[Samba] root can't login to smb-ldap-pdc

Chris McKeever cgmckeever at prupref.com
Sat May 24 16:08:28 GMT 2003


are your other root related samba functions working correctly?
such as smbpasswd -a USERNAME?

just wondering if you did the smbpasswd -w PASSWORD 
for the root account.

Shot in the dark here - since the root samba pasword is stored in a secrets
file, maybe there isnt one in the LDAP, and therefore your get your error.
Maybe run smbpasswd for the root (without the -w) so it populates the LDAP
directory.

try a search using your ldap rootdn for the ntPassword,lmPassword of the
root user..



> -----Original Message-----
> From: Bas Goes [mailto:b.e.a.goes at student.utwente.nl]
> Sent: Saturday, May 24, 2003 10:36 AM
> To: samba at lists.samba.org
> Subject: [Samba] root can't login to smb-ldap-pdc
> 
> 
> Hi all,
> 
> I'm using samba 2.2.8a and trying to set it up as pdc using 
> ldapsam with
> a big help from idealx.
> I have a test pdc working almost the same except it doesn't have acl
> support and it's using 2.2.6. But I haven't configured acl yet on the
> new system.
> Both seem to have the same entries in ldap (even encrypted 
> passwords for
> root are the same) but when I to logon with root to the new machine it
> says NT_STATUS_WRONG_PASSWORD. Any other user I've created 
> can login but
> root can't.
> Root can logon using pam_ldap on a shell and can authenticate to the
> ldapserver. 
> When I logon with the rpcclient or smbclient I get from both
> NT_STATUS_WRONG_PASSWORD. But in the log files just above it i get
> different messages. smbclient tells me:
> [2003/05/24 16:54:08, 2] smbd/service.c:make_connection(331)
>   Invalid username/password for root [root]
> [2003/05/24 16:54:08, 3] smbd/error.c:error_packet(113)
>   error packet at smbd/reply.c(166) cmd=117 (SMBtconX)
> NT_STATUS_WRONG_PASWORD
> But a bit further back it gives a password challenge:
> [2003/05/24 16:54:08, 4] smbd/password.c:smb_password_ok(501)
>   smb_password_ok: NT MD4 password check succeeded
> I don't know if this means the password is ok or if it is 
> just that the
> check happened, but just after that it says it created the //mai/root
> share and why would it do that after a wrong password?
> 
> anyway with the rpcclient the logs tell me something different:
> [2003/05/24 17:29:17, 5] lib/util_seaccess.c:se_access_check(325)
>   se_access_check: access (2) granted.
> [2003/05/24 17:29:17, 3] smbd/vfs.c:vfs_init_default(123)
>   Initialising default vfs hooks
> [2003/05/24 17:29:17, 0] smbd/service.c:make_connection(563)
>   Can't become connected user!
> [2003/05/24 17:29:17, 3] smbd/connection.c:yield_connection(48)
>   Yielding connection to IPC$
> [2003/05/24 17:29:17, 3] smbd/error.c:error_packet(113)
>   error packet at smbd/reply.c(166) cmd=117 (SMBtconX)
> NT_STATUS_WRONG_PASSWORD
> [2003/05/24 17:29:17, 5] lib/util.c:show_msg(275)
>  Password challenge had the same output.
> 
> If I look at the rpcclient it looks like it can not become user root
> (smbd runs as root btw)
> But why?
> 
> Has anyone got any ideas? 
> 
> Thanks in advance,
> 
> Regards
> Bas
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 



More information about the samba mailing list