[Samba] Re: Samba 3.0.0 - LDAP Authetication trouble

Carl Weiss trash at liquidzion.com
Wed Nov 12 16:11:33 GMT 2003


Ok if all your users have the same SID xxx-3000 they are not incrementing
correctly in the add user script. I had this same problem when I wasn't
correctly authenticating to the LDAP server I was in fact using the
/etc/passwd file, and then using the same test user accounts that I had on
the box, i.e. cweiss in ldap and cweiss in /etc/passwd.

To further test change all your SID's manually with an graphical editor like
GQ.  I'm guessing you don't have too many because it's a test install.  Also
make sure to change the SID's of any computers you added.

When I initially found this problem I created a new function in the adduser
script to find the highest UID and increment by one.  The user sid is
calculated by UID+RID*2 I believe, in any event it is based on the UID. If
it comes down to this I have another method how it would write the function.
I just wanted to get it working then.

It's my experience that you should be able to log in using your LDAP
accounts to the samba server, unless explicitly denied in the users LDAP
entry.  If it's all configured correctly.

It took me 3 days before I made ANY progress with this project and not 3 8
hour days.  If it's driving you nuts, it got to me too.
There is so little information out there for samba LDAP and then the
differences between 2 and 3 schema.

 -=Carl Weiss=-
good luck

----- Original Message ----- 
From: "Bart Bekker" <bartro at go.ro>
To: "Carl Weiss" <trash at carlweiss.com>
Cc: <samba at lists.samba.org>
Sent: Wednesday, November 12, 2003 2:33 AM
Subject: Re: [Samba] Re: Samba 3.0.0 - LDAP Authetication trouble


> My smbpasswd file is empty. I am ptretty sure Samba uses LDAP for
> authenticating users. Changing the password in LDAP database results in
> login errors, so there is a connection. The bart account is indeed the
> first, but I already noticed other accounts use the same user SID, so
> there is something wrong here with the increment indeed.
> My system runs on Suse 8.2, and for now uses /etc/passwd file for local
> login since I could not configure ldap login at installation time.
> I have to admit samba 3.0.0. takes a lot longer to get to work (at least
> with ldap backend) than the 2.2.x versions. I am not an unexperienced
> user, but I keep running in to problems.
> Also, there are numerous sources (how-to's etc) to be found on the www,
> all telling different stories. Especially the LDAP configuration seems
> to be, at least in my case, the cause of trouble..
>
> Thanks,
>
>  Bart.
>
> Carl Weiss wrote:
>
> >If this solved you problem is sounds like your not really authenticating
to
> >LDAP and just using the smbpassdb file, although it can read from LDAP it
> >may not be using it for Authentication.
> >
> >Verify that you are using LDAP for authentication, you can run Authconfig
in
> >redhat, otherwise you'll have to check you PAM. To test simply you can
try
> >to login with your user Bart at the console( verify that the account
isn't
> >in /etc/password).
> >
> >Is the Bart account is the first user you created SID xxxxx3000 this is
the
> >default first user, if all your accounts have this same sid they will not
> >authenticate. Points to an issue with the script smbldap-useradd.pl not
> >incrementing the sid, may also point to the above PAM problem.
> >
> >
> >-=carl=-
> >
> >"Bart Bekker" <bartro at go.ro> wrote in message
news:3FB0E33F.6030405 at go.ro...
> >
> >
> >>Thanks, problem solved.
> >>But I am still confused. Why are those password tools delivered with
> >>Samba, if they are not useful.. I saw in the LDAP that smbpasswd uses a
> >>SMD5 encryption for the password; the smbldap-passwd tools adds them
> >>using SSHA. No wonder it did not work.
> >>
> >>Thanks again.
> >>
> >> Bart.
> >>
> >>Andrew Bartlett wrote:
> >>
> >>
> >>
> >>>On Tue, 2003-11-11 at 23:42, Bart Bekker wrote:
> >>>
> >>>
> >>>
> >>>
> >>>>For quite some time I am trying to get samba 3.0.0 woring with an LDAP
> >>>>backend.
> >>>>The latest problem I have is that user authenticaltion doe not work.
The
> >>>>passwords are right, added them with the ldaptools from the samba
> >>>>source,
> >>>>
> >>>>
> >>>>
> >>>>
> >>>Add them with smbpasswd.  The passwords in LDAP is simply not the
> >>>password that the user is sending.
> >>>
> >>>Andrew Bartlett
> >>>
> >>>
> >>>
> >>>
> >>>
> >>-- 
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  http://lists.samba.org/mailman/listinfo/samba
> >>
> >>
> >>
> >
> >
> >
> >
> >
>
>
>
>




More information about the samba mailing list