[Samba] Samba LDAP troubleshooting
Brad C
bradleydanecook at gmail.com
Wed Mar 18 13:44:50 GMT 2009
Hi There,
Yep, Ok now I understand the SID needs to be the same as the server the
client formed the initial security relationship with,
Is this correct?
Kind Regards
Brad
On Tue, Mar 17, 2009 at 7:47 PM, Adam Williams <awilliam at mdah.state.ms.us>wrote:
> well the user's sid is invalid. does it match the domain's sid with net
> getdomainsid?
>
>
> Brad C wrote:
>
>> Hello
>>
>> I'm hoping someone can provide some insight, sample snippet from smb.conf
>> and the samba log.
>> Password authentication is working & succeeding, complains about an
>> invalid
>> SID which I know is the trust relationship that is formed between server
>> and
>> client, this is a duplicate ldap database from a samba domain controller.
>>
>> On the topic, anyone have a good book to recommend on Samba, I feel I am
>> only using 10% of its capability and not really well at that... something
>> is
>> staring me in the face and Im missing it.
>>
>> [global]
>> workgroup = companyx
>> printing = cups
>> hosts allow = 192.168.1. printcap name = cups
>> printcap cache time = 750
>> cups options = raw
>> map to guest = Bad User
>> include = /etc/samba/dhcp.conf
>> security = user
>> encrypt passwords = Yes
>> obey pam restrictions = No
>> log level = 2
>> passdb backend = ldapsam:ldap://127.0.0.1/
>> ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za
>> ldap suffix = dc=companyx,dc=co,dc=za
>> ldap group suffix = ou=Groups
>> ldap user suffix = ou=Users
>> ldap machine suffix = ou=Computers
>> ldap idmap suffix = ou=Users
>> ldap ssl = off
>> ldap delete dn = Yes
>>
>> [testdir]
>> comment = test1
>> path = "/data/test"
>> browseable = yes
>> writable = yes
>> read only = no
>> available = yes
>> valid users = bradleyc
>> admin users = bradleyc
>>
>>
>>
>> [2009/03/13 08:36:39, 2]
>> lib/access.c:check_access(406)
>>
>> Allowed connection from __ffff_192.168.2.154
>> (::ffff:192.168.2.154)
>>
>> [2009/03/13 08:36:39, 2]
>> lib/smbldap.c:smbldap_open_connection(796)
>>
>> smbldap_open_connection: connection
>> opened
>>
>> [2009/03/13 08:36:39, 2]
>> passdb/pdb_ldap.c:init_sam_from_ldap(571)
>>
>> init_sam_from_ldap: Entry found for user:
>> bradleyc
>>
>> [2009/03/13 08:36:39, 2]
>> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>
>> init_group_from_ldap: Entry found for group:
>> 513
>>
>> [2009/03/13 08:36:39, 2]
>> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>
>> init_group_from_ldap: Entry found for group:
>> 513
>>
>> [2009/03/13 08:36:39, 2]
>> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>
>> init_group_from_ldap: Entry found for group:
>> 1010
>>
>> [2009/03/13 08:36:39, 2]
>> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>
>> init_group_from_ldap: Entry found for group:
>> 512
>>
>> [2009/03/13 08:36:39, 2]
>> auth/auth.c:check_ntlm_password(308)
>>
>> check_ntlm_password: authentication for user [bradleyc] -> [bradleyc] ->
>> [bradleyc] succeeded
>> [2009/03/13 08:36:39, 2]
>> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>
>> init_group_from_ldap: Entry found for group:
>> 544
>>
>> [2009/03/13 08:36:39, 2]
>> lib/access.c:check_access(406)
>>
>> Allowed connection from ::ffff:192.168.2.154
>> (::ffff:192.168.2.154)
>>
>> [2009/03/13 08:36:39, 2]
>> passdb/pdb_ldap.c:init_sam_from_ldap(571)
>>
>> init_sam_from_ldap: Entry found for user:
>> bradleyc
>>
>> [2009/03/13 08:36:39, 2]
>> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>
>> init_group_from_ldap: Entry found for group:
>> 513
>>
>> [2009/03/13 08:36:39, 0]
>> passdb/passdb.c:lookup_global_sam_name(595)
>>
>> User bradleyc with invalid SID
>> S-1-5-21-1571991244-1820204139-1100571284-3420 in
>> passdb
>> [2009/03/13 08:36:39, 2]
>> smbd/service.c:make_connection_snum(736)
>>
>> user 'bradleyc' (from session setup) not permitted to access this share
>> (testdir)
>>
>>
>
More information about the samba
mailing list