[Samba] Bug in LDAP stuff?

[David Krider]

I think I've found a bug in the LDAP stuff. I've got a LDAP backend
setup based on the idealx scripts. When I try to join a machine to my
domain, I get the following. The important bit I want to point out is
that the LDAP search is looking for (a lot of) properties, but it seems
to be looking for _ALL_ objectClass=sambaSamAccount's. At this point in
the trace, it should be trying to validate the login *as root* in order
to join the machine. The query it's making does indeed return two
entries: root and nobody, as it should, but two entries screws up the
process now. Shouldn't the filter here be more like
'(&(objectClass=sambaSamAccount)(uid=root))'? (Or whatever uid you're
using to try to join the machine with. I know that the idealx stuff is
out of date now post 3.0.11 with the "root" requirement. Here's hoping
they update their stuff soon.) The filter is being supplied by Samba
itself; hence, I'm thinking it's a bug. The question is: where do I go
from here?

Regards,
dk


Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
lib/smbldap.c:smbldap_connect_system(866)
Aug 10 09:38:50 excelsior smbd[32235]:   ldap_connect_system: succesful
connection to the LDAP server
Aug 10 09:38:50 excelsior smbd[32235]:   ldap_connect_system: LDAP
server does support paged resultsAug 10 09:38:50 excelsior smbd[32235]:
[2005/08/10 09:38:50, 4] lib/smbldap.c:smbldap_open(929)
Aug 10 09:38:50 excelsior smbd[32235]:   The LDAP server is succesfully
connected
Aug 10 09:38:50 excelsior slapd[31471]: conn=64 op=2 SRCH
base="dc=starfleet,dc=mil" scope=2 deref=0
filter="(&(objectClass=sambaSamAccount))"
Aug 10 09:38:50 excelsior slapd[31471]: conn=64 op=2 SRCH attr=uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp
Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 1]
passdb/pdb_ldap.c:ldapsam_getsampwnam(1338)
Aug 10 09:38:50 excelsior smbd[32235]:   ldapsam_getsampwnam: Duplicate
entries for this user [root] Failing. count=2
Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
smbd/sec_ctx.c:pop_sec_ctx(386)
Aug 10 09:38:50 excelsior smbd[32235]:   pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
auth/auth_sam.c:check_sam_security(257)
Aug 10 09:38:50 excelsior smbd[32235]:   check_sam_security: Couldn't
find user 'root' in passdb.
Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
auth/auth_winbind.c:check_winbind_security(80)
Aug 10 09:38:50 excelsior smbd[32235]:   check_winbind_security: Not
using winbind, requested domain [STARFLEET] was for this SAM.
Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 2]
auth/auth.c:check_ntlm_password(312)Aug 10 09:38:50 excelsior
smbd[32235]:   check_ntlm_password:  Authentication for user [root] ->
[root] FAILED with error NT_STATUS_NO_SUCH_USER
Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
smbd/sesssetup.c:do_map_to_guest(41)Aug 10 09:38:50 excelsior
smbd[32235]:   No such user root [STARFLEET] - using guest account