samba - Mar 2005 - Problem with "ldapsam:trusted = yes"

Hi,
I updated from 3.0.11 to 3.0.12 and tried the new ldapsam:trusted 
parameter. Alas smbd dies silently a second after startup.
With debug level 2 I can't see any reason in the logfile. My smb.conf is 
(relevant part I hope):
================================[global]
        workgroup = BBS_XXX
        netbios aliases = fileserver revreselif
        passdb backend = ldapsam:ldap://localhost
        idmap backend = ldapsam:ldap://localhost
        ldap suffix = dc=bbs-xxx,dc=schule
        ldap user suffix = ou=accounts
        ldap group suffix = ou=groups
        ldap machine suffix = ou=hardware
        ldap idmap suffix = ou=idmap
        idmap uid = 40000-60000
        idmap gid = 40000-60000
        ldap admin dn = cn=root,dc=bbs-xxx,dc=schule
        ldap ssl = off
        #ldapsam:trusted = yes  #smbd doesn't work with ldapsam:trusted 
= yes
        utmp = yes
        invalid users = @wheel, mail, daemon, adt
        interfaces = eth0
        bind interfaces only = yes
        log level = 2
        syslog = 0
        log file = /var/log/samba-%G.log
        getwd cache = yes
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE 
SO_RCVBUF=8192 SO_SNDBUF=8192
        keep alive = 60
        dead time = 50
        locking = yes
        map hidden = yes
        map archive = yes
        map system = yes
        security = user
        encrypt passwords = yes
        domain master = yes
        domain logons = yes
        preferred master = yes
        os level = 30
        time server = yes
        logon script = %U.cmd
        logon path         logon home         logon drive = p:
        load printers = yes
        printing = cups
        printcap name = cups
        dos charset = 850
        unix charset = ISO-8859-15
        display charset = ISO-8859-15
================================
All acounts samba should know have a posixAccount and sambaSamAccount e.g.:
=====================dn: uid=administrator,ou=accounts,dc=bbs-xxx,dc=schule
displayName: administrator
mailLocalAddress: administrator@fileserver.bbs-xxx.schule
objectClass: posixAccount
objectClass: account
objectClass: mailRecipient
objectClass: spezifikumUser
objectClass: sambaSamAccount
sambaLogonTime: 0
sambaHomeDrive: P:
uid: administrator
mail: administrator@<official-mail-address>
uidNumber: 5471
cn: administrator
cn: M. Mueller
cn:: TS4gTcO8bGxlcg=sambaLogoffTime: 2147483647
mailDeliveryOption: accept
loginShell: /bin/bash
gidNumber: 501
description: Administrator
homeDirectory: /home/lehrer/administrator
sambaKickoffTime: 2147483647
sambaHomePath: \\fileserver\administrator
script: if not exist t: net use t: \\revreselif\treiber
sambaPrimaryGroupSID: S-1-5-21-1091375802-1471697927-1951840895-2003
sambaSID: S-1-5-21-1091375802-1471697927-1951840895-512
sambaAcctFlags: [U          ]
mailAlternateAddress: mamue@fileserver
sambaPwdMustChange: 2147483647
sambaPasswordHistory: 
00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdCanChange: 1108028782
sambaPwdLastSet: 1108028782
=====================Neither root, nor the ldap-manager do have their account in
the
directory (doesn't make sense i believe). Besides that, samba is running 
flawlessly, but I always had some perfomance problems due to large 
groups so i wondered if ldapsam:trusted could help me.
Nscd is not running, winbindd is not running. I tried both a self 
compiled samba and the binaries.
System is SuSE9.2.

Can anybody give me a hint what I could test to find the source of this 
problem?

Thanks a lot,
Malte Mueller

Hi,
either my question was dumb or nobody ever used that parameter. The 
latter could be excluded easely: Does anybody sucessfully use 
ldapsam:trusted = yes? If so, could you point out any difference between 
your confgiguration and mine?

Thanks a lot,
Malte Mueller

M. M?ller schrieb:
> Hi,
> I updated from 3.0.11 to 3.0.12 and tried the new ldapsam:trusted 
> parameter. Alas smbd dies silently a second after startup.
> With debug level 2 I can't see any reason in the logfile. My smb.conf 
> is (relevant part I hope):
> ================================> [global]
>        workgroup = BBS_XXX
>        netbios aliases = fileserver revreselif
>        passdb backend = ldapsam:ldap://localhost
>        idmap backend = ldapsam:ldap://localhost
>        ldap suffix = dc=bbs-xxx,dc=schule
>        ldap user suffix = ou=accounts
>        ldap group suffix = ou=groups
>        ldap machine suffix = ou=hardware
>        ldap idmap suffix = ou=idmap
>        idmap uid = 40000-60000
>        idmap gid = 40000-60000
>        ldap admin dn = cn=root,dc=bbs-xxx,dc=schule
>        ldap ssl = off
>        #ldapsam:trusted = yes  #smbd doesn't work with ldapsam:trusted 
> = yes
>        utmp = yes
>        invalid users = @wheel, mail, daemon, adt
>        interfaces = eth0
>        bind interfaces only = yes
>        log level = 2
>        syslog = 0
>        log file = /var/log/samba-%G.log
>        getwd cache = yes
>        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE 
> SO_RCVBUF=8192 SO_SNDBUF=8192
>        keep alive = 60
>        dead time = 50
>        locking = yes
>        map hidden = yes
>        map archive = yes
>        map system = yes
>        security = user
>        encrypt passwords = yes
>        domain master = yes
>        domain logons = yes
>        preferred master = yes
>        os level = 30
>        time server = yes
>        logon script = %U.cmd
>        logon path >        logon home >        logon drive = p:
>        load printers = yes
>        printing = cups
>        printcap name = cups
>        dos charset = 850
>        unix charset = ISO-8859-15
>        display charset = ISO-8859-15
> ================================>
> All acounts samba should know have a posixAccount and sambaSamAccount 
> e.g.:
> =====================> dn:
uid=administrator,ou=accounts,dc=bbs-xxx,dc=schule
> displayName: administrator
> mailLocalAddress: administrator@fileserver.bbs-xxx.schule
> objectClass: posixAccount
> objectClass: account
> objectClass: mailRecipient
> objectClass: spezifikumUser
> objectClass: sambaSamAccount
> sambaLogonTime: 0
> sambaHomeDrive: P:
> uid: administrator
> mail: administrator@<official-mail-address>
> uidNumber: 5471
> cn: administrator
> cn: M. Mueller
> cn:: TS4gTcO8bGxlcg=> sambaLogoffTime: 2147483647
> mailDeliveryOption: accept
> loginShell: /bin/bash
> gidNumber: 501
> description: Administrator
> homeDirectory: /home/lehrer/administrator
> sambaKickoffTime: 2147483647
> sambaHomePath: \\fileserver\administrator
> script: if not exist t: net use t: \\revreselif\treiber
> sambaPrimaryGroupSID: S-1-5-21-1091375802-1471697927-1951840895-2003
> sambaSID: S-1-5-21-1091375802-1471697927-1951840895-512
> sambaAcctFlags: [U          ]
> mailAlternateAddress: mamue@fileserver
> sambaPwdMustChange: 2147483647
> sambaPasswordHistory: 
> 00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdCanChange: 1108028782
> sambaPwdLastSet: 1108028782
> =====================> Neither root, nor the ldap-manager do have their
account in the
> directory (doesn't make sense i believe). Besides that, samba is 
> running flawlessly, but I always had some perfomance problems due to 
> large groups so i wondered if ldapsam:trusted could help me.
> Nscd is not running, winbindd is not running. I tried both a self 
> compiled samba and the binaries.
> System is SuSE9.2.
>
> Can anybody give me a hint what I could test to find the source of 
> this problem?
>
> Thanks a lot,
> Malte Mueller