[Samba] Can not login to the domain. User serg in passdb, but getpwnam() fails!

bso bso at arkada-x.com.ua
Wed Dec 21 11:03:34 GMT 2005 

Hi everyone.


I am installing an Samba 3 PDC with an OpenLDAP backend.
I am currently having a problem when I try to login to the domain with 
my username and password. But no such problem when i am trying to join 
to domain or connect to a share.
So, i get the following error :

[2005/12/21 18:08:02, 1] auth/auth_util.c:make_server_info_sam(840)
User serg in passdb, but getpwnam() fails!
[2005/12/21 18:08:02, 0] auth/auth_sam.c:check_sam_security(324)
check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_NO_SUCH_USER'

FreeBSD 6.0
samba-3.0.14a_1
nss_ldap-1.239
openldap-client-2.2.27
openldap-server-2.2.27
p5-perl-ldap-0.33
pam_ldap-1.8.0
smbldap-tools-0.9.1_1

# id serg
uid=1002(serg) gid=513(Domain Users) groups=513(Domain Users)

my smb.conf

[global]
        dos charset = CP866
        unix charset = KOI8-R
        workgroup = FISH
        server string = Samba Server
        passdb backend = ldapsam:ldap://localhost
        passwd program = /usr/local/smbLDAPtools/sbin/smbldap-passwd
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        add user script = /usr/local/smbLDAPtools/sbin/smbldap-useradd -m
        delete user script = /usr/local/smbLDAPtools/sbin/smbldap-userdel
        add group script = /usr/local/smbLDAPtools/sbin/smbldap-groupadd -p
        delete group script = /usr/local/smbLDAPtools/sbin/smbldap-groupdel
        add user to group script = 
/usr/local/smbLDAPtools/sbin/smbldap-groupmod -m
        delete user from group script = 
/usr/local/smbLDAPtools/sbin/smbldap-groupmod -x
        set primary group script = 
/usr/local/smbLDAPtools/sbin/smbldap-usermod -g
        add machine script = 
/usr/local/smbLDAPtools/sbin/smbldap-useradd -w -i
        domain logons = Yes
        os level = 60
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        ldap admin dn = cn=root,dc=offs,dc=tp
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Computers
        ldap suffix = dc=offs,dc=tp
        ldap ssl = no
        ldap user suffix = ou=Users
        idmap backend = ldap:ldap://localhost
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enable local accounts = Yes
        winbind use default domain = Yes
        winbind trusted domains only = Yes
        winbind nested groups = Yes


#pdbedit -L -v -u serg
           WARNING: The "winbind enable local accounts" option is deprecated
           Unix username:        serg
           NT username:          serg
           Account Flags:        [U          ]
           User SID:             
S-1-5-21-2252347010-2415896038-3271642905-3004
           Primary Group SID:    
S-1-5-21-2252347010-2415896038-3271642905-513
           Full Name:            System User
           Home Directory:       \\offs\serg
           HomeDir Drive:        Z:
           Logon Script:         serg.bat
           Profile Path:         \\offs\profiles\serg
           Domain:               FISH
           Account desc:         System User
           Workstations:
           Munged dial:
           Logon time:           0
           Logoff time:          Fri, 13 Dec 1901 22:45:51 UTC
           Kickoff time:         Fri, 13 Dec 1901 22:45:51 UTC
           Password last set:    Wed, 21 Dec 2005 17:41:05 UTC
           Password can change:  0
           Password must change: Sat, 04 Feb 2006 17:41:05 UTC
           Last bad password   : 0
           Bad password count  : 0
           Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

More information about the samba mailing list