Bug 353 - "ldap trust id" setting does not work
Summary: "ldap trust id" setting does not work
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Config Files (show other bugs)
Version: 3.0.0preX
Hardware: Other other
: P3 normal
Target Milestone: 3.0.0rc2
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
Depends on:
Reported: 2003-08-26 07:09 UTC by Ming Deng
Modified: 2005-02-07 09:05 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Ming Deng 2003-08-26 07:09:08 UTC
Setting "ldap trust id" in smb.conf to "Yes", Samba still disallows me to log
into an account which exists in ldap directory but not in /etc/passwd. In log
file, it shows :

[2003/08/26 09:55:15, 4] auth/auth_sam.c:sam_password_ok(218)
  sam_password_ok: Checking NT MD4 password
[2003/08/26 09:55:15, 4] auth/auth_sam.c:sam_account_ok(324)
  sam_account_ok: Checking SMB password for user boxtest01
[2003/08/26 09:55:15, 1] auth/auth_util.c:make_server_info_sam(795)
  User boxtest01 in passdb, but getpwnam() fails!

I looked into the source code of samba 3.0rc1, in auth/auth_sam.c,
make_server_info_sam() is called regardless whether "ldap trust id" is set or
not. "make_server_info_sam()" in turns calls getpwnam().
Comment 1 Gerald (Jerry) Carter (dead mail address) 2003-08-26 13:42:02 UTC
Yup.  There is no way this parameter can work any more
given the current architecture.  It will most likely be
removed before RC2, but I'm checking that there are no 
other options before I do.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2003-08-27 12:59:45 UTC
'ldap trust ids' is being removed
Comment 3 Andrew Bartlett 2003-09-04 15:03:05 UTC
The only role of 'ldap trust ids' now is to allow the primary group id to be
based entirely on the posix primary group, without being explictly set (using
the mapping).  This is probably worth keeping.  All other benifits are indeed
Comment 4 Gerald (Jerry) Carter (dead mail address) 2003-09-04 16:05:12 UTC
it's already been removed
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-02-07 09:05:09 UTC
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.