user of the domain
( u2 ) was granted to access it.

	looking for the reason of this problem, i get that when sambaldap-useradd
add a user, it looks for the first user id not used in the domain, and using
this user id creates the new user. So, if previously i delete other user, the
new users gets the same user id of the previously deleted user, and if the
profile was not delete from the client computer, mi XP uses the same profile
directory wich was used by the deleted user.

	The really problem i get is: the user profiles becomes corrupt and i notice
that the profiles are corrupt for the users which user's id are the same
( the precious profile created before the deletion of the samba users was not
deleted form the client computers ).

	i think that a incorrect configuration in the ldap server can cause that a
user get access to resources to which previously was not granted.

	i not sure of this approach, and i wish you to explain me if i am right or
wrong.

	in the fact of this approach is correct, what can i do ?

thanks for all.




More information about the samba mailing list