-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 29 Sep 2005, Daniel Wilson wrote:
> ok cool > > i have changed the sambaPrimaryGroupSid: S-1-1-0 on uid=nobody and > changed sambaSID: S-1-1-0 on group nobody and it now starts yeh!! :) > > but now if i remove ldap from /etc/nsswitch.conf > > passwd: file > group: file > > i cant login to the domain: > > [2005/09/29 23:27:54, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened > [2005/09/29 23:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) > init_sam_from_ldap: Entry found for user: ws0dwi > [2005/09/29 23:27:54, 1] auth/auth_util.c:make_server_info_sam(840) > User ws0dwi in passdb, but getpwnam() fails! > [2005/09/29 23:27:54, 0] auth/auth_sam.c:check_sam_security(324) > check_sam_security: make_server_info_sam() failed > with 'NT_STATUS_NO_SUCH_USER' > [2005/09/29 23:27:54, 2] auth/auth.c:check_ntlm_password(312) > check_ntlm_password: Authentication for user [ws0dwi] -> [ws0dwi] > FAILED with error NT_STATUS_NO_SUCH_USER > > > is this me being ignorant, or do i still need ldap in the > nsswitch.conf file? thought the idea was that ldapsam:trusted = yes > ment we didnt need to have ldap in nsswitch.conf so nss_ldap wouldnt > enumerate all the users? the trusted=yes is not a complete replacement for nss_ldap IIRC. I would need to check to be sure. but what I remember is that this allows for certain group membership optimizations. Volker, can you confirm or correct me? cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDPG0JIR7qMdg1EfYRAqRkAJ9YNZM4lQa4a88LqwrNE+U0vPAx6wCfffBt jfLCuZ5Gq+yngy99VJdqZTA= =JXoF -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba