[Samba] Samba does not link to ldap
Harm Kirchhoff
harm.kirchhoff at web.de
Sun Jun 30 18:18:03 GMT 2002
Samba can not link to ldap
Samba can not retrieve password information for users.
I have got stuck with the problem outlined below. I have already spent 2
weeks trying to find information on the www and various mailing lists,
without success.
I would be happy if someone has an idea what I have to fix.
I do not particularly need ldap, so if anybody can tell me how to seperate Samba from ldap it would help, too.
Settings:
Workgroup:TOKYO
LINUX machine`s name: PINGUIN
WIN 2000 machine`s name:DELLJUNKO
These are the only 2 machines. There is no DNS and no domain name.
On Win2000 machine, I have a user named "administrator" with the password
"WOW"
Errors:
=======
Attempt access from the WIN 2000 Client:
Can see PINGUIN icon in network TOKYO.
When trying to access PINGUIN am asked for user name and password.
When entering username and password, connection is refused and window
asking for username and password re-appears.
On LINUX Machine:
# smbpasswd -a administrator
fetch_ldap_pw:no ldap secret retrieved
ldap_connect_system:Failed to retrieve password from secret.tdb
Failed to add entry for user administrator
Failed to modify password entry for user administrator.
Settings on LINUX machine:
An account for "administrator" was succesfully created using #useradd
A password was succesfully assigend using # password administrator
Samba version: 2.2.2
Samba and nmbd configured to run as daemons.
Samba and nmbd were actually running.
OpenLDAP 2.0.23-1
ldap is configured to run as daemon.
ldap was actually running.
LINUX and WIN2000 machines are configured as DHCP clients.
The DHCP server is an ISDN rooter.
Testing History
===============
I performed the following test to track down the error,
I logged in as root and performed the following commands
(text in parenthesis are my comments)
On the LINUX machine:
# ping DELLJUNKO
ping: unknown host DELLJUNKO
# ping 192.168.0.2 (which is the IP address for DELLJUNKO)
PING 192.168.0.2 (192.168.0.2) from 192.168.0.3:56(84) bytes of data
64 bytes from 192.168.0.2:icwp_seq=44 ttl=128 time=344 usec
(since I use DHCP and Netbios over TCP/IP and therefore have no settings for
a DNS, it is clear that the first ping must fail. (I assume))
# testparm
Load smb config files from /etc/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Public Files]"
Loaded services file OK.
WARNING: You have some share names that are lnger than 8 chars
These may give errors while browsing or may not be accessible
to some older clients.
Press enter to see a dump of service definitions.
(why doesn't the [global] section appear ?)
# ps -ef | grep smbd
root 1601 1 0 17:05 ? 00:00:00 /usr/sbin/smbd -D
root 2852 2470 0 17:38 ttyp0 00:00:00 grep smbd
# smbclient -L PINGUIN -N
added interface ip=192.168.0.3 bcast=192.168.0.255 nmask=255.255.255.0
Got a positive name query response from 192.168.0.3 (192.168.0.3)
Anonymous login successful
Domain=[TOKYO] OS=[UNIX] Server=[Samba 2.2.2]
Sharename Type Comment
--------- ---- -------
Public Files Disk Files for everyone on Pinguin
IPC$ IPC IPC Service (Samba Server)
ADMIN$ Disk IPC Service (Samba Server)
Server Comment
------ -------
PINGUIN Samba Server
Workgroup Master
--------- ------
Tokyo
# smbclient //PINGUIN/public -U administrator%WOW
added interface ip=192.168.0.3 bcast=192.168.0.255 nmask=255.255.255.0
Got a positive name query response from 192.168.0.3 (192.168.0.3)
session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in
Tree Connect or Session Setup are invalid.)
(given the fact, that I can not register a password, this error makes sense.
As you can see in the annexed password file, samba has not registered and
account for "administrator".)
I annex the following file exerpts:
A: nmbd log file
B: smbd log file
C: PINGUIN log file
D: Samba configuration smb.conf
E: Samba poassword file
Appendix A
==========
nmbd log file in /var/log/samba/log.nmbd =================================
Got SIGTERM: going down... [2002/06/30 16:33:39, 0]
nmbd/nmbd_become_lmb.c:become_local_master_stage2(405)
*****
Samba name server PINGUIN is now a local master browser for workgroup TOKYO
on subnet 192.168.0.3
*****
APPENDIX B
==========
smbd log file in /var/log/samba\log.smbd =================================
[2002/06/30 14:02:30, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 14:02:30, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 14:02:34, 0] param/loadparm.c:set_boolean(2012) ERROR:
Badly formed boolean in configuration file: "No #added 2002/06/26".
[2002/06/30 14:02:37, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 14:02:37, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 14:02:44, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 14:02:44, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 16:27:49, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 16:27:49, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 16:27:58, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 16:27:58, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 16:32:17, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 16:32:17, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 17:05:56, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 17:05:56, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 17:06:02, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 17:06:02, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 17:43:25, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 17:43:25, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 17:43:34, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist. [2002/06/30 17:43:34, 0] smbd/connection.c:yield_connection(62)
yield_connection: tdb_delete for name failed with error Record does not
exist.
Got a positive name query response from 192.168.0.3 (192.168.0.3)
Appendix C
==========
PINGUIN log file in /var/log/samba/log.pnguin ================================
[2002/06/30 14:32:47, 0] passdb/secrets.c:fetch_ldap_pw(240) fetch_ldap_pw:
no ldap secret retrieved! [2002/06/30 14:32:47, 0]
passdb/pdb_ldap.c:ldap_connect_system(146) ldap_connect_system: Failed to
retrieve password for from secrets.tdb [2002/06/30 14:32:47, 0]
passdb/secrets.c:fetch_ldap_pw(240) fetch_ldap_pw: no ldap secret retrieved!
[2002/06/30 14:32:47, 0] passdb/pdb_ldap.c:ldap_connect_system(146)
ldap_connect_system: Failed to retrieve password for from secrets.tdb
[2002/06/30 14:33:34, 0] passdb/secrets.c:fetch_ldap_pw(240) fetch_ldap_pw:
no ldap secret retrieved! [2002/06/30 14:33:34, 0]
passdb/pdb_ldap.c:ldap_connect_system(146) ldap_connect_system: Failed to
retrieve password for from secrets.tdb [2002/06/30 14:33:34, 0]
passdb/secrets.c:fetch_ldap_pw(240) fetch_ldap_pw: no ldap secret retrieved!
[2002/06/30 14:33:34, 0] passdb/pdb_ldap.c:ldap_connect_system(146)
ldap_connect_system: Failed to retrieve password for from secrets.tdb
[2002/06/30 14:36:04, 0] passdb/secrets.c:fetch_ldap_pw(240) fetch_ldap_pw:
no ldap secret retrieved! [2002/06/30 14:36:04, 0]
passdb/pdb_ldap.c:ldap_connect_system(146) ldap_connect_system: Failed to
retrieve password for from secrets.tdb [2002/06/30 14:36:04, 0]
passdb/secrets.c:fetch_ldap_pw(240) fetch_ldap_pw: no ldap secret retrieved!
[2002/06/30 14:36:04, 0] passdb/pdb_ldap.c:ldap_connect_system(146)
ldap_connect_system: Failed to retrieve password for from secrets.tdb
[2002/06/30 17:49:48, 0] passdb/secrets.c:fetch_ldap_pw(240) fetch_ldap_pw:
no ldap secret retrieved! [2002/06/30 17:49:48, 0]
passdb/pdb_ldap.c:ldap_connect_system(146) ldap_connect_system: Failed to
retrieve password for from secrets.tdb [2002/06/30 17:49:48, 0]
passdb/secrets.c:fetch_ldap_pw(240) fetch_ldap_pw: no ldap secret retrieved!
[2002/06/30 17:49:48, 0] passdb/pdb_ldap.c:ldap_connect_system(146)
ldap_connect_system: Failed to retrieve password for from secrets.tdb
APPENDIX D
========================================================
# Samba config file created using SWAT
# from localhost.localdomain (127.0.0.1)
# Date: 2002/06/30 17:59:15
# Global parameters
[global]
coding system = cap
client code page = 932
code page directory = /etc/codepages
workgroup = TOKYO
netbios name = PINGUIN
netbios aliases =
netbios scope =
server string = Samba Server
interfaces =
bind interfaces only = No
security = USER
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server =
smb passwd file = /etc/smbpasswd
root directory =
pam password change = No
passwd program = /bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
ssl = No
ssl hosts =
ssl hosts resign =
ssl CA certDir =
ssl CA certFile =
ssl server cert =
ssl server key =
ssl client cert =
ssl client key =
ssl egd socket =
ssl entropy file =
ssl entropy bytes = 256
ssl require clientcert = No
ssl require servercert = No
ssl ciphers =
ssl version = ssl2or3
ssl compatibility = No
log level = 0
syslog = 1
syslog only = No
log file = /var/log/samba/log.%m
max log size = 50
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
announce version = 4.5
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
read size = 16384
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = /etc/printcap
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
character set =
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server =
wins support = No
wins hook =
kernel oplocks = Yes
oplock break wait time = 0
ldap server = localhost
ldap port = 389
ldap suffix =
ldap filter = (&(uid=%u)(objectclass=sambaAccount))
ldap admin dn =
ldap ssl = no
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/lock/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map =
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
comment =
path =
alternate permissions = No
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
status = Yes
nt acl support = Yes
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = bsd
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
printer driver =
printer driver file = /etc/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[Public Files]
comment = Files for everyone on Pinguin
path = /tmp/
guest account = root
read only = No
guest ok = Yes
APPENDIX E ============================================
# SMB password file.
# root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:root
bin:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:bin
daemon:2:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:daemon
adm:3:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:adm
lp:4:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:lp
sync:5:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:sync
shutdown:6:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:shutdown
halt:7:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:halt
mail:8:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:mail
news:9:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:news
uucp:10:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:uucp
operator:11:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:operator
games:12:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:games
gopher:13:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:gopher
gdm:42:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:
ftp:14:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:FTP User
nobody:99:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:Nobody
smbguest:300:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:SMB Guest Account
rpcuser:29:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:RPC Service User
______________________________________________________________________________
All inclusive! 100 MB Speicher, SMS 50% gunstiger, 32 MB Attachment-Gro?e,
Preisvorteile und mehr unter http://club.web.de/?mc=021104
More information about the samba
mailing list