[samba] ldapsam:trusted = yes kills smbd
jra at samba.org
Thu Sep 29 22:59:44 GMT 2005
On Thu, Sep 29, 2005 at 11:37:37PM +0100, Daniel Wilson wrote:
> ok cool
> i have changed the sambaPrimaryGroupSid: S-1-1-0 on uid=nobody and
> changed sambaSID: S-1-1-0 on group nobody and it now starts yeh!! :)
> but now if i remove ldap from /etc/nsswitch.conf
> passwd: file
> group: file
> i cant login to the domain:
> [2005/09/29 23:27:54, 2] lib/smbldap.c:smbldap_open_connection(692)
> smbldap_open_connection: connection opened
> [2005/09/29 23:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: ws0dwi
> [2005/09/29 23:27:54, 1] auth/auth_util.c:make_server_info_sam(840)
> User ws0dwi in passdb, but getpwnam() fails!
> [2005/09/29 23:27:54, 0] auth/auth_sam.c:check_sam_security(324)
> check_sam_security: make_server_info_sam() failed
> with 'NT_STATUS_NO_SUCH_USER'
> [2005/09/29 23:27:54, 2] auth/auth.c:check_ntlm_password(312)
> check_ntlm_password: Authentication for user [ws0dwi] -> [ws0dwi]
> FAILED with error NT_STATUS_NO_SUCH_USER
> is this me being ignorant, or do i still need ldap in the
> nsswitch.conf file? thought the idea was that ldapsam:trusted = yes
> ment we didnt need to have ldap in nsswitch.conf so nss_ldap wouldnt
> enumerate all the users?
Ah, no - smbd is still calling the system getpwnam and others
so I think you're still going to need ldap in nsswitch.conf.
More information about the samba