[Samba] [more info] getpwnam fails on ldap

tom burkart samba at aussec.com
Thu Dec 8 23:38:03 GMT 2005

On Dec 8, Josh Kelley wrote:

> On 12/6/05, tom burkart <samba at aussec.com> wrote:
>> Yet "getent passwd | grep <username>" returns the entry from the ldap
>> directory.  The only problem I have found is that "getent shadow | grep
>> <username>" returns a "<username>:x:::::::0" entry (ie cannot access
>> shadow info).  All these commands are run as root so this should not be an
> Did you make sure to set rootbinddn in /etc/ldap.conf and the root
> password in /etc/ldap.secret?  Otherwise, getent shadow runs as an
> unprivileged user, even as root.  Did you check permissions on
> /etc/ldap.secret (should be mode 0600)?
Yes, yes, correct, yes.
What is more strange is that on both servers this is what gets returned, 
yet using samba, one works, the other doesn't.

>From my debugging so far:
What is more interesting is that samba actually uses the rootbinddn for 
the machine login, then retrieves the user information (correctly).  Then 
for some reason it switches to the "proxyuser" (as defined in ldap.conf) 
which has little privilege, and then does something else which then fails 
with the getpwnam error.

I am in the process of making sure every binary on both machines are 
identical to see what happens...


More information about the samba mailing list