[Classic-discuss] samba-3.0.23 broken ldap support?

[Mikael Bak]

On Thursday 10 August 2006 10:08, Mikael Bak wrote:
> On Wednesday 09 August 2006 20:05, Jaakko Heinonen wrote:
> > On 2006-08-08, Mikael Bak wrote:
> > > Most of my users use the ldap support in samba. With the newest rpm for
> > > tinysofa classic 2.0 (3.0.23) samba is unable to authenticate ldap
> > > users.
> >
> > Do you suspect that it's upstream or tinysofa specific problem?
>
> Hi Jaakko,
> Thanks for the information.
> Right now I don't know what the cause is. I didn't have time to investigate
> it yet. That's why I just moved back to the earlier (working) rpm.
>
> It seems however from the samba changelog that it could be an upstream
> change that causes the ldap authentication problem.
>
> I will set up a test environment and try out exactly what's causing this
> and report back to the list.
>

Ok! I have finally managed to reproduce the problem in my test environment. It 
only happens if the share has the "valid users" specified and of course only 
if the user backend is ldap.

I found this browsing around:
http://www.samba.org/samba/history/samba-3.0.23c.html

Interesting part:
With the changes in the 3.0.23c release, it is now possible to 
resolve a uid/gid, name, or SID in any direction and always obtain
a symmetric mapping.  This is important so that values for smb.conf 
parameters such as "valid users" resolve to the same SIDs as those 
included  in the local user's initial token.

I didn't have time to compile and test 3.0.23c yet. I will try to find time 
for that early next week. I'll report back when I know more.

Have a nice weekend!
Mikael