[Samba] Users can't login on Samba+Ldap

Mon May 11 14:59:53 GMT 2009

sorry... forgot to crosspost answer to the list:

I'm checking /etc/ldap.conf and it seems that at the end of this file it was
added a line with the following directive:
nss_initgroups_ignoreusers

that included more or less every single entry contained in my /etc/passwd
file at the time of the ldap configuration.

is that normal behaviour ?

Thanks,
Riccardo

> 
> did you properly configure nssldap ?
> 
> On Mon, 11 May 2009 14:25:05 +0200, dogbert at infinito.it wrote:
> &gt; Hi,
> &gt; 
> &gt; I've migrated from an old samba installation (Samba as PDC) that used
TDB
> &gt; backend for password.
> &gt; 
> &gt; I've setup a box with ubuntu and samba 3 + ldap and I imported the
old
> &gt; users.
> &gt; Old users works fine.
> &gt; 
> &gt; I have problems with new users and machines.
> &gt; 
> &gt; Old users works but they don't show up with smbldap-usershow command
and
> &gt; I've problem in changing their passwords. If I check the ldap db I
can
> find
> &gt; them (with both ldapsearch and slapcat).
> &gt; 
> &gt; New users created with smbldap-useradd can be seen with
smbldap-usershow
> &gt; command but can't make a logon on workstation
> &gt; 
> &gt; If I join a workstation (directly by the workstation) it is added to
ldap
> &gt; db
> &gt; but it doesn't see the domain until I manually add an entry for it in
> &gt; /etc/passwd
> &gt; 
> &gt; Checking the user entry for two users I can find the following
> differences.
> &gt; BERENICE is an user imported from the old system and is working fine:
> &gt; dn: uid=berenice,ou=Users,dc=DOMAIN,dc=IT
> &gt; uid: berenice
> &gt; sambaSID: S-1-5-21-1234567890-123456789-123456789-2018
> &gt; sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
> &gt; displayName: berenice
> &gt; sambaLogonTime: 0
> &gt; sambaLogoffTime: 4294967295
> &gt; sambaKickoffTime: 4294967295
> &gt; sambaPwdCanChange: 1161193814
> &gt; sambaPwdMustChange: 4294967295
> &gt; sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> &gt; sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> &gt; sambaPasswordHistory:
> &gt; 0000000000000000000000000000000000000000000000000000000000000000
> &gt; sambaPwdLastSet: 1161193814
> &gt; sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> &gt; sambaAcctFlags: [U          ]
> &gt; sambaBadPasswordCount: 0
> &gt; sambaBadPasswordTime: 0
> &gt; objectClass: sambaSamAccount
> &gt; objectClass: account
> &gt; structuralObjectClass: account
> &gt; entryUUID: af11fe14-8e7a-102d-9b4e-27169ab1b87f
> &gt; creatorsName: cn=admin,dc=DOMAIN,dc=IT
> &gt; createTimestamp: 20090214003220Z
> &gt; entryCSN: 20090214003220.132569Z#000000#000#000000
> &gt; modifiersName: cn=admin,dc=DOMAIN,dc=IT
> &gt; modifyTimestamp: 20090214003220Z
> &gt; 
> &gt; ADAM is a fresly created user and can't logon to workstation:
> &gt; dn: uid=adam,ou=Users,dc=DOMAIN,dc=IT
> &gt; objectClass: top
> &gt; objectClass: person
> &gt; objectClass: organizationalPerson
> &gt; objectClass: inetOrgPerson
> &gt; objectClass: posixAccount
> &gt; objectClass: shadowAccount
> &gt; objectClass: sambaSamAccount
> &gt; cn: adam
> &gt; sn: adam
> &gt; givenName: adam
> &gt; uid: adam
> &gt; uidNumber: 1004
> &gt; gidNumber: 513
> &gt; homeDirectory: /home/adam
> &gt; loginShell: /bin/bash
> &gt; gecos: System User
> &gt; structuralObjectClass: inetOrgPerson
> &gt; entryUUID: f9326600-8e7a-102d-9bb5-27169ab1b87f
> &gt; creatorsName: cn=admin,dc=DOMAIN,dc=IT
> &gt; createTimestamp: 20090214003424Z
> &gt; sambaLogonTime: 0
> &gt; sambaLogoffTime: 2147483647
> &gt; sambaKickoffTime: 2147483647
> &gt; sambaPwdCanChange: 0
> &gt; displayName: adam
> &gt; sambaSID: S-1-5-21-1234567890-123456789-123456789-3008
> &gt; sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
> &gt; sambaLogonScript: logon.bat
> &gt; sambaProfilePath: serverprofilesadam
> &gt; sambaHomePath: serveradam
> &gt; sambaHomeDrive: C:
> &gt; sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> &gt; sambaAcctFlags: [U]
> &gt; sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> &gt; sambaPwdLastSet: 1234571674
> &gt; sambaPwdMustChange: 1238459674
> &gt; userPassword:: e1NTSEF9SStEUWVhay9tV2ROTGtOZy9QSlRqTDIrdmM1d1V6ZE4=
> &gt; shadowLastChange: 14289
> &gt; shadowMax: 45
> &gt; entryCSN: 20090214003434.475223Z#000000#000#000000
> &gt; modifiersName: cn=admin,dc=DOMAIN,dc=IT
> &gt; modifyTimestamp: 20090214003434Z
> &gt; 
> &gt; 
> &gt; Any help would be appreciated.
> &gt; Thanks,
> &gt; Riccardo
> 