[Samba] samba failed to authenticate to openLDAP
Steve Zeng
szeng at mainframe.ca
Wed Mar 2 02:18:17 GMT 2005
Paul,
I downloaded smbldap-tools-0.8.7 and tried the following:
1) run configure.pl
2) initialize LDAP base and then start LDAP server
dn: dc=mfelc
dc: mfelc
objectClass: top
objectClass: domain
3) run smbldap-populate
4) run the following migration tool to import users from NIS:
smbldap-migrate-unix-accounts -a -P /tmp/passwd.nis
5) run the following migration tool to import groups from NIS:
smbldap-migrate-unix-groups -a -G /tmp/group.nis
6) smbldap-useradd -a -m testuser1
smbldap-passwd testuser1
6) smbclient //enzo/testuser1 -U testuser1
got the following errors:
-------------------------------------
User testuser1 in passdb, but getpwnam() fails!
[2005/03/01 18:12:11, 5] auth/auth_util.c:free_server_info(1344)
attempting to free (and zero) a server_info structure
[2005/03/01 18:12:11, 0] auth/auth_sam.c:check_sam_security(306)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2005/03/01 18:12:11, 5] auth/auth.c:check_ntlm_password(271)
check_ntlm_password: sam authentication for user [testuser1] FAILED
with error NT_STATUS_NO_SUCH_USER
[2005/03/01 18:12:11, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [TESTDM]
was for this SAM.
[2005/03/01 18:12:11, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: winbind had nothing to say
[2005/03/01 18:12:11, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [testuser1] ->
[testuser1] FAILED with error NT_STATUS_NO_SUCH_USER
--------------------------------------------------
No idea what is missing. Thanks a lot for any hints.
Steve
> Judicious snippage, post at the bottom.
>
>> I tried to let Samba authenticate against LDAP but could not figure
>> out how to build the LDAP tree for Samba.
>>
>> Fedora core 2
>> Samba 3.0.10
>> OpenLDAP 2.1.29
>>
>> dc=mydomain
>> |
>> `--- ou=People : to store user accounts for Unix and Windows
>> |
>> `--- ou=Hosts : to store computer accounts for UNIXX & Windows
>> |
>> `--- ou=Groups : to store system groups for Unix and Windows
>>
>>
>> What I did were:
>
>
>> [global]
>> workgroup = TESTDM
>> passdb backend = ldapsam:ldap://10.10.0.101/
>> log level = 1 passdb:8 auth:8
>> domain logons = Yes
>> wins support = Yes
>> ldap admin dn = cn=root,dc=mydomain
>> ldap delete dn = Yes
>> ldap group suffix = ou=Group
>> ldap machine suffix = ou=Hosts
>> ldap user suffix = ou=People
>> ldap suffix = dc=mfelc
>> ldap passwd sync = Yes
>> ldap ssl = no
>> 3) start Samba server
>>
>> 4) run smbclient //smbserver -U myid
>> Password:
>> session setup failed: NT_STATUS_LOGON_FAILURE
>
>
>> Attached is the smbd.log, I deleted the normal log and keep failed
>> messages as below:
>> check_sam_security: Couldn't find user 'szeng' in passdb file.
>> auth/auth.c:check_ntlm_password(271)
>> check_ntlm_password: sam authentication for user [szeng] FAILED with
>> error NT_STATUS_NO_SUCH_USER
>
>
>> Is there anybody who might have some idea of what is wrong.
>
>
> Yep. You did nothing to create the samba attributes that will have to
> exist in each user account for the users to log in. I suggest you read
> the documentation on setting up an LDAP/PDC system that is on the
> samba.org web site. You've missed quite a few steps here, so you may
> want to read it through to get a complete idea. Your solution is going
> to include the following:
>
> 1. Obtain and configure the smbldap-tools package.
> 2. Run the smbldap-populate script
> 3. Make sure you've got a sambaDomain (I think that's the object type)
> in the base of your DIT.
> 4. Join the machine to the domain (since you appear to want a domain setup)
> 4. Add samba attributes to each user's account.
>
> Yes there are 2 #4 entries. Doesn't matter which one comes first. As
> far as I can remember, those will be the critical steps to not miss.
> If you've followed the documentation and not done those steps, you've
> missed something.
>
>
--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
More information about the samba
mailing list