samba-3.0 configured with SECURITY = ADS model. If the user's full name in Windows AD contains special character ',' or ';' winbindd is unable to receive info about that user. This causes improper ADS group mapping for UNIX nss. The log file portion below shows "Bad search filter" message. I guess ADS username should be properly quoted before doing ldap search. Sincerely, Sergei V. Rozinov Senior RISC systems engineer & administrator Sibron Ltd, RUSSIA --------------------------------------------------------------------------- [2003/10/10 04:17:21, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1236) lookup_groupmem: [Cached] - doing backend query for info for domain SIBRON [2003/10/10 04:17:21, 10] nsswitch/winbindd_ads.c:lookup_groupmem(697) ads: lookup_groupmem SIBRON sid=S-1-5-21-989341691-1389498357-883519231-4116 [2003/10/10 04:17:21, 5] libads/ldap_utils.c:ads_do_search_retry(52) Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\FB\27\F8\3A\F5\0F\D2\52\FF\6E\A9\34\14\10\00\00) gave 1 replies [2003/10/10 04:17:21, 3] nsswitch/winbindd_ads.c:dn_lookup(361) ads: dn_lookup [2003/10/10 04:17:21, 3] libads/ldap.c:ads_do_paged_search(451) ldap_search_ext_s((distinguishedName=CN=cbtest1\, \272\302\262-\272\333\330\325\335\342,CN=Users,DC=sibron,DC=internal)) -> Bad search filter [2003/10/10 04:17:21, 3] libads/ldap_utils.c:ads_do_search_retry(60) Reopening ads connection to realm 'SIBRON.INTERNAL' after error Bad search filter [2003/10/10 04:17:21, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for realm 'SIBRON.INTERNAL'
this is a duplicate of bug #592. the proposed one-line-fix should really be applied...
cc me.
Thanks, the patch for bug #592 fixes this bug correctly. Suggest to change its status to FIXED.
*** This bug has been marked as a duplicate of 592 ***
database cleanup