RE [Samba] Bug in LDAP stuff?

Wed Aug 10 15:29:28 GMT 2005

Hi,

since samba-3.0.20rc1 the ldap filter parameter is removed.

you can resolve your problem by comment the ldap-filter parameter.

-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467

samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
10/08/2005 17:15:01 :

> I think I've found a bug in the LDAP stuff. I've got a LDAP backend
> setup based on the idealx scripts. When I try to join a machine to my
> domain, I get the following. The important bit I want to point out is
> that the LDAP search is looking for (a lot of) properties, but it seems
> to be looking for _ALL_ objectClass=sambaSamAccount's. At this point in
> the trace, it should be trying to validate the login *as root* in order
> to join the machine. The query it's making does indeed return two
> entries: root and nobody, as it should, but two entries screws up the
> process now. Shouldn't the filter here be more like
> '(&(objectClass=sambaSamAccount)(uid=root))'? (Or whatever uid you're
> using to try to join the machine with. I know that the idealx stuff is
> out of date now post 3.0.11 with the "root" requirement. Here's hoping
> they update their stuff soon.) The filter is being supplied by Samba
> itself; hence, I'm thinking it's a bug. The question is: where do I go
> from here?
>
> Regards,
> dk
>
>
> Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
> lib/smbldap.c:smbldap_connect_system(866)
> Aug 10 09:38:50 excelsior smbd[32235]:   ldap_connect_system: succesful
> connection to the LDAP server
> Aug 10 09:38:50 excelsior smbd[32235]:   ldap_connect_system: LDAP
> server does support paged resultsAug 10 09:38:50 excelsior smbd[32235]:
> [2005/08/10 09:38:50, 4] lib/smbldap.c:smbldap_open(929)
> Aug 10 09:38:50 excelsior smbd[32235]:   The LDAP server is succesfully
> connected
> Aug 10 09:38:50 excelsior slapd[31471]: conn=64 op=2 SRCH
> base="dc=starfleet,dc=mil" scope=2 deref=0
> filter="(&(objectClass=sambaSamAccount))"
> Aug 10 09:38:50 excelsior slapd[31471]: conn=64 op=2 SRCH attr=uid
> uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
> sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
> displayName sambaHomeDrive sambaHomePath sambaLogonScript
> sambaProfilePath description sambaUserWorkstations sambaSID
> sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
> objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
> sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
> sambaLogonHours modifyTimestamp
> Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 1]
> passdb/pdb_ldap.c:ldapsam_getsampwnam(1338)
> Aug 10 09:38:50 excelsior smbd[32235]:   ldapsam_getsampwnam: Duplicate
> entries for this user [root] Failing. count=2
> Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
> smbd/sec_ctx.c:pop_sec_ctx(386)
> Aug 10 09:38:50 excelsior smbd[32235]:   pop_sec_ctx (0, 0) -
> sec_ctx_stack_ndx = 0
> Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
> auth/auth_sam.c:check_sam_security(257)
> Aug 10 09:38:50 excelsior smbd[32235]:   check_sam_security: Couldn't
> find user 'root' in passdb.
> Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
> auth/auth_winbind.c:check_winbind_security(80)
> Aug 10 09:38:50 excelsior smbd[32235]:   check_winbind_security: Not
> using winbind, requested domain [STARFLEET] was for this SAM.
> Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 2]
> auth/auth.c:check_ntlm_password(312)Aug 10 09:38:50 excelsior
> smbd[32235]:   check_ntlm_password:  Authentication for user [root] ->
> [root] FAILED with error NT_STATUS_NO_SUCH_USER
> Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3]
> smbd/sesssetup.c:do_map_to_guest(41)Aug 10 09:38:50 excelsior
> smbd[32235]:   No such user root [STARFLEET] - using guest account
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba