Bug 353 - "ldap trust id" setting does not work
"ldap trust id" setting does not work
Status: RESOLVED WONTFIX
Product: Samba 3.0
Classification: Unclassified
Component: Config Files
3.0.0preX
Other other
: P3 normal
: 3.0.0rc2
Assigned To: Gerald (Jerry) Carter
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-08-26 07:09 UTC by Ming Deng
Modified: 2005-02-07 09:05 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ming Deng 2003-08-26 07:09:08 UTC
Setting "ldap trust id" in smb.conf to "Yes", Samba still disallows me to log
into an account which exists in ldap directory but not in /etc/passwd. In log
file, it shows :

[2003/08/26 09:55:15, 4] auth/auth_sam.c:sam_password_ok(218)
  sam_password_ok: Checking NT MD4 password
[2003/08/26 09:55:15, 4] auth/auth_sam.c:sam_account_ok(324)
  sam_account_ok: Checking SMB password for user boxtest01
[2003/08/26 09:55:15, 1] auth/auth_util.c:make_server_info_sam(795)
  User boxtest01 in passdb, but getpwnam() fails!

I looked into the source code of samba 3.0rc1, in auth/auth_sam.c,
make_server_info_sam() is called regardless whether "ldap trust id" is set or
not. "make_server_info_sam()" in turns calls getpwnam().
Comment 1 Gerald (Jerry) Carter 2003-08-26 13:42:02 UTC
Yup.  There is no way this parameter can work any more
given the current architecture.  It will most likely be
removed before RC2, but I'm checking that there are no 
other options before I do.
Comment 2 Gerald (Jerry) Carter 2003-08-27 12:59:45 UTC
'ldap trust ids' is being removed
Comment 3 Andrew Bartlett 2003-09-04 15:03:05 UTC
The only role of 'ldap trust ids' now is to allow the primary group id to be
based entirely on the posix primary group, without being explictly set (using
the mapping).  This is probably worth keeping.  All other benifits are indeed
absent.
Comment 4 Gerald (Jerry) Carter 2003-09-04 16:05:12 UTC
it's already been removed
Comment 5 Gerald (Jerry) Carter 2005-02-07 09:05:09 UTC
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.