[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
José Ildefonso Camargo Tolosa
icamargo at merkurio.com.ve
Tue Jul 20 15:48:23 GMT 2004
abebe lsslp wrote:
>I was having trouble sleeping last night, so I start
>going over your past e-mails. Do you remember you
>asking me that I need to make sure LDAP is
>authenticating system users? And I told you that it
>was. I was not completely lying, it authenticates
>'testuser1' with no problem. However, 'administrator'
>is getting kicked out as soon as it logs in. Here is
>what it looks like:
>
>[root at eaglex root]# ssh administrator at 192.168.1.10
>administrator at 192.168.1.10's password:
>Last login: Tue Jul 20 09:49:05 2004 from 192.168.1.17
>Connection to 192.168.1.10 closed.
>[root at eaglex root]#
>
>
Off course:
loginShell: /bin/false
It logins, then just die, because it have no shell. :)
>Here is part of 'slapd.log':
>+++++++++++++++++++++++++++++++++++++++++++++++++++
>Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2 SRCH
>attr=cn userPassword memberUid uniqueMember gidNumber
>Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2
>SEARCH RESULT tag=101 err=0 nentries=1 text=
>Jul 20 10:22:31 eaglex slapd[20508]: conn=7 fd=15
>closed
>Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH
>base="dc=wbcoll,dc=edu" scope=2
>filter="(&(objectClass=posixAccount)(uid=administrator))"
>Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH
>attr=uid userPassword uidNumber gidNumber cn
>homeDirectory loginShell gecos description objectClass
>Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2
>SEARCH RESULT tag=101 err=0 nentries=1 text=
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 fd=15
>ACCEPT from IP=127.0.0.1:33263 (IP=0.0.0.0:389)
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND
>dn="cn=Manager,dc=wbcoll,dc=edu" method=128
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND
>dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0
>RESULT tag=97 err=0 text=
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1 SRCH
>base="dc=wbcoll,dc=edu" scope=2
>filter="(uid=Administrator)"
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1
>SEARCH RESULT tag=101 err=0 nentries=1 text=
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
>anonymous mech=implicit ssf=0
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
>dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu"
>method=128
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
>dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu"
>mech=simple ssf=0
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2
>RESULT tag=97 err=0 text=
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
>anonymous mech=implicit ssf=0
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
>dn="cn=Manager,dc=wbcoll,dc=edu" method=128
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
>dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
>Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3
>RESULT tag=97 err=0 text=
>Jul 20 10:25:19 eaglex slapd[20508]: conn=9 fd=18
>ACCEPT from IP=127.0.0.1:33264 (IP=0.0.0.0:389)
>Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND
>dn="cn=Manager,dc=wbcoll,dc=edu" method=128
>Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND
>dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
>Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0
>RESULT tag=97 err=0 text=
>Jul 20 10:25:19 eaglex slapd[20508]: deferring
>operation
>Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH
>base="dc=wbcoll,dc=edu" scope=2
>filter="(&(objectClass=shadowAccount)(uid=Administrator))"
>Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH
>attr=uid userPassword shadowLastChange shadowMax
>shadowMin shadowWarning shadowInactive shadowExpire
>Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1
>SEARCH RESULT tag=101 err=0 nentries=1 text=
>Jul 20 10:25:20 eaglex slapd[20508]: conn=8 op=4
>UNBIND
>Jul 20 10:25:20 eaglex slapd[20508]: conn=8 fd=15
>closed
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15
>ACCEPT from IP=127.0.0.1:33265 (IP=0.0.0.0:389)
>Jul 20 10:25:20 eaglex slapd[20508]: conn=9 fd=18
>closed
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND
>dn="cn=Manager,dc=wbcoll,dc=edu" method=128
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND
>dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0
>RESULT tag=97 err=0 text=
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1 SRCH
>base="dc=wbcoll,dc=edu" scope=2
>filter="(uid=Administrator)"
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1
>SEARCH RESULT tag=101 err=0 nentries=1 text=
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH
>base="ou=Groups,dc=wbcoll,dc=edu" scope=1
>filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=users,dc=wbcoll,dc=edu)))"
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH
>attr=cn userPassword memberUid uniqueMember gidNumber
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2
>SEARCH RESULT tag=101 err=0 nentries=1 text=
>Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15
>closed
>
>+++++++++++++++++++++++++++++++++++++++++++++++++++
>
>Is it alright if I delete the files in
>'/var/lib/ldap/*' before I use 'slapindex'?
>
>When I do the 'ldapsearch' command, machine entry does
>not exist anymore.
>
>Here is my 'smb.conf' after taking out what you told
>me and using 'testparm -s > /tmp/smb.conf'
>
>+++++++++++++++++++++++++++++++++++++++++++++
>[root at eaglex root]# cat /tmp/smb.conf
>Processing section "[homes]"
>Processing section "[netlogon]"
>Processing section "[Profiles]"
>Processing section "[printers]"
>Load smb config files from /etc/samba/smb.conf
>Loaded services file OK.
># Global parameters
>[global]
> workgroup = AGUILAS
> netbios name = EALGEX
> server string = Samba-LDAP PDC Server
> map to guest = Bad User
> passdb backend = ldapsam:ldap://127.0.0.1/
> username map = /etc/samba/smbusers
> log level = 10
> log file = /var/log/samba/%m.log
> max log size = 10000
> time server = Yes
> deadtime = 10
> socket options = TCP_NODELAY SO_RCVBUF=8192
>SO_SNDBUF=8192
> printcap name = cups
> add user script = /usr/sbin/smbldap-useradd -m
>"%u"
> add group script = /usr/sbin/smbldap-groupadd
>-p "%g"
> add user to group script =
>/usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script =
>/usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script =
>/usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd
>-w "%u"
> logon script = logon.bat
> logon path =
> logon drive = H:
> logon home =
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> wins support = Yes
> ldap suffix = dc=wbcoll,dc=edu
> ldap machine suffix =
>ou=People,dc=wbcoll,dc=edu
> ldap user suffix = ou=Users,dc=wbcoll,dc=edu
> ldap group suffix = ou=Groups,dc=wbcoll,dc=edu
> ldap idmap suffix = dc=wbcoll,dc=edu
> ldap admin dn = cn=Manager,dc=wbcoll,dc=edu
> ldap passwd sync = Yes
> ldap delete dn = Yes
> printer admin = @print Operators
> create mask = 0640
> directory mask = 0750
> hosts allow = 192.168.1., 192.168.2., 127.
> printing = cups
> dont descend =
>/proc,/dev,/etc,/lib,/lost+found,/initrd
>
>[homes]
> comment = Home Directories
> read only = No
> browseable = No
>
>[netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> guest ok = Yes
> share modes = No
>
>++++++++++++++++++++++++++++++++++++++++++++++++
>
>once again,
>
>Ambex
>
>
>
>
>
>
>
>
>
>__________________________________
>Do you Yahoo!?
>Vote for the stars of Yahoo!'s next ad campaign!
>http://advision.webevents.yahoo.com/yahoo/votelifeengine/
>
>
More information about the samba
mailing list