Hi all,
It appears this is, indeed, the right place to ask 'stuff'
So here I go again.
After successfully compiling HEAD --with-ldapsam, (thanks Gerry) I
found that I could log in to a samba domain from a W2K box.
Except I got a message saying I didn't have permission to access
my profile, and in fact neither could I access any of my shares.
Whoops. And it all works fine under 2.2.2.
I've spent all day debugging, and finally an strace showed me the
way. There's an iddy-biddy if() block in passdb/pdb_ldap.c which
checks whether to connect to the LDAP server on the ldaps port
(685?) or the normal ldap port (389). And this wasn't giving the right
answer. So I set 'ldap ssl = no' in smb.conf and now all is well
again. AND I get spiffy SIDs rather than dowdy
unix_group\loadofnumbers when I look at process security stuff in
W2K.
Now, the man page says that 'ldap ssl' defaults to off.
Is the man page wrong, or have I done another of my astounding
feats of misconfiguration?
Maybe I've done something wrong when configuring openssl.
It's happened before.
Problems aside, this stuff is deeply cool. I'm betting it's gonna get
even cooler when I get me head round the group mapping stuff.
Thanks
Mart
** Sometime soon I'm gonna get me a sig. And it's gonna be
WAAY cool. I've just got these hundred and thirty urgent tasks to
do first. **