[Samba] LDAP search for root.

William Jojo jojowil at hvcc.edu
Tue Apr 11 20:56:48 GMT 2006 

Hello all!


Is there a reason that the "root" uid is sought after in "ldap suffix" and
not in "ldap user suffix","ldap suffix" when smbd is started?

This seems incorrect to me. I have three domains in the same tree and it's
arranged like so (varying the last dc on each suffix):


        ldap group suffix = cn=Groups,dc=devex
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = cn=Computers,dc=devex
        ldap passwd sync = Yes
        ldap suffix = dc=hvcc,dc=tst
        ldap user suffix = cn=Users,dc=devex
        idmap backend = ldap:ldap://acedev.hvcc.edu

This is several test boxes that would share the same idmap backend. I know I
*could* fix this with ACL's but am I reading correctly as a bug or am I
misunderstanding something? Or is the intent to have "idmap backend" and
"ldap idmap suffix" be mutually exclusive somehow?


[2006/04/11 16:26:12, 5] auth/auth_util.c:debug_unix_user_token(454)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/04/11 16:26:12, 5] lib/smbldap.c:smbldap_search_ext(1080)
  smbldap_search_ext: base => [dc=hvcc,dc=tst], filter =>
[(&(uid=root)(objectclass=sambaSamAccount))], scope => [2]
[2006/04/11 16:26:12, 5] lib/smbldap.c:smbldap_close(989)
  The connection to the LDAP server was closed
[2006/04/11 16:26:12, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2006/04/11 16:26:12, 3] lib/smbldap.c:smbldap_connect_system(905)
  ldap_connect_system: succesful connection to the LDAP server
[2006/04/11 16:26:12, 4] lib/smbldap.c:smbldap_open(969)
  The LDAP server is succesfully connected
[2006/04/11 16:26:12, 1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1491)
  ldapsam_getsampwnam: Duplicate entries for this user [root] Failing.
count=3
[2006/04/11 16:26:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/04/11 16:26:12, 4] passdb/passdb.c:local_uid_to_sid(1146)
  local_uid_to_sid: User root [uid == 0] has no samba account
[2006/04/11 16:26:12, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/04/11 16:26:12, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/04/11 16:26:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/04/11 16:26:12, 5] auth/auth_util.c:debug_nt_user_token(433)
  NT user token: (NULL)
[2006/04/11 16:26:12, 5] auth/auth_util.c:debug_unix_user_token(454)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/04/11 16:26:12, 5] lib/smbldap.c:smbldap_search_ext(1080)
  smbldap_search_ext: base => [cn=Groups,dc=devex,dc=hvcc,dc=tst], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2]



Bill

More information about the samba mailing list