[samba] samba is killing our LDAP

Wed Apr 13 13:00:24 GMT 2005

Thanks for your quick response.

Yes samba relies totally on LDAP, no groups or user reside on in local 
files, however i put the "ldapsam:trusted = yes" line in the smb.conf 
put it kill smbd process silently as soon as i have started it :(

I have tried this on 3.0.13, havent yet on 3.0.11 as thats the 
production version!

logs show only this:

Starting Samba daemons: nmbd smbd[2005/04/13 14:06:44, 0] 
smbd/server.c:main(798)
   smbd version 3.0.13 started.
   Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/04/13 14:06:44, 2] param/loadparm.c:do_section(3426)
   Processing section "[netlogon]"
[2005/04/13 14:06:45, 2] lib/interface.c:add_interface(81)
   added interface ip=157.228.38.136 bcast=157.228.255.255 nmask=255.255.0.0
[2005/04/13 14:06:45, 2] lib/interface.c:add_interface(81)
   added interface ip=157.228.38.137 bcast=157.228.255.255 nmask=255.255.0.0
[2005/04/13 14:06:45, 2] lib/smbldap.c:smbldap_search_domain_info(1394)
   Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UNI-STAFF))]
[2005/04/13 14:06:45, 2] lib/smbldap.c:smbldap_open_connection(692)
   smbldap_open_connection: connection opened

my smb.conf looks like:

netbios name = quigon1
workgroup = uni-staff
enable privileges = yes
passdb backend = ldapsam:"ldap://vila.sunderland.ac.uk 
ldap://jenna.sunderland.ac.uk"
ldapsam:trusted = yes
ldap delete dn = no
ldap suffix = dc=sunderland,dc=ac,dc=uk
ldap machine suffix = ou=uos,ou=domains,ou=network
ldap group suffix = ou=groups,ou=filestore
ldap admin dn = "cn=Directory Manager"
ldap ssl = on
ldap passwd sync = yes
idmap backend = ldap:ldap://vila.sunderland.ac.uk
ldap idmap suffix = ou=groups,ou=filestore,dc=sunderland,dc=ac,dc=uk
os level = 33
log level = 2
preferred master = no
domain master = no
local master = no
security = user
domain logons = yes
logon home =
logon path =
username map = /mnt/netlogon/usermap

[netlogon]
         comment = netlogon share
         path = /mnt/netlogon
         read only = yes

Thank you,

Daniel

Andrew Bartlett wrote:
> On Wed, 2005-04-13 at 12:47 +0100, Daniel Wilson wrote:
> 
>>Hi all,
>>
>>We have samba 3.0.11 installed on suse 9.2, we are in the middle of a 
>>project of rolling out samba to about 15,000 users in our university, 
>>samba is configured to auth via LDAP (Sun One Directory Server 5.2),
>>
>>For some reason samba is doing this query...
>>
>>[13/Apr/2005:10:41:04 +0100] conn=9823 op=2 msgId=3 - SRCH
>>base="dc=sunderland,dc=ac,dc=uk" scope=2
>>filter="(objectClass=posixAccount)" attrs="uid userPassworduidNumber
>>gidNumber cn homeDirectory loginShell gecos description objectClass"
> 
> 
> First, that's not Samba directly, that is nss_ldap.  Some bright bit of
> code is doing 'getent passwd' or the equivalent.   Now, this may be
> triggered by Samba, and if your LDAP server is internally consistent
> (all the things Samba cares about are in ldap), then you should try
> setting 'ldapsam:trusted = yes' in your smb.conf.  This is meant to be
> better with current Samba3 over 3.0.11, but that version does include an
> older version of the code.
> 
> Andrew Bartlett

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Wilson
Systems Administrator

IT & Communications Service
University of Sunderland
Unit 1a Technology Park
Chester Road
Sunderland
SR2 7PT

Tel: 0191 515 2695

This e-mail contains information which is confidential and may be 
privileged and is for the exclusive use of the recipient.
It is the responsibility of the recipient to ensure that this message 
and its attachments are virus free.
Any views or opinions presented are solely those of the author and do 
not necessarily represent those of the University, unless otherwise 
specifically
stated.