[Samba] user authentication issue

Itamar Gal itamarggal at gmail.com
Mon Apr 20 09:02:44 MDT 2015 

Hey Harry,

Thank you for your input! Ultimately I resolved the issue (following
Rowland's advice) by manually removing the user from our LDAP server and
then rerunning the user creation script (which, if I understand it
correctly, queries an external LDAP server and then synchronizes it with
our LDAP and Samba databases).

However I was still confused as to why some attributes of this specific
user were encoded where as the corresponding attributes for other users
were not. Thank you for clearing that up for me!

Cheers,
Itamar

On Mon, Apr 20, 2015 at 8:23 AM, Harry Jede <walk2sun at arcor.de> wrote:

> On 15:14:40 wrote Itamar Gal:
> > Hey Samba list,
> >
> > First a brief comment regarding my background and situation. This is
> > my first time posting to this list. I've been asked to resolve a
> > Samba authentication issue, but I have next to no experience using
> > Samba. Unfortunately no one else here knows how to use it either;
> > we're operating with an inherited environment from a sysadmin who
> > left minimal documentation, and we have limited human resources in
> > the context of IT.
> >
> > Now on to my problem! A user is unable to access a Samba share. My
> > company has a web interface for adding new users, but apparently
> > it's not doing the trick this time for some reason. That's all of
> > the information I've been given, along with the user's UID.
> > Preferring to work at the command line, I've tried the following
> > (from the host running the Samba server):
> >
> > 1. First I checked that the user has an entry in our LDAP server:
> >
> > ldapsearch -h sambahost -x -LLL uid=userid
> >
> > This returns an entry of the following form:
> >
> > dn: uid=userid,ou=people,o=org
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: sambaSamAccount
> > uid:: c2tkNjg0IA==
> > uidNumber: 1076
> > homeDirectory:: L2hvbWUvc2tkNjg0IA==
> > loginShell: /bin/bash
> > gidNumber: 1076
> > sambaLogonTime: 0
> > sambaLogoffTime: 2147483647
> > sambaKickoffTime: 2147483647
> > sambaPwdCanChange: 0
> > sambaPwdMustChange: 2147483647
> > sambaSID: S-1-5-21-3439207220-2335887646-243107566-3152
> > sambaPrimaryGroupSID: S-1-5-21-3439207220-2335887646-243107566-3153
> > sn: Lastname
> > cn: Firstname Lastname
> > displayName: Firstname Lastname
> > givenName: Firstname
> > sambaPasswordHistory:
> > 00000000000000000000000000000000000000000000000000000000
> >  00000000
> > sambaAcctFlags: [UX         ]
> > sambaPwdLastSet: 1429299642
> >
> > 2. Next, I tried using pdbedit to search for the user:
> >
> > sudo pdbedit -L | grep userid
> >
> > This yielded the following output:
> >
> > init_sam_from_ldap: Entry found for user: userid
> > userid :4294967295:Firstname Lastname
> >
> > I also tried pdbclient with verbose output enabled:
> >
> > sudo pdbedit -L -v | grep userid
> >
> > This resulted in the following output:
> >
> > init_sam_from_ldap: Entry found for user: userid
> > Failed to find a Unix account for userid init_sam_from_ldap: Entry
> > found for user: otheruserid
> > Unix username:        userid
> > NT username:          userid
> > Home Directory:       \\files\userid
> > Profile Path:         \\files\userid \profile
> >
> > 3. I reset the user's password:
> >
> > echo -e "password\npassword\n" | passwordsudo smbpasswd -s
> >
> > Then I tried to connect to the Samba server as the user:
> >
> > smbclient //fileserver/domain -U userid
> >
> > Unfortunately I was unable to authenticate; I get the following error
> > message:
> >
> > Domain=[domain] OS=[Unix] Server=[Samba 3.6.3]
> > tree connect failed: NT_STATUS_ACCESS_DENIED
> >
> > 4. I checked to see if there was in fact a Unix account for the user,
> > and there wasn't, so I added one, and set the UNIX password to match
> > the password set with smbpasswd. Then I tried again to connect to
> > the Samba server, but was still unable to connect.
> >
> > Can anyone shed any light on this? Help!
> No problem
>
> 1. DO NOT CREATE USERS WITH A TRAILING SPACE !!!
> 2. Use the same name in DN and UID !!!
>
> dn: uid=userid,ou=people,o=org
> uid:: c2tkNjg0IA==
>
> uid here is base64 encoded, because of the trailing space.
>
> # echo -n c2tkNjg0IA== |base64 -d
> "skd684 "
>
> The dn is build with "uid=userid", but
> "uid=skd684 "
>
> >
> > Thanks in advance for your time and consideration.
> >
> > Cheers,
> > Itamar
>
>
> --
>
> Regards
>         Harry Jede
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list