MJuettne@austinisd.org
2006-Oct-04 21:14 UTC
[Samba] Samba 3.0.21 and after creates ldapsam:trusted display problems in User Manager?
I recently upgraded a 3.0.14a installation (using an OpenLDAP backend) to 3.0.23c and noticed that when using the Windows User Manager group members are no longer listed when viewing a group--when 'ldapsam:trusted = yes' is set. I've since compiled and tested various versions using default options and the last time I see this member listing working was in 3.0.20b--3.0.21 and later appear to exhibit the problem. It looks to me like an LDAP query is being filtered with a sambaAccount objectClass instead of sambaSamAccount. Here is a level 10 log snippet from 3.0.23c when it wasn't working: [2006/10/04 10:27:02, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Users,dc=isas,dc=austinisd.org], filter => [(&(objectClass=sambaAccount)(|(uid=3014a_1)))], scope => [2] [2006/10/04 10:27:02, 10] passdb/pdb_ldap.c:ldapsam_enum_group_members(2432) ldapsam_enum_group_members: found 0 accounts And here is a level 10 log snippet from 3.0.20b when it was working: [2006/10/04 10:00:52, 5] lib/smbldap.c:smbldap_search_ext(980) smbldap_search_ext: base => [ou=Users,dc=isas,dc=austinisd.org], filter => [(&(objectClass=sambaSamAccount)(|(uid=3014a_1)))], scope => [2] [2006/10/04 10:00:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 513) - sec_ctx_stack_ndx = 0 Using a version of Samba lower than 3.0.21 (and 3.014a and above) with 'ldapsam:trusted = yes' and the group member listing works. Commenting out the 'ldapsam:trusted = yes' line in 3.0.23c and the group member listing works. All other functionality within User Manager (and Samba in general) appears to work: I can join my workstation to the domain, bring up User Manager, add users, delete users, rename users, add groups, delete groups, and add users to groups (verified by running IDEALX commands on the domain controller). If a user is already a member of a group then User Manager correctly alerts you to that information and rejects your attempted re-add. Everything really appears to be fine, User Manager just won't list group members. No error message is displayed within User Manager. Is there some other configuration change introduced in 3.0.21 that I need to worry about setting after I upgrade? Is that filter being pulled in from somewhere else starting with 3.0.21 that I can configure? Thanks. Mark
Volker Lendecke
2006-Oct-05 06:26 UTC
[Samba] Samba 3.0.21 and after creates ldapsam:trusted display problems in User Manager?
Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20061005/2e122739/attachment.bin
Maybe Matching Threads
- Ubuntu server 14.04 classic upgrade segmentation fault
- Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam
- Account lockout - Bad password count
- Issue when migrating samba domain server to new hardware and samba version
- Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam