[Samba] strange uid=domain\5Cuser ldap search requests
Thierry Lacoste
lacoste at miage.univ-paris12.fr
Wed Oct 10 19:52:28 GMT 2007
Hello,
I have a Samba/OpenLDAP domain (PDB+BDC) and
a member Samba server hosting homes and profiles
which is identifying users with nss_ldap and is issuing some
strange ldap searches.
I have these messages in my slapd logs:
conn=14143 op=2 SRCH base="ou=XXX" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=domain\5Cuser))"
conn=14143 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn
homeDirectory loginShell gecos description objectClass shadowLastChange
shadowMax shadowExpire
conn=14143 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
always repeating exactly 3 times and then
conn=14143 op=5 SRCH base="ou=XXX" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=user))"
conn=14143 op=5 SRCH attr=uid userPassword uidNumber gidNumber cn
homeDirectory loginShell gecos description objectClass shadowLastChange
shadowMax shadowExpire
conn=14143 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
Although the server also NFS exports the homes for Linux clients
I'm pretty sure that these searches come from samba as it seems
to happen only upon logon to the domain from a Windows client.
I obtain exactly the same search request when I issue an 'id domain\user'.
Can someone explain what's happening?
Is this because of the 'password server' directive?
Is it better to use 'passdb backend = ldapsam' together
with the 'ldap' directives as I use them on my DCs?
Regards,
Thierry.
My smb.conf:
[global]
workgroup = XXX
netbios name = CAPELLA
security = DOMAIN
name resolve order = wins bcast
wins server = xxx.xxx.xxx.xxx
netbios aliases = AHOMES APROFILES
server string = %L
password server = ALDAP1 ALDAP2
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[Profiles]
comment = Roaming Profile Share
path = /export/profiles
read only = No
profile acls = Yes
More information about the samba
mailing list