[Samba] ldapsam:trusted=yes

Donald W Watson dwatson at us.ibm.com
Fri Mar 17 20:45:14 GMT 2006






Hi,

I am implementing a series of automated regressions tests for samba3.  I
wish to incorporate the ldapsam:trusted=yes parameter into the testing, and
initially had some problems getting smbd to start up and play well with
clients.

I have discovered that the problem (I am using smbldap tools,
smbldap-populate in particular) is the existence of root and nobody users
in both /etc/passwd and the ldap database.  In /etc/password there is a
root user in group root (0), and a nobody user in group nobody (65533); in
the ldap database there is also a root user in group "Domain Admins" (512)
and a nobody user in group "Domain Guests" (514).  Samba appears to find
the /etc/passwd users first, but wants to find their groups in ldap, where
of course they don't exist.

My solution to this has been to remove the ldap root and nobody users, then
assign the ldap group numbers to the /etc/passwd root and nobody users.
After testing I reassign the /etc/passwd root and nobody users to their
original groups.

I am interested to know if anyone has found a more elegant solution to
using ldapsam:trusted=yes.

Sincerely,    Don Watson
Linux Technology and Solutions; Beaverton, OR
503-578-4861/TL: 775-4861; dwatson at us.ibm.com


More information about the samba mailing list