[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED

Craig White craigwhite at azapple.com
Thu Jul 29 01:55:30 GMT 2004 

On Wed, 2004-07-28 at 13:11, abebe lsslp wrote:
> So....here I am with some more of my problem :( 
>  
> Sorry for the slow response to your last e-mails, I had to give up my xp machine and had to wait till I get a new one. We were also having trouble with our ISP (cox) for me to VPN from my home xp machine.
>  
> Back to the real deal... I have decided not to assume anything and to take it step by step :) Craig..I have followed your advice and I am using 'people' instead of 'Computers'.
>  
> NOTE: 
> - Have 'root= administrator' in /etc/samba/smbusers
> - Have done the appropriate chages to the xp registery
>  
> -[root at eaglex root]# smbldap-usershow administrator
> dn: uid=Administrator,ou=Users,dc=wbcoll,dc=edu
> cn: Administrator
> sn: Administrator
> objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount
> gidNumber: 512
> uid: Administrator
> uidNumber: 0
> homeDirectory: /home/
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaHomePath: \\EAGLEX\homes
> sambaHomeDrive: H:
> sambaPrimaryGroupSID: S-1-5-21-3864350619-1217412381-2490860374-512
> sambaSID: S-1-5-21-3864350619-1217412381-2490860374-2996
> loginShell: /bin/false
> gecos: Netbios Domain Administrator
> sambaAcctFlags: [U]
> sambaPwdMustChange: 1098811932
> sambaLMPassword: F70389E8F4B94063AAD3B435B51404EE
> sambaPwdLastSet: 1091035932
> sambaNTPassword: 60BED106E19D7A3F919FA1919125FFBA
> userPassword: {SSHA}3zMR3Ds/5knGujxtByOIYPjl0mVBhJgr
> 
> 
>  
> ERROR: (having trouble joining XP (xptest) to domain).
> The following error occured attempting to join the domain "AGUILAS":
> 'Access is denied.'
>  
> And here is part of the error message in  'xptest.log': 
>  
> [2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(219) 
> check_ntlm_password: Checking password for unmapped user [AGUILAS]\[administrator]@[XPTEST] with the new password interface 
> [2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(222) 
> check_ntlm_password: mapped user is: [AGUILAS]\[root]@[XPTEST] 
> [2004/07/28 13:59:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) 
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 
> [2004/07/28 13:59:39, 3] smbd/uid.c:push_conn_ctx(364) 
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0 
> [2004/07/28 13:59:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) 
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 
> [2004/07/28 13:59:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) 
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 
> [2004/07/28 13:59:39, 3] auth/auth_sam.c:check_sam_security(202) 
> check_sam_security: Couldn't find user 'root' in passdb file. 
> [2004/07/28 13:59:39, 3] auth/auth_winbind.c:check_winbind_security(80) 
> check_winbind_security: Not using winbind, requested domain [AGUILAS] was for this SAM. 
> [2004/07/28 13:59:39, 2] auth/auth.c:check_ntlm_password(312) 
> check_ntlm_password: Authentication for user [administrator] -> [root] FAILED with error NT_STATUS_NO_SUCH_USER 
> [2004/07/28 13:59:39, 3] smbd/sesssetup.c:do_map_to_guest(41) 
> No such user administrator [AGUILAS] - using guest account
> 
> QUESTION:
> 1) Do I have to add 'smbpasswd -a root' or 'smbpasswd -a administrator'?
> 2) NT_STATUS_NO_SUCH_USER ? 'pdbedit -LV administrator' shows that the user exist
> 3) do 'root' and 'administrator' have to have the same password?
> 
---
You are very loose with your terminology...

the above smbldap_usershow has dn:
uid=Administrator,ou=Users,dc=wbcoll,dc=edu

but in your notes, you are putting machine accounts in what appears to
be ou=People and who the hell knows what your setup is any more in
smb.conf - ldap.conf at this point.

If you aren't putting the Computers in the same containers as the Users,
you are going to have to be do sub searches as has been covered many
times on this list for your exact problem. It seems that you just don't
want to get it. My advice was to be consistent - use one container for
Users and Computers, reference it the same way in both smb.conf and
ldap.conf - keep it simple. Thus, you really haven't been following my
advice, at least not without applying your own misunderstanding to it
first.

Craig

More information about the samba mailing list