[samba] samba is killing our LDAP

Andrew Bartlett abartlet at samba.org
Thu Apr 14 11:24:19 GMT 2005


On Thu, 2005-04-14 at 12:14 +0100, Daniel Wilson wrote:
> We have found that a line in /etc/ldap.conf is doing this query :)
> 
> pam_filter    objectclass=posixAccount
> 
> we have removed this line and we now see no queries! we have went 24hrs 
> with no LDAP crash fingers crossed?
> 
> Any news why adding ldapsam:trusted = yes silently crashed smbd with 
> version 3.0.13 as soon as i start smbd??

It is unforunetly not very verbose when the 'guest account' is not
*complete* in ldap.  By complete, I mean (assuming the user is
'nobody'):

The 'nobody' user must exist in ldap, with posixAccount and
sammbSamAccount attributes.  This replaces any account in /etc/passwd,
or at the very least all the values must match (replace is safer).

The posix primary group of 'nobody' (likely to be either 'nogroup' or
'nobody') must exist in ldap, replacing the value in /etc/group.  The
posix primary group of 'nobody' should be mapped to the 'domain guests'
SID using the group mapping tool.  

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050414/03aac7cc/attachment.bin


More information about the samba mailing list