[samba] ldapsam:trusted = yes kills smbd
Gerald (Jerry) Carter
jerry at samba.org
Thu Sep 29 22:39:03 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 29 Sep 2005, Daniel Wilson wrote:
> ok cool
>
> i have changed the sambaPrimaryGroupSid: S-1-1-0 on uid=nobody and
> changed sambaSID: S-1-1-0 on group nobody and it now starts yeh!! :)
>
> but now if i remove ldap from /etc/nsswitch.conf
>
> passwd: file
> group: file
>
> i cant login to the domain:
>
> [2005/09/29 23:27:54, 2] lib/smbldap.c:smbldap_open_connection(692)
> smbldap_open_connection: connection opened
> [2005/09/29 23:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: ws0dwi
> [2005/09/29 23:27:54, 1] auth/auth_util.c:make_server_info_sam(840)
> User ws0dwi in passdb, but getpwnam() fails!
> [2005/09/29 23:27:54, 0] auth/auth_sam.c:check_sam_security(324)
> check_sam_security: make_server_info_sam() failed
> with 'NT_STATUS_NO_SUCH_USER'
> [2005/09/29 23:27:54, 2] auth/auth.c:check_ntlm_password(312)
> check_ntlm_password: Authentication for user [ws0dwi] -> [ws0dwi]
> FAILED with error NT_STATUS_NO_SUCH_USER
>
>
> is this me being ignorant, or do i still need ldap in the
> nsswitch.conf file? thought the idea was that ldapsam:trusted = yes
> ment we didnt need to have ldap in nsswitch.conf so nss_ldap wouldnt
> enumerate all the users?
the trusted=yes is not a complete replacement for nss_ldap IIRC. I would
need to check to be sure. but what I remember is that this allows for
certain group membership optimizations.
Volker, can you confirm or correct me?
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQFDPG0JIR7qMdg1EfYRAqRkAJ9YNZM4lQa4a88LqwrNE+U0vPAx6wCfffBt
jfLCuZ5Gq+yngy99VJdqZTA=
=JXoF
-----END PGP SIGNATURE-----
More information about the samba
mailing list