[Samba] Samba 3.0.21 and after creates ldapsam:trusted display
problems in User Manager?
MJuettne at austinisd.org
MJuettne at austinisd.org
Wed Oct 4 15:47:05 GMT 2006
I recently upgraded a 3.0.14a installation (using an OpenLDAP backend) to
3.0.23c and noticed that when using the Windows User Manager group members
are no longer listed when viewing a group--when 'ldapsam:trusted = yes' is
set. I've since compiled and tested various versions using default
options and the last time I see this member listing working was in
3.0.20b--3.0.21 and later appear to exhibit the problem. It looks to me
like an LDAP query is being filtered with a sambaAccount objectClass
instead of sambaSamAccount. Here is a level 10 log snippet from 3.0.23c
when it wasn't working:
[2006/10/04 10:27:02, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Users,dc=isas,dc=austinisd.org], filter
=> [(&(objectClass=sambaAccount)(|(uid=3014a_1)))], scope => [2]
[2006/10/04 10:27:02, 10]
passdb/pdb_ldap.c:ldapsam_enum_group_members(2432)
ldapsam_enum_group_members: found 0 accounts
And here is a level 10 log snippet from 3.0.20b when it was working:
[2006/10/04 10:00:52, 5] lib/smbldap.c:smbldap_search_ext(980)
smbldap_search_ext: base => [ou=Users,dc=isas,dc=austinisd.org], filter
=> [(&(objectClass=sambaSamAccount)(|(uid=3014a_1)))], scope => [2]
[2006/10/04 10:00:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 513) - sec_ctx_stack_ndx = 0
Using a version of Samba lower than 3.0.21 (and 3.014a and above) with
'ldapsam:trusted = yes' and the group member listing works. Commenting
out the 'ldapsam:trusted = yes' line in 3.0.23c and the group member
listing works. All other functionality within User Manager (and Samba in
general) appears to work: I can join my workstation to the domain, bring
up User Manager, add users, delete users, rename users, add groups, delete
groups, and add users to groups (verified by running IDEALX commands on
the domain controller). If a user is already a member of a group then
User Manager correctly alerts you to that information and rejects your
attempted re-add. Everything really appears to be fine, User Manager just
won't list group members. No error message is displayed within User
Manager.
Is there some other configuration change introduced in 3.0.21 that I need
to worry about setting after I upgrade? Is that filter being pulled in
from somewhere else starting with 3.0.21 that I can configure?
Thanks.
Mark
More information about the samba
mailing list