[Samba] Problem w/ Samba 3 & LDAP
Ted Wisniewski
ted at ness.plymouth.edu
Thu Apr 1 14:19:58 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks for the response, but the odd thing is that both had the same set of
parameters in the LDAP. I took your advice and added some other parameters
to the LDAP for a non working entry... Same result.
Example LDIF (Working):
dn: uid=newuser, ou=People, dc=plymouth,dc=edu
sambaPwdLastSet: 1080739453
sambaAcctFlags: [U ]
displayName: New User
sambaPwdMustChange: 2147483647
objectClass: sambaSamAccount
objectClass: account
uid: newuser
sambaSID: S-1-5-21-204843054-3526713080-3458795326-37000
sambaPwdCanChange: 1080739453
sambaNTPassword: 5A6A0AFE9618570BF8B167BC1B9E4B1D
sambaPrimaryGroupSID: S-1-5-21-204843054-3526713080-3458795326-1063
sambaLMPassword: 54E8D1FD3821A0A8AAD3B435B51404EE
Example LDIF (NOT WORKING)
dn: uid=notworking, ou=People, dc=plymouth,dc=edu
sambaPwdLastSet: 1080739453
sambaAcctFlags: [U ]
displayName: Not Working
sambaPwdMustChange: 2147483647
objectClass: sambaSamAccount
objectClass: account
uid: notworking
sambaSID: S-1-5-21-204843054-3526713080-3458795326-3472
sambapwdCanChange: 1080739453
sambaNTPassword: 8F851644E0A37D3FB3476910A6A93303
sambaPrimaryGroupSID: S-1-5-21-204843054-3526713080-3458795326-1399
sambaLMPassword: F12E9CF522B3C3FBAAD3B435B51404EE
Any ideas? I can map to the home share without difficulty... It is only a
problem when doing a domain logon. If I delete the LDAP entry and do the
(smbpasswd -a) from the command line, the entries look identical. The only
difference is one works and the other does not. Is there another place
where info is recorded? In the LDAP? in a TDB file?
Ted
>On Wed, 2004-03-31 at 12:47, Ted Wisniewski wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Here is a description of what I am trying to do (with Samba 3.0.2a &
openldap
>> 2.1.27):
>>
>> I have all my users populated into the LDAP with all the applicable
>> attributes; Users can map drives to a server using LDAP as the
>> authentication backend without issue.
>>
>> Where I am running into problems is bringing up a PDC using Samba w/LDAP.
>>
>> * I added the appropriate machine accounts (using smbpasswd -a -m) and was
>> able to join the domain.
>>
>> * Any user in the pre-populated LDAP cannot log in, however, any user I add
to
>> the LDAP from the machine with Samba running on it CAN log in properly.
>>
>> If I delete the original entry from the LDAP, add a new on via (smbpasswd
- -a),
>> then the user can log in. This works, but is ultimately not scalable...
I
>> can then place the original LDAP entry back in place and they can log in...
>> Just as long as the password for the account is not changed.
>>
>> I am sure there is something I am missing, but I cannot see it for the life
of
>> me. The odd thing is, that in the log.smbd, I get odd errors about
reading
> a socket, but only for the users that have not been added by the local
> "smbpasswd" command. They are both in the same LDAP. Any help would be
> greatly appreciated.
>
> Ted
>
- -- SNIP --
> Global section of smb.conf
- -----
it appears that the 'non-functional' user doesn't have the domain
attribute set (or at least set properly).
ldapsearch -x -h whateverhost -D 'rootbinddn' -W '(uid=non-functional)'
and then
ldapsearch -x -h whateverhost -D 'rootbinddn' -W '(uid=functional)'
and the functional users will have attributes such as sambaDomainName
properly set that the non-functional's do not.
Craig
- --
| Ted Wisniewski E-Mail: ted at mail.plymouth.edu |
| Manager, Systems Group WEB: http://oz.plymouth.edu/~ted/ |
| Information Technology Services |
| Plymouth State University Phone: (603) 535-2661 |
| Plymouth NH, 03264 Fax: (603) 535-2263 |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFAbCUOLoXjVqfQ0u4RAlMJAKDtX1d/e6APTME3VC7uGEUDm4+z3wCgjQyL
XVfh2hqDuua+mD54Ai46LE8=
=GIld
-----END PGP SIGNATURE-----
More information about the samba
mailing list