samba - Jan 2003 - Samba 2.2.7a discards LDAP attributes

Hi there.
I had configured OpenLDAP, NSS and PAM over RedHat 7.3
for Linux authentication, and they work pretty well.
Recently, I downloaded Samba 2.2.7a source code and
configured it for LDAP access (--with-ldapsam). I also
configured it as a domain logon for Win98
authentication and file server. It had looked to be
working well, but after some tests, I noticed Samba is
ignoring LDAP data. Please, take a look on the
following for an example. That is a fragment of samba
debug (smbd -i -d 5):

ldap_open_connection: starting...
StartTLS issued: using a TLS connection
ldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP
server
ldap_search_one_user: searching
for:[(&(uid=lfogel)(objectclass=sambaAccount))]
get_single_attribute: [uid] = [lfogel]
Entry found for user: lfogel
get_single_attribute: [pwdLastSet] = [1043443975]
get_single_attribute: [logonTime] = [0]
get_single_attribute: [logoffTime] = [2147483647]
get_single_attribute: [kickoffTime] = [2147483647]
get_single_attribute: [pwdCanChange] = [0]
get_single_attribute: [pwdMustChange] = [2147483647]
get_single_attribute: [cn] = [lfogel]
get_single_attribute: [homeDrive] = [<does not exist>]
get_single_attribute: [smbHome] = [<does not exist>]
get_single_attribute: [scriptPath] = [lfogel.bat]
get_single_attribute: [profilePath] = [<does not
exist>]
get_single_attribute: [description] = [Leonardo Fogel]
...

As one can see, Samba is connecting to LDAP and
loading the user information. However, Win98 was not
running the script "lfogel.bat". If I set the smb.conf
parameter "logon script = %U.bat", Win98 will load and
run "lfogel.bat". But, if I set "logon script %U1.bat" (or
comment it),  Win98 will NOT run
anything. (Of course, "lfogel1.bat" does not exist.)

I also look at the Samba source code in order to find
out what could be my mistake. It looks that the
function "pass_check_smb" in "smbd/password.c" manages
the access to LDAP. The function declares "SAM_ACCOUNT
*sampass = NULL", initializes it
(pdb_init_sam(&sampass)), loads LDAP attributes
(pdb_getsampwnam(sampass, user)), checks the passwords
(smb_password_ok(sampass, ...)) and finally discards
everything (pdb_free_sam(sampass)).

So, it looks like Samba 2.2.7a ignores all LDAP
attributes after authentication succeeds.

Please, if someone can figure out what the problem is,
let me know.

Thanks and regards.


_______________________________________________________________________
Busca Yahoo!
O servi?o de busca mais completo da Internet. O que voc? pensar o Yahoo!
encontra.
http://br.busca.yahoo.com/

On Sat, Jan 25, 2003 at 04:46:18PM -0300, Leonardo Fogel
wrote:
> Hi there.
> I had configured OpenLDAP, NSS and PAM over RedHat 7.3
> for Linux authentication, and they work pretty well.
> Recently, I downloaded Samba 2.2.7a source code and
> configured it for LDAP access (--with-ldapsam). I also
> configured it as a domain logon for Win98
> authentication and file server. It had looked to be
> working well, but after some tests, I noticed Samba is
> ignoring LDAP data. Please, take a look on the
> following for an example. That is a fragment of samba
> debug (smbd -i -d 5):
> 
> ldap_open_connection: starting...
> get_single_attribute: [scriptPath] = [lfogel.bat]
> So, it looks like Samba 2.2.7a ignores all LDAP
> attributes after authentication succeeds.
> 
> Please, if someone can figure out what the problem is,
> let me know.
Known issue in 2.2, fixed in 3.0 (now in alpha) due to a greater rewrite of 
the auth code.  We now specificly keep that data around for exactly that
reason.

Andrew Bartlett