[samba] samba is killing our LDAP
Daniel Wilson
daniel.wilson at sunderland.ac.uk
Thu Apr 14 11:14:00 GMT 2005
We have found that a line in /etc/ldap.conf is doing this query :)
pam_filter objectclass=posixAccount
we have removed this line and we now see no queries! we have went 24hrs
with no LDAP crash fingers crossed?
Any news why adding ldapsam:trusted = yes silently crashed smbd with
version 3.0.13 as soon as i start smbd??
regards
Andrew Bartlett wrote:
> On Wed, 2005-04-13 at 12:47 +0100, Daniel Wilson wrote:
>
>>Hi all,
>>
>>We have samba 3.0.11 installed on suse 9.2, we are in the middle of a
>>project of rolling out samba to about 15,000 users in our university,
>>samba is configured to auth via LDAP (Sun One Directory Server 5.2),
>>
>>For some reason samba is doing this query...
>>
>>[13/Apr/2005:10:41:04 +0100] conn=9823 op=2 msgId=3 - SRCH
>>base="dc=sunderland,dc=ac,dc=uk" scope=2
>>filter="(objectClass=posixAccount)" attrs="uid userPassworduidNumber
>>gidNumber cn homeDirectory loginShell gecos description objectClass"
>
>
> First, that's not Samba directly, that is nss_ldap. Some bright bit of
> code is doing 'getent passwd' or the equivalent. Now, this may be
> triggered by Samba, and if your LDAP server is internally consistent
> (all the things Samba cares about are in ldap), then you should try
> setting 'ldapsam:trusted = yes' in your smb.conf. This is meant to be
> better with current Samba3 over 3.0.11, but that version does include an
> older version of the code.
>
> Andrew Bartlett
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Wilson
Systems Administrator
IT & Communications Service
University of Sunderland
Unit 1a Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be
privileged and is for the exclusive use of the recipient.
It is the responsibility of the recipient to ensure that this message
and its attachments are virus free.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of the University, unless otherwise
specifically
stated.
More information about the samba
mailing list