[samba] samba is killing our LDAP
Andrew Bartlett
abartlet at samba.org
Thu Apr 14 11:24:19 GMT 2005
On Thu, 2005-04-14 at 12:14 +0100, Daniel Wilson wrote:
> We have found that a line in /etc/ldap.conf is doing this query :)
>
> pam_filter objectclass=posixAccount
>
> we have removed this line and we now see no queries! we have went 24hrs
> with no LDAP crash fingers crossed?
>
> Any news why adding ldapsam:trusted = yes silently crashed smbd with
> version 3.0.13 as soon as i start smbd??
It is unforunetly not very verbose when the 'guest account' is not
*complete* in ldap. By complete, I mean (assuming the user is
'nobody'):
The 'nobody' user must exist in ldap, with posixAccount and
sammbSamAccount attributes. This replaces any account in /etc/passwd,
or at the very least all the values must match (replace is safer).
The posix primary group of 'nobody' (likely to be either 'nogroup' or
'nobody') must exist in ldap, replacing the value in /etc/group. The
posix primary group of 'nobody' should be mapped to the 'domain guests'
SID using the group mapping tool.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050414/03aac7cc/attachment.bin
More information about the samba
mailing list