[Samba] A little help with nss_ldap - User xxx in passdb,
but getpwnam() fails!
Robert Silvia
coolhand1977 at comcast.net
Thu Nov 25 19:07:30 GMT 2004
I keep getting the following errors when I try to log on to my domain or
access a share (some how I have no clue I was able to get one computer
to access the samba domain). It is a standalone PDC, ldap on the same
computer.
This problem has been killing me for about a week, any help would be
greatly appreciated
I'm running samba 3.0.9 on redhat 9
stock ldap server that comes with redhat 9
nss_ldap installed from apt (include nss_pam)
Used idealx to do all my prep.
testuser does indeed exist as I can login with him from the one computer
that I managed to get onot the domain.
I added the user via smbldap-tools.
Which is configured correctly with the linux box SID...
I'm at a complete loss...
Here's the error:
[2004/11/25 12:19:58, 5] auth/auth_util.c:is_trusted_domain(1448)
is_trusted_domain: Checking for domain trust with [PDS-SUPPORT]
[2004/11/25 12:19:58, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(334)
secrets_fetch failed!
[2004/11/25 12:19:59, 1] auth/auth_util.c:make_server_info_sam(822)
User testuser in passdb, but getpwnam() fails!
[2004/11/25 12:19:59, 5] auth/auth_util.c:free_server_info(1344)
attempting to free (and zero) a server_info structure
[2004/11/25 12:19:59, 0] auth/auth_sam.c:check_sam_security(306)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2004/11/25 12:19:59, 5] auth/auth.c:check_ntlm_password(271)
check_ntlm_password: sam authentication for user [testuser] FAILED
with error NT_STATUS_NO_SUCH_USER
[2004/11/25 12:19:59, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain
[PDS-SUPPORT] was for this SAM.
[2004/11/25 12:19:59, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: winbind had nothing to say
[2004/11/25 12:19:59, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [testuser] ->
[testuser] FAILED with error NT_STATUS_NO_SUCH_USER
[2004/11/25 12:19:59, 5] auth/auth_util.c:free_user_info(1318)
attempting to free (and zero) a user_info structure
[2004/11/25 12:19:59, 10] auth/auth_util.c:free_user_info(1321)
structure was created for testuser
[2004/11/25 12:19:59, 3] smbd/sesssetup.c:do_map_to_guest(41)
No such user testuser [PDS-SUPPORT] - using guest account
[2004/11/25 12:19:59, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
Here's my configuration:
My system auth looks like:
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
My /etc/ldap.conf is setup as (world readable):
base dc=pds-support,dc=net
rootbinddn cn=nssldap,ou=DSA,dc=pds-support,dc=net
nss_base_passwd dc=pds-support,dc=net?sub
nss_base_shadow dc=pds-support,dc=net?sub
nss_base_group ou=Groups,dc=pds-support,dc=net?one
ssl no
pam_password md5
and my /etc/nsswitch.conf (world readable)
passwd: files ldap
shadow: files ldap
group: files ldap
I have /etc/ldap.secret
set to world readable atm moment with the password (I plan on changing
this once I have it working)
More information about the samba
mailing list