[samba] ldapsam:trusted = yes kills smbd

Daniel Wilson daniel.wilson at sunderland.ac.uk
Thu Sep 29 22:37:37 GMT 2005

ok cool

i have changed the sambaPrimaryGroupSid: S-1-1-0 on uid=nobody and 
changed sambaSID: S-1-1-0 on group nobody and it now starts yeh!! :)

but now if i remove ldap from /etc/nsswitch.conf

passwd: file
group: file

i cant login to the domain:

[2005/09/29 23:27:54, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/29 23:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: ws0dwi
[2005/09/29 23:27:54, 1] auth/auth_util.c:make_server_info_sam(840)
  User ws0dwi in passdb, but getpwnam() fails!
[2005/09/29 23:27:54, 0] auth/auth_sam.c:check_sam_security(324)
  check_sam_security: make_server_info_sam() failed 
[2005/09/29 23:27:54, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [ws0dwi] -> [ws0dwi] 

is this me being ignorant, or do i still need ldap in the 
nsswitch.conf file? thought the idea was that ldapsam:trusted = yes 
ment we didnt need to have ldap in nsswitch.conf so nss_ldap wouldnt 
enumerate all the users?


Daniel Wilson
Systems Administrator

IT & Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road

Tel: 0191 515 2695

This e-mail contains information which is confidential and may be 
privileged and is for the exclusive use of the recipient. 
It is the responsibility of the recipient to ensure that this message 
and its attachments are virus free. 
Any views or opinions presented are solely those of the author and do 
not necessarily represent those of the University, unless otherwise 

----- Original Message -----
From: Jeremy Allison <jra at samba.org>
Date: Thursday, September 29, 2005 11:13 pm
Subject: Re: [samba] ldapsam:trusted = yes kills smbd

> On Thu, Sep 29, 2005 at 11:16:03PM +0100, Daniel Wilson wrote:
> > 
> > ok i have now changed the sambaSID on the user nobody to be 
> <gloabl-
> > sam-sid>-501
> > 
> > it now finds the user nobody but still says it can't find the 
> primary 
> > group:
> > for the user nobody, here are my ldap entries:
> > 
> > # nobody, People, Staff, Itacs, sunderland.ac.uk
> > dn: 
> > sambaSID: S-1-5-21-82148923-2461359520-1342846908-501
> > cn: nobody
> > uid: nobody
> > gidNumber: 65533
> > sambaPrimaryGroupSID: S-1-0-0 (which i understand is nobody on 
> windows)
> No, that sid S-1-0-0 is wrong I think. Look here for details :
> http://linux-ntfs.sourceforge.net/ntfs/concepts/sid.html

More information about the samba mailing list