The Samba-Bugzilla – Bug 353
"ldap trust id" setting does not work
Last modified: 2005-02-07 09:05:09 UTC
Setting "ldap trust id" in smb.conf to "Yes", Samba still disallows me to log
into an account which exists in ldap directory but not in /etc/passwd. In log
file, it shows :
[2003/08/26 09:55:15, 4] auth/auth_sam.c:sam_password_ok(218)
sam_password_ok: Checking NT MD4 password
[2003/08/26 09:55:15, 4] auth/auth_sam.c:sam_account_ok(324)
sam_account_ok: Checking SMB password for user boxtest01
[2003/08/26 09:55:15, 1] auth/auth_util.c:make_server_info_sam(795)
User boxtest01 in passdb, but getpwnam() fails!
I looked into the source code of samba 3.0rc1, in auth/auth_sam.c,
make_server_info_sam() is called regardless whether "ldap trust id" is set or
not. "make_server_info_sam()" in turns calls getpwnam().
Yup. There is no way this parameter can work any more
given the current architecture. It will most likely be
removed before RC2, but I'm checking that there are no
other options before I do.
'ldap trust ids' is being removed
The only role of 'ldap trust ids' now is to allow the primary group id to be
based entirely on the posix primary group, without being explictly set (using
the mapping). This is probably worth keeping. All other benifits are indeed
it's already been removed
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.