smbd or winbind doesn't start if you use ldapsam:trusted. The init function to create the session info tries to lookup the name of the user starting smbd with pdb which is wrong. We just need a system token. The following patch fixes the problem.
Created attachment 7564 [details] v3-6-test patch
Please review this patch as soon as possible as it is a blocker for 3.6.6. Thanks!
Comment on attachment 7564 [details] v3-6-test patch Why does this only apply for the ldapsam:trusted case? For master I'd propose to create a session_info with just S-1-5-18 and sec_initial_uid()/sec_initial_uid(), without any getpw* calls or other ugly magic, which may endup within the idmap layer.
Comment on attachment 7564 [details] v3-6-test patch looks good
Karolin, please add to 3.6.x Thanks!
(In reply to comment #3) > Comment on attachment 7564 [details] > v3-6-test patch > > Why does this only apply for the ldapsam:trusted case? > > For master I'd propose > to create a session_info with just S-1-5-18 and > sec_initial_uid()/sec_initial_uid(), without any getpw* calls or other ugly > magic, which may endup within the idmap layer. Hi Metze, so you do not agree on pushing this patch to v3-6-test right now? Cheers, Karo
(In reply to comment #6) > (In reply to comment #3) > > Comment on attachment 7564 [details] [details] > > v3-6-test patch > > > > Why does this only apply for the ldapsam:trusted case? > > > > For master I'd propose > > to create a session_info with just S-1-5-18 and > > sec_initial_uid()/sec_initial_uid(), without any getpw* calls or other ugly > > magic, which may endup within the idmap layer. > > Hi Metze, > > so you do not agree on pushing this patch to v3-6-test right now? I'm fine with it (as gd is fine with it), but I don't understand the patch in order to give a review+. metze
(In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #3) > > > Comment on attachment 7564 [details] [details] [details] > > > v3-6-test patch > > > > > > Why does this only apply for the ldapsam:trusted case? > > > > > > For master I'd propose > > > to create a session_info with just S-1-5-18 and > > > sec_initial_uid()/sec_initial_uid(), without any getpw* calls or other ugly > > > magic, which may endup within the idmap layer. > > > > Hi Metze, > > > > so you do not agree on pushing this patch to v3-6-test right now? > > I'm fine with it (as gd is fine with it), but I don't understand the patch in > order to give a review+. > > metze Thanks for commenting, Metze!
(In reply to comment #4) > Comment on attachment 7564 [details] > v3-6-test patch > > looks good Patch has been pushed to v3-6-test. Re-assigning to Andreas because of Metze's comments on the patch for master. Thanks!
fixed with 5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a