[Samba] using LDAP and PDC together
abartlet at dp.samba.org
abartlet at dp.samba.org
Fri Sep 6 04:57:00 GMT 2002
On Fri, Sep 06, 2002 at 12:32:48AM -0400, Terry Katz wrote:
> Hello,
>
> I'm having a similar problem .. here's my scenario ..
>
> Set up two samba PDC's on completely, different sites... started with
> Debian's 3.0pre from 0723, and using LDAP as the backend (currently
> using ldapsam_nua).. I've been seeing some issues with this version and
> one of the sites Citrix server (first thing I noticed was that if I
> used that 2*uid+1000 algorithm to generate rid's, Citrix didn't like it
> .. I had to use rid's > 10000 in order for it not to crash on logon ..
>
> So, I updated to the "latest" that debian has .. CVS from 0827 +
> various debian-ized patches .. all of a sudden now I get
> NT_TRUSTED_RELATIONSHIP_FAILURE (from smbclient .. ) whenever I try to
> log in via a workstation (smbclient'n directly to the server works
> fine).. However, I CAN add machines to the domain! spnego is "no" ..
> reg patch applied to xp's etc... It worked with the one from 0723!
> This happens on two separate PDC's I've set up ...
>
> So i dug deeper and looked at the logs, this is what I found:
>
> [2002/09/06 00:19:23, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(422)
> ldapsam_search_one_user: searching
> for:[(&(uid=)(objectclass=sambaAccount))]
> [2002/09/06 00:19:23, 2] auth/auth.c:check_ntlm_password(273)
> check_password: Authentication for user [] -> [] FAILED with error
> NT_STATUS_NO_SUCH_USER
You must put the guest user (RID 501 I think) into ldap, or run 'unixsam' to
get it via smb.conf's 'guest account' and the system getpw* calls.
Without a guest account, the system cannot operate correctly. Furthermore,
the guest account is used by the Workstation in the user authenticaion
process.
Andrew Bartlett
More information about the samba
mailing list