[samba] samba is killing our LDAP

Daniel Wilson daniel.wilson at sunderland.ac.uk
Thu Apr 14 11:14:00 GMT 2005


We have found that a line in /etc/ldap.conf is doing this query :)

pam_filter    objectclass=posixAccount

we have removed this line and we now see no queries! we have went 24hrs 
with no LDAP crash fingers crossed?

Any news why adding ldapsam:trusted = yes silently crashed smbd with 
version 3.0.13 as soon as i start smbd??

regards


Andrew Bartlett wrote:
> On Wed, 2005-04-13 at 12:47 +0100, Daniel Wilson wrote:
> 
>>Hi all,
>>
>>We have samba 3.0.11 installed on suse 9.2, we are in the middle of a 
>>project of rolling out samba to about 15,000 users in our university, 
>>samba is configured to auth via LDAP (Sun One Directory Server 5.2),
>>
>>For some reason samba is doing this query...
>>
>>[13/Apr/2005:10:41:04 +0100] conn=9823 op=2 msgId=3 - SRCH
>>base="dc=sunderland,dc=ac,dc=uk" scope=2
>>filter="(objectClass=posixAccount)" attrs="uid userPassworduidNumber
>>gidNumber cn homeDirectory loginShell gecos description objectClass"
> 
> 
> First, that's not Samba directly, that is nss_ldap.  Some bright bit of
> code is doing 'getent passwd' or the equivalent.   Now, this may be
> triggered by Samba, and if your LDAP server is internally consistent
> (all the things Samba cares about are in ldap), then you should try
> setting 'ldapsam:trusted = yes' in your smb.conf.  This is meant to be
> better with current Samba3 over 3.0.11, but that version does include an
> older version of the code.
> 
> Andrew Bartlett

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Wilson
Systems Administrator

IT & Communications Service
University of Sunderland
Unit 1a Technology Park
Chester Road
Sunderland
SR2 7PT

Tel: 0191 515 2695

This e-mail contains information which is confidential and may be 
privileged and is for the exclusive use of the recipient.
It is the responsibility of the recipient to ensure that this message 
and its attachments are virus free.
Any views or opinions presented are solely those of the author and do 
not necessarily represent those of the University, unless otherwise 
specifically
stated.



More information about the samba mailing list