[samba] ldapsam:trusted = yes kills smbd
Daniel Wilson
daniel.wilson at sunderland.ac.uk
Thu Sep 29 22:37:37 GMT 2005
ok cool
i have changed the sambaPrimaryGroupSid: S-1-1-0 on uid=nobody and
changed sambaSID: S-1-1-0 on group nobody and it now starts yeh!! :)
but now if i remove ldap from /etc/nsswitch.conf
passwd: file
group: file
i cant login to the domain:
[2005/09/29 23:27:54, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/29 23:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: ws0dwi
[2005/09/29 23:27:54, 1] auth/auth_util.c:make_server_info_sam(840)
User ws0dwi in passdb, but getpwnam() fails!
[2005/09/29 23:27:54, 0] auth/auth_sam.c:check_sam_security(324)
check_sam_security: make_server_info_sam() failed
with 'NT_STATUS_NO_SUCH_USER'
[2005/09/29 23:27:54, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [ws0dwi] -> [ws0dwi]
FAILED with error NT_STATUS_NO_SUCH_USER
is this me being ignorant, or do i still need ldap in the
nsswitch.conf file? thought the idea was that ldapsam:trusted = yes
ment we didnt need to have ldap in nsswitch.conf so nss_ldap wouldnt
enumerate all the users?
regards
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Wilson
Systems Administrator
IT & Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be
privileged and is for the exclusive use of the recipient.
It is the responsibility of the recipient to ensure that this message
and its attachments are virus free.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of the University, unless otherwise
specifically
stated.
----- Original Message -----
From: Jeremy Allison <jra at samba.org>
Date: Thursday, September 29, 2005 11:13 pm
Subject: Re: [samba] ldapsam:trusted = yes kills smbd
> On Thu, Sep 29, 2005 at 11:16:03PM +0100, Daniel Wilson wrote:
> >
> > ok i have now changed the sambaSID on the user nobody to be
> <gloabl-
> > sam-sid>-501
> >
> > it now finds the user nobody but still says it can't find the
> primary
> > group:
> > for the user nobody, here are my ldap entries:
> >
> > # nobody, People, Staff, Itacs, sunderland.ac.uk
> > dn:
uid=nobody,ou=People,ou=Staff,ou=Itacs,dc=sunderland,dc=ac,dc=uk
> > sambaSID: S-1-5-21-82148923-2461359520-1342846908-501
> > cn: nobody
> > uid: nobody
> > gidNumber: 65533
> > sambaPrimaryGroupSID: S-1-0-0 (which i understand is nobody on
> windows)
> No, that sid S-1-0-0 is wrong I think. Look here for details :
>
> http://linux-ntfs.sourceforge.net/ntfs/concepts/sid.html
>
More information about the samba
mailing list