[Samba] terrible host\5Cusername ldap issue

Paolo Negri p_negri at modiano.com
Mon Jan 19 10:58:37 GMT 2004 

Hi all.
I'm setting up a samba 2.2.8 with ldap auth.
On the same machine i use pam_ldap to auth unix users.

my current smb.conf is

----------- begin ---------------

[global]
        netbios name = LDAP-TEST
        workgroup = LDAP-NET
        os level = 255
        time server = NO
        unix extensions = Yes
        encrypt passwords = Yes
        map to guest = Bad User
        printing = CUPS
        printcap name = CUPS
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
        wins support = No
        veto files = /*.eml/*.nws/riched20.dll/*.{*}/
        obey pam restrictions = No
        # inizio configurazione ldap
        ldap server = 127.0.0.1
        ldap port = 389
        ldap suffix = ou=People,dc=mydomain,dc=com
        ldap filter = (&(uid=%u)) (objectclass=sambaAccount))"
        ldap ssl = off
[homes]
        comment = Home Directories
        valid users = %S
        browseable = No
        read only = No
        create mask = 0640
        directory mask = 0750
[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No
[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775
I have unix account and samba account correctly inserted in ldap server.

------------------------------------------------------------

When i try to login on samba from MACHINENAME as USERNAME i see in 
ldap's log and messages log

-----------------------------------------------------
slapd[1179]: conn=124 op=1 SRCH base="ou=People,dc=modiano,dc=com" 
scope=1 filter="(&(objectClass=posixAccount)(uid=MACHINENAME\5CUSERNAME))

slapd[1179]: conn=114 op=1 SRCH base="ou=People,dc=modiano,dc=com" 
scope=1 filter="(&(objectClass=posixAccount)(uid=COMPU\5CP_NEGRI))"
slapd[1179]: conn=114 op=1 SRCH attr=uid userPassword uidNumber 
gidNumber cn homeDirectory loginShell gecos description objectClass
slapd[1179]: conn=114 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
smbd[2077]: [2004/01/19 11:30:28, 0] passdb/secrets.c:fetch_ldap_pw(264)
smbd[2077]:   fetch_ldap_pw: no ldap secret retrieved!
smbd[2077]: [2004/01/19 11:30:28, 0] 
passdb/pdb_ldap.c:ldap_connect_system(308)
smbd[2077]:   ldap_connect_system: Failed to retrieve password for  from 
secrets.tdb
smbd[2077]: [2004/01/19 11:30:28, 0] passdb/secrets.c:fetch_ldap_pw(264)
smbd[2077]:   fetch_ldap_pw: no ldap secret retrieved!
smbd[2077]: [2004/01/19 11:30:28, 0] 
passdb/pdb_ldap.c:ldap_connect_system(308)
smbd[2077]:   ldap_connect_system: Failed to retrieve password for  from 
secrets.tdb
smbd[2077]: [2004/01/19 11:30:28, 0] passdb/secrets.c:fetch_ldap_pw(264)
smbd[2077]:   fetch_ldap_pw: no ldap secret retrieved!
smbd[2077]: [2004/01/19 11:30:28, 0] 
passdb/pdb_ldap.c:ldap_connect_system(308)
smbd[2077]:   ldap_connect_system: Failed to retrieve password for  from 
secrets.tdb
----------------------------------------
I think the issue is due to the fact that pam try to check if  
MACHINENAME\5CUSERNAME is an existing unix account; but the uid USERNAME 
exists, MACHINENAME\5CUSERNAME doesn't.

I'm sure it's a misconfiguration error, i've googled so much but without 
success.

Thanks in advance for any help.

-- 
blank: Caught deadly signal TERM
blank: Finished.

More information about the samba mailing list