Samba with LDAP backend :: Invalid credentials.
praveenkv1988
praveen at happy-hosting.com
Wed Oct 27 08:11:11 MDT 2010
I just wanted to checkout samba. So, I installed on a CentOS 5.5 64bit
server. The version I used is 3.5.6.
I followed this guide.
http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend
LDAP is working good. When I use the following command: (net groupmap list)
I am getting the error.
Here is the error:
[root at server1 samba]# net groupmap list
[2010/10/26 16:26:09.135901, 0] lib/smbldap.c:1151(smbldap_connect_system)
failed to bind to server ldap://127.0.0.1 / with
dn="cn=root,dc=mtm,dc=testdomain,dc=com" Error: Invalid credentials
[2010/10/26 16:26:39.180063, 0] passdb/pdb_ldap.c:3448(ldapsam_setsamgrent)
ldapsam_setsamgrent: LDAP search failed: Time limit exceeded
[2010/10/26 16:26:39.180109, 0]
passdb/pdb_ldap.c:3523(ldapsam_enum_group_mapping)
ldapsam_enum_group_mapping: Unable to open passdb
I am sure that I have set the correct password in smbpassword -w mypassword
I am able to use ldapsearch with the password. Also, phpldapadmin works. But
samba fails.
Here is the smb.conf
# Global parameters
[global]
ldap ssl = off
nt acl support = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
workgroup = TESTDOMAIN
netbios name = SERVER1
security = user
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = yes
ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*"
%n\n"
log level = 10
syslog = 0
log file = /var/log/samba/log.%U
max log size = 50
time server = Yes
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=root,dc=mtm,dc=testdomain,dc=c om
#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=c om
ldap suffix = dc=mtm,dc=testdomain,dc=c om
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
#ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# printers configuration
#printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
#nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
[printers]
comment = Network Printers
#printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
# print command = /usr/bin/lpr -U%U@%M -P%p -r %s
# lpq command = /usr/bin/lpq -U%U@%M -P%p
# lprm command = /usr/bin/lprm -U%U@%M -P%p %j
# lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
# lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
# queuepause command = /usr/sbin/lpc -U%U@%M stop %p
# queueresume command = /usr/sbin/lpc -U%U@%M start %p
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
path = /tmp
guest ok = yes
browseable = Yes
writable = yes
============================================================
Here is the ldap log.
==============================================================
Oct 27 12:07:51 server1 slapd[25420]: slapd starting
Oct 27 12:08:32 server1 slapd[25420]: conn=0 fd=13 ACCEPT from
IP=127.0.0.1:57574 (IP=0.0.0.0:389)
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=0 BIND dn="" method=128
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=0 RESULT tag=97 err=0 text=
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=1 SRCH
base="cn=root,dc=mtm,dc=testdomain,dc=com" scope=2 deref=0
filter="(objectClass=*)"
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=2 UNBIND
Oct 27 12:08:32 server1 slapd[25420]: conn=0 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Oct 27 12:08:32 server1 slapd[25420]: conn=0 fd=13 closed
Oct 27 12:09:21 server1 slapd[25420]: conn=1 fd=13 ACCEPT from
IP=127.0.0.1:57575 (IP=0.0.0.0:389)
Oct 27 12:09:21 server1 slapd[25420]: conn=1 op=0 BIND
dn="cn=root,dc=mtm,dc=testdomain,dc=com" method=128
Oct 27 12:09:21 server1 slapd[25420]: conn=1 op=0 RESULT tag=97 err=49 text=
Oct 27 12:09:21 server1 slapd[25420]: conn=1 op=1 UNBIND
Oct 27 12:09:21 server1 slapd[25420]: conn=1 fd=13 closed
Oct 27 12:09:22 server1 slapd[25420]: conn=2 op=0 BIND
dn="cn=root,dc=mtm,dc=testdomain,dc=com" method=128
Oct 27 12:09:22 server1 slapd[25420]: conn=2 op=0 RESULT tag=97 err=49 text=
Oct 27 12:09:22 server1 slapd[25420]: conn=2 op=1 UNBIND
Oct 27 12:09:22 server1 slapd[25420]: conn=2 fd=13 closed
Oct 27 12:09:22 server1 slapd[25420]: conn=2 fd=13 ACCEPT from
IP=127.0.0.1:57576 (IP=0.0.0.0:389)
=========================================================================
Later I found, when samba connectes, the log file dont have the following
line.
BIND dn="cn=root,dc=mtm,dc=testdomain,dc=com" mech=SIMPLE ssf=0
So, the ldap returns error "49" (invalid credentials).
Plz. help.
--
View this message in context: http://samba.2283325.n4.nabble.com/Samba-with-LDAP-backend-Invalid-credentials-tp3015546p3015546.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.
More information about the samba-technical
mailing list