Bug 8944 - smbd doesn't start with ldapsam:trusted options
Summary: smbd doesn't start with ldapsam:trusted options
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.6.5
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-15 09:58 UTC by Andreas Schneider
Modified: 2012-06-16 20:53 UTC (History)
2 users (show)

See Also:


Attachments
v3-6-test patch (3.91 KB, patch)
2012-05-15 13:40 UTC, Andreas Schneider
gd: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2012-05-15 09:58:11 UTC
smbd or winbind doesn't start if you use ldapsam:trusted. The init function to create the session info tries to lookup the name of the user starting smbd with pdb which is wrong. We just need a system token. The following patch fixes the problem.
Comment 1 Andreas Schneider 2012-05-15 13:40:55 UTC
Created attachment 7564 [details]
v3-6-test patch
Comment 2 Karolin Seeger 2012-05-19 19:37:08 UTC
Please review this patch as soon as possible as it is a blocker for 3.6.6.
Thanks!
Comment 3 Stefan Metzmacher 2012-05-21 10:24:56 UTC
Comment on attachment 7564 [details]
v3-6-test patch

Why does this only apply for the ldapsam:trusted case?

For master I'd propose
to create a session_info with just S-1-5-18 and sec_initial_uid()/sec_initial_uid(), without any getpw* calls or other ugly magic, which may endup within the idmap layer.
Comment 4 Guenther Deschner 2012-05-21 12:59:54 UTC
Comment on attachment 7564 [details]
v3-6-test patch

looks good
Comment 5 Guenther Deschner 2012-05-21 13:00:24 UTC
Karolin, please add to 3.6.x 

Thanks!
Comment 6 Karolin Seeger 2012-05-21 18:32:46 UTC
(In reply to comment #3)
> Comment on attachment 7564 [details]
> v3-6-test patch
> 
> Why does this only apply for the ldapsam:trusted case?
> 
> For master I'd propose
> to create a session_info with just S-1-5-18 and
> sec_initial_uid()/sec_initial_uid(), without any getpw* calls or other ugly
> magic, which may endup within the idmap layer.

Hi Metze,

so you do not agree on pushing this patch to v3-6-test right now?

Cheers,
Karo
Comment 7 Stefan Metzmacher 2012-05-22 05:28:55 UTC
(In reply to comment #6)
> (In reply to comment #3)
> > Comment on attachment 7564 [details] [details]
> > v3-6-test patch
> > 
> > Why does this only apply for the ldapsam:trusted case?
> > 
> > For master I'd propose
> > to create a session_info with just S-1-5-18 and
> > sec_initial_uid()/sec_initial_uid(), without any getpw* calls or other ugly
> > magic, which may endup within the idmap layer.
> 
> Hi Metze,
> 
> so you do not agree on pushing this patch to v3-6-test right now?

I'm fine with it (as gd is fine with it), but I don't understand the patch in order to give a review+.

metze
Comment 8 Karolin Seeger 2012-05-23 19:01:23 UTC
(In reply to comment #7)
> (In reply to comment #6)
> > (In reply to comment #3)
> > > Comment on attachment 7564 [details] [details] [details]
> > > v3-6-test patch
> > > 
> > > Why does this only apply for the ldapsam:trusted case?
> > > 
> > > For master I'd propose
> > > to create a session_info with just S-1-5-18 and
> > > sec_initial_uid()/sec_initial_uid(), without any getpw* calls or other ugly
> > > magic, which may endup within the idmap layer.
> > 
> > Hi Metze,
> > 
> > so you do not agree on pushing this patch to v3-6-test right now?
> 
> I'm fine with it (as gd is fine with it), but I don't understand the patch in
> order to give a review+.
> 
> metze

Thanks for commenting, Metze!
Comment 9 Karolin Seeger 2012-05-23 19:05:31 UTC
(In reply to comment #4)
> Comment on attachment 7564 [details]
> v3-6-test patch
> 
> looks good

Patch has been pushed to v3-6-test.
Re-assigning to Andreas because of Metze's comments on the patch for master.

Thanks!
Comment 10 Stefan Metzmacher 2012-06-16 20:53:14 UTC
fixed with 5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a