[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
Christian.Wittmer at intercomponentware.com
Christian.Wittmer at intercomponentware.com
Thu Jul 29 06:51:54 GMT 2004
abebe lsslp <peaceofcrap2001 at yahoo.com>
Sent by:
samba-bounces+christian.wittmer=intercomponentware.com at lists.samba.org
28.07.2004 22:11
To: Samba Samba <samba at lists.samba.org>
cc:
Subject: Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
>Back to the real deal... I have decided not to assume anything and to
take it step by step :) Craig..I have >followed your advice and I am using
'people' instead of 'Computers'.
OK, if you store Computers and Users in ou=People that's ok
>NOTE:
>- Have 'root= administrator' in /etc/samba/smbusers
no remove it
>- Have done the appropriate chages to the xp registery
You do not need any modifications
>-[root at eaglex root]# smbldap-usershow administrator
>dn: uid=Administrator,ou=Users,dc=wbcoll,dc=edu
I think you use ou=People ?!
>cn: Administrator
>sn: Administrator
>objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount
>gidNumber: 512
>uid: Administrator
>uidNumber: 0
>homeDirectory: /home/
>sambaLogonTime: 0
>sambaLogoffTime: 2147483647
>sambaKickoffTime: 2147483647
>sambaPwdCanChange: 0
>sambaHomePath: \\EAGLEX\homes
>sambaHomeDrive: H:
>sambaPrimaryGroupSID: S-1-5-21-3864350619-1217412381-2490860374-512
>sambaSID: S-1-5-21-3864350619-1217412381-2490860374-2996
>loginShell: /bin/false
>gecos: Netbios Domain Administrator
>sambaAcctFlags: [U]
>sambaPwdMustChange: 1098811932
>sambaLMPassword: F70389E8F4B94063AAD3B435B51404EE
>sambaPwdLastSet: 1091035932
>sambaNTPassword: 60BED106E19D7A3F919FA1919125FFBA
>userPassword: {SSHA}3zMR3Ds/5knGujxtByOIYPjl0mVBhJgr
>ERROR: (having trouble joining XP (xptest) to domain).
>The following error occured attempting to join the domain "AGUILAS":
>'Access is denied.'
Error is shown in the LOG
And here is part of the error message in 'xptest.log':
>[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(219)
>check_ntlm_password: Checking password for unmapped user
[AGUILAS]\[administrator]@[XPTEST] with the new >password interface
>[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(222)
>check_ntlm_password: mapped user is: [AGUILAS]\[root]@[XPTEST]
Here is the error.
Remove usermapping in smbusers. Administrator should not be mapped to root
!!!
>[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>[2004/07/28 13:59:39, 3] smbd/uid.c:push_conn_ctx(364)
>push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2004/07/28 13:59:39, 3] auth/auth_sam.c:check_sam_security(202)
>check_sam_security: Couldn't find user 'root' in passdb file.
>[2004/07/28 13:59:39, 3] auth/auth_winbind.c:check_winbind_security(80)
>check_winbind_security: Not using winbind, requested domain [AGUILAS] was
for this SAM.
>[2004/07/28 13:59:39, 2] auth/auth.c:check_ntlm_password(312)
>check_ntlm_password: Authentication for user [administrator] -> [root]
FAILED with error NT_STATUS_NO_SUCH_USER
>[2004/07/28 13:59:39, 3] smbd/sesssetup.c:do_map_to_guest(41)
>No such user administrator [AGUILAS] - using guest account
>QUESTION:
>1) Do I have to add 'smbpasswd -a root' or 'smbpasswd -a administrator'?
No. See comment in LOG
>2) NT_STATUS_NO_SUCH_USER ? 'pdbedit -LV administrator' shows that the
user exist
Try 'smbclient -L [YOURHOST] -UAdministrator%password'
where password is the the password you gave Administrator
you can check if you can access shares on your samba
>3) do 'root' and 'administrator' have to have the same password?
No, Admnistrator only need to have the uid=0, and he has it.
If you have 2 ou, one for Users and one for Computers then you need to
have /etc/ldap.conf like as following.
This is a must have when not using NIS !!!!
#
# This is the configuration file for the LDAP nameservice
# switch library, the LDAP PAM module and the shadow package.
#
.....snip
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd ou=People,dc=icw,dc=com?sub # uncomment when usin
NIS
#nss_base_shadow ou=People,dc=icw,dc=com?sub # uncomment when using
NIS
nss_base_group ou=Groups,dc=icw,dc=com?sub
nss_base_hosts ou=Machines,dc=icw,dc=com?sub
....
When any other Questions will come along, just mail me.
Christian
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list