[Samba] ugh, continued ldap madness, cont'd

Derek J. Balling dredd at megacity.org
Fri Sep 27 19:31:00 GMT 2002


I couldn't do it with smbpasswd, I could only do it with the 
smbldap-tools package's smbldap-passwd tool, which appears to do it by 
manually creating the lmpassword/ntpassword entries as an ldif and 
putting them up.

If I try with smbpasswd, I get:

$ smbpasswd -D 99 dballing
New SMB password:
Retype new SMB password:
Trying to load: ldapsam:ldap://ldap.byramhealthcare.com/
Attempting to find an passdb backend to match 
ldapsam:ldap://ldap.byramhealthcare.com/ (ldapsam)
Found pdb backend ldapsam (at pos 4)
pdb backend ldapsam:ldap://ldap.byramhealthcare.com/ has a valid init
ldapsam_open_connection: ldap://ldap.byramhealthcare.com/
ldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server as 
"cn=admin,dc=byramhealthcare,dc=com"
ldap_connect_system: succesful connection to the LDAP server
ldapsam_search_one_user: searching 
for:[(&(uid=dballing)(objectclass=sambaAccount))]
ldapsam_search_one_user: Problem during the LDAP search: No such object
ldapsam_search_one_user: Query was: , 
(&(uid=dballing)(objectclass=sambaAccount))
Failed to find entry for user dballing.
Failed to modify password entry for user dballing

which claims it can't find the account, except if I search for exactly 
what it claims to be searching for....:

# ldapsearch -x -h ldap.byramhealthcare.com 
'(&(uid=dballing)(objectclass=sambaAccount))'
version: 2

#
# filter: (&(uid=dballing)(objectclass=sambaAccount))
# requesting: ALL
#

# dballing, People, byramhealthcare, com
dn: uid=dballing,ou=People,dc=byramhealthcare,dc=com
givenName: Derek
sn: Balling
l: White Plains
uid: dballing
manager: uid=rhiggins,ou=People,dc=byramhealthcare,dc=com
cn: Derek J. Balling
mail: dballing at byramhealthcare.com
facsimileTelephoneNumber: +1 914 286 2144
telephoneNumber: +1 914 286 2044
shadowLastChange: 11936
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
gecos: Derek Balling,,,
gidNumber: 100
uidNumber: 228
homeDirectory: /home/dballing
host: whitechapel.byramhealthcare.com
host: testbox.byramhealthcare.com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaAccount
objectClass: shadowAccount
objectClass: Person
objectClass: organizationalPerson
objectClass: account
pwdLastSet: 0
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 0
displayName: Derek Balling,,,
acctFlags: [UX]
rid: 1456
lmPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ntPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


On Friday, September 27, 2002, at 03:19  PM, Michael Nenishkis - List 
ID wrote:

> I see you were able to add smbpasswd to the user dballing (?)
> Can you try to login as root and do a smbpasswd -a dballing -D256 (?)
> If smbpasswd works, then Samba should be able to pickup the objects..
>
> would like to see a little more info.
>
>
> -----Original Message-----
> From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
> On Behalf Of Derek J. Balling
> Sent: Saturday, September 28, 2002 2:55 AM
> To: samba at lists.samba.org
> Subject: Re: [Samba] ugh, continued ldap madness, cont'd
>
>
> After a brief stint offlist (thanks Bradley), I'm closer to getting
> SMB/LDAP working but now am encountering something very odd, which he
> suggested I bring back to the list for "further evaluation". :-)
>
>> $ smbclient //TESTBOX/testshare -U  dballing
>> added interface ip=10.15.49.142 bcast=10.15.49.255 nmask=255.255.255.0
>> Password:
>> session setup failed: NT_STATUS_LOGON_FAILURE
>>
>>>> [2002/09/27 11:09:16, 0]
>>>> passdb/pdb_ldap.c:ldapsam_search_one_user(428)
>>>>    ldapsam_search_one_user: Problem during the LDAP search: No such
>>>> object
>>>
>>> show me some more log.
>>> i can't see a problem here...
>>
>> OK, I upped the debug level to "9", the output is at:
>> 	http://www.megacity.org/~dredd/log.dhcp142
>>
>> (figured it was fairly lengthy, not gonna shove it in e-mail)
>
> There's a lengthy smb.log at that URL that shows the
> NT_STATUS_LOGON_FAILURE, but it's fairly cryptic to me and I can't
> really figure out why it's not seeing my user (who does have the
> sambaAccount object class, has had the password set for him via the
> smbldap-tools package's passwd program, etc.
>
> Anyone know what is causing this?
>
> D
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list