[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
abebe lsslp
peaceofcrap2001 at yahoo.com
Tue Jul 20 15:35:58 GMT 2004
I was having trouble sleeping last night, so I start
going over your past e-mails. Do you remember you
asking me that I need to make sure LDAP is
authenticating system users? And I told you that it
was. I was not completely lying, it authenticates
'testuser1' with no problem. However, 'administrator'
is getting kicked out as soon as it logs in. Here is
what it looks like:
[root at eaglex root]# ssh administrator at 192.168.1.10
administrator at 192.168.1.10's password:
Last login: Tue Jul 20 09:49:05 2004 from 192.168.1.17
Connection to 192.168.1.10 closed.
[root at eaglex root]#
Here is part of 'slapd.log':
+++++++++++++++++++++++++++++++++++++++++++++++++++
Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2 SRCH
attr=cn userPassword memberUid uniqueMember gidNumber
Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:22:31 eaglex slapd[20508]: conn=7 fd=15
closed
Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=administrator))"
Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH
attr=uid userPassword uidNumber gidNumber cn
homeDirectory loginShell gecos description objectClass
Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 fd=15
ACCEPT from IP=127.0.0.1:33263 (IP=0.0.0.0:389)
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0
RESULT tag=97 err=0 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(uid=Administrator)"
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
anonymous mech=implicit ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu"
method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu"
mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2
RESULT tag=97 err=0 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
anonymous mech=implicit ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3
RESULT tag=97 err=0 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 fd=18
ACCEPT from IP=127.0.0.1:33264 (IP=0.0.0.0:389)
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0
RESULT tag=97 err=0 text=
Jul 20 10:25:19 eaglex slapd[20508]: deferring
operation
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(&(objectClass=shadowAccount)(uid=Administrator))"
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH
attr=uid userPassword shadowLastChange shadowMax
shadowMin shadowWarning shadowInactive shadowExpire
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:20 eaglex slapd[20508]: conn=8 op=4
UNBIND
Jul 20 10:25:20 eaglex slapd[20508]: conn=8 fd=15
closed
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15
ACCEPT from IP=127.0.0.1:33265 (IP=0.0.0.0:389)
Jul 20 10:25:20 eaglex slapd[20508]: conn=9 fd=18
closed
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0
RESULT tag=97 err=0 text=
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(uid=Administrator)"
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH
base="ou=Groups,dc=wbcoll,dc=edu" scope=1
filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=users,dc=wbcoll,dc=edu)))"
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH
attr=cn userPassword memberUid uniqueMember gidNumber
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15
closed
+++++++++++++++++++++++++++++++++++++++++++++++++++
Is it alright if I delete the files in
'/var/lib/ldap/*' before I use 'slapindex'?
When I do the 'ldapsearch' command, machine entry does
not exist anymore.
Here is my 'smb.conf' after taking out what you told
me and using 'testparm -s > /tmp/smb.conf'
+++++++++++++++++++++++++++++++++++++++++++++
[root at eaglex root]# cat /tmp/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[printers]"
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
# Global parameters
[global]
workgroup = AGUILAS
netbios name = EALGEX
server string = Samba-LDAP PDC Server
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/
username map = /etc/samba/smbusers
log level = 10
log file = /var/log/samba/%m.log
max log size = 10000
time server = Yes
deadtime = 10
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m
"%u"
add group script = /usr/sbin/smbldap-groupadd
-p "%g"
add user to group script =
/usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script =
/usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script =
/usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd
-w "%u"
logon script = logon.bat
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap suffix = dc=wbcoll,dc=edu
ldap machine suffix =
ou=People,dc=wbcoll,dc=edu
ldap user suffix = ou=Users,dc=wbcoll,dc=edu
ldap group suffix = ou=Groups,dc=wbcoll,dc=edu
ldap idmap suffix = dc=wbcoll,dc=edu
ldap admin dn = cn=Manager,dc=wbcoll,dc=edu
ldap passwd sync = Yes
ldap delete dn = Yes
printer admin = @print Operators
create mask = 0640
directory mask = 0750
hosts allow = 192.168.1., 192.168.2., 127.
printing = cups
dont descend =
/proc,/dev,/etc,/lib,/lost+found,/initrd
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
share modes = No
++++++++++++++++++++++++++++++++++++++++++++++++
once again,
Ambex
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/
More information about the samba
mailing list