[Samba] ldap authentication fails
Andy Kesterson
tc2617 at gmail.com
Tue Jan 24 01:00:19 GMT 2006
Hi folks,
We are using Samba 3.0.10 and are using OpenLdap to manage users. We
are also usign PAM to track the users on the computer.
The problem that we are having is when Samba has the "encrypt
passwords" option is enabled, we recieve an "session setup failed:
NT_STATUS_LOGON_FAILURE" message. When "encrypt passwords" is disabled
the login is succesful.
When we left work Friday we thought that there was a different
encryption method being used between Samba and ldap. However, that
doesn't seem to be the case now, but we are not certain of that.
We have setup Samba, OpenLDAP, and PAM to use MD5 as their hashing function.
This is the setup of our smb.conf global section:
[global]
ldap ssl = no
name resolve order = wins lmhosts hosts bcast
passwd chat = *new*password %n\n *new*password %n\n *successfully*
idmap gid = 16777216-33554431
passwd program = /usr/local/sbin/smbldap-passwd -o %u
allow hosts = 192.168.5.0/24 192.168.10.0/24 192.168.14.0/24 127.0.0.0/8
dns proxy = no
netbios name = *
idmap uid = 16777216-33554431
local master = yes
workgroup = *
os level = 65
security = user
max log size = 50
log file = /var/log/samba/%m.log
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#Make sure that passwords are not empty, & do not encrypt until we
#figure our what is going on with the encryption
null passwords = no
encrypt passwords = yes
#encrypt passwords = no
#SET TO update unix passwd
unix password sync = yes
update encrypted = yes
#Set as master Samba server
domain master = yes
winbind use default domain = no
passdb backend = ldapsam:ldap://127.0.0.1/
template shell = /bin/false
wins support = yes
server string = * Samba Server
ldap admin dn = "cn=Manager,dc=*,dc=*"
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
path = /home
ldap suffix = dc=*,dc=*
add user script = /usr/local/sbin/smbldap-useradd -w %u
valid users = @"Domain Admins",@"Domain Users"
preferred master = yes
domain logons = yes
logon script = STARTUP.BAT
logon path = \\%N\Profiles\%U
#ldap passwd sync = only
smb passwd file = /etc/samba/smbpasswd
More information about the samba
mailing list