[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED

Christian.Wittmer at intercomponentware.com Christian.Wittmer at intercomponentware.com
Thu Jul 29 06:51:54 GMT 2004 

abebe lsslp <peaceofcrap2001 at yahoo.com>
Sent by: 
samba-bounces+christian.wittmer=intercomponentware.com at lists.samba.org
28.07.2004 22:11

 
        To:     Samba Samba <samba at lists.samba.org>
        cc: 
        Subject:        Re: [Samba] Samba+LDAP - so close yet so far  :) ...STILL NOT SOLVED


 
>Back to the real deal... I have decided not to assume anything and to 
take it step by step :) Craig..I have >followed your advice and I am using 
'people' instead of 'Computers'.

OK, if you store Computers and Users in ou=People that's ok
 
>NOTE: 
>- Have 'root= administrator' in /etc/samba/smbusers
no remove it
>- Have done the appropriate chages to the xp registery
You do not need any modifications
 
>-[root at eaglex root]# smbldap-usershow administrator
>dn: uid=Administrator,ou=Users,dc=wbcoll,dc=edu
I think you use ou=People ?!

>cn: Administrator
>sn: Administrator
>objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount
>gidNumber: 512
>uid: Administrator
>uidNumber: 0
>homeDirectory: /home/
>sambaLogonTime: 0
>sambaLogoffTime: 2147483647
>sambaKickoffTime: 2147483647
>sambaPwdCanChange: 0
>sambaHomePath: \\EAGLEX\homes
>sambaHomeDrive: H:
>sambaPrimaryGroupSID: S-1-5-21-3864350619-1217412381-2490860374-512
>sambaSID: S-1-5-21-3864350619-1217412381-2490860374-2996
>loginShell: /bin/false
>gecos: Netbios Domain Administrator
>sambaAcctFlags: [U]
>sambaPwdMustChange: 1098811932
>sambaLMPassword: F70389E8F4B94063AAD3B435B51404EE
>sambaPwdLastSet: 1091035932
>sambaNTPassword: 60BED106E19D7A3F919FA1919125FFBA
>userPassword: {SSHA}3zMR3Ds/5knGujxtByOIYPjl0mVBhJgr


 
>ERROR: (having trouble joining XP (xptest) to domain).
>The following error occured attempting to join the domain "AGUILAS":
>'Access is denied.'
Error is shown in the LOG
 
And here is part of the error message in  'xptest.log': 
 
>[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(219) 
>check_ntlm_password: Checking password for unmapped user 
[AGUILAS]\[administrator]@[XPTEST] with the new >password interface 
>[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(222) 
>check_ntlm_password: mapped user is: [AGUILAS]\[root]@[XPTEST] 
Here is the error.
Remove usermapping in smbusers. Administrator should not be mapped to root 
!!!

>[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:push_sec_ctx(256) 
>push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 
>[2004/07/28 13:59:39, 3] smbd/uid.c:push_conn_ctx(364) 
>push_conn_ctx(0) : conn_ctx_stack_ndx = 0 
>[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) 
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 
>[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386) 
>pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 
>[2004/07/28 13:59:39, 3] auth/auth_sam.c:check_sam_security(202) 
>check_sam_security: Couldn't find user 'root' in passdb file. 
>[2004/07/28 13:59:39, 3] auth/auth_winbind.c:check_winbind_security(80) 
>check_winbind_security: Not using winbind, requested domain [AGUILAS] was 
for this SAM. 
>[2004/07/28 13:59:39, 2] auth/auth.c:check_ntlm_password(312) 
>check_ntlm_password: Authentication for user [administrator] -> [root] 
FAILED with error NT_STATUS_NO_SUCH_USER 
>[2004/07/28 13:59:39, 3] smbd/sesssetup.c:do_map_to_guest(41) 
>No such user administrator [AGUILAS] - using guest account

>QUESTION:
>1) Do I have to add 'smbpasswd -a root' or 'smbpasswd -a administrator'?
No. See comment in LOG

>2) NT_STATUS_NO_SUCH_USER ? 'pdbedit -LV administrator' shows that the 
user exist
Try 'smbclient -L [YOURHOST] -UAdministrator%password'
where password is the the password you gave Administrator
you can check if you can access shares on your samba

>3) do 'root' and 'administrator' have to have the same password?
No, Admnistrator only need to have the uid=0, and he has it.

If you have 2 ou, one for Users and one for Computers then you need to 
have /etc/ldap.conf like as following.
This is a must have when not using NIS !!!!

#
# This is the configuration file for the LDAP nameservice
# switch library, the LDAP PAM module and the shadow package.
#
.....snip

# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX          base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd       ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd        ou=People,dc=icw,dc=com?sub # uncomment when usin 
NIS
#nss_base_shadow        ou=People,dc=icw,dc=com?sub # uncomment when using 
NIS
nss_base_group  ou=Groups,dc=icw,dc=com?sub
nss_base_hosts  ou=Machines,dc=icw,dc=com?sub

....

When any other Questions will come along, just mail me.

Christian


 

 
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list