[Samba] Password trouble with LDAP (eDirectory)
Erik Holst Trans
eht at it-trans.dk
Mon Jun 7 00:25:03 GMT 2004
Hi All,
I have a strange problem with passwords, stored in LDAP.
When i try to logon as a user with the correct password, access is
denied and the log says
check_ntlm_password: Authentication for user [administrator] ->
[administrator] FAILED with error NT_STATUS_NO_SUCH_USER
When i try to logon a user with incorrect password, access is (of
course) denied, but the log now says
check_ntlm_password: Authentication for user [administrator] ->
[administrator] FAILED with error NT_STATUS_WRONG_PASSWORD
I have now tried for several hours to solve the problem, but can't find
out what is wrong and need some new input for solvin this.
Below are some snippets from the log, maybe this is useful for you and
the smb.conf too.
Best regards
Erik Holst Trans
With correct password:
[2004/06/07 02:20:15, 3] smbd/sesssetup.c:reply_sesssetup_and_X(783)
Domain=[] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
PrimaryDomain=[null]
[2004/06/07 02:20:15, 2] smbd/sesssetup.c:setup_new_vc_session(602)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/06/07 02:20:15, 3] smbd/sesssetup.c:reply_sesssetup_and_X(798)
sesssetupX:name=[]\[ADMINISTRATOR]@[notebook]
[2004/06/07 02:20:15, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/07 02:20:15, 3] smbd/uid.c:push_conn_ctx(351)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/07 02:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/07 02:20:15, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/07 02:20:15, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[]\[ADMINISTRATOR]@[notebook] with the new password interface
[2004/06/07 02:20:15, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EDIR]\[ADMINISTRATOR]@[notebook]
[2004/06/07 02:20:15, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/07 02:20:15, 3] smbd/uid.c:push_conn_ctx(351)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/07 02:20:15, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/07 02:20:15, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483)
init_sam_from_ldap: Entry found for user: Administrator
[2004/06/07 02:20:15, 4] lib/substitute.c:automount_server(323)
Home server: slss
[2004/06/07 02:20:15, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/07 02:20:15, 4] libsmb/ntlm_check.c:ntlm_password_check(369)
ntlm_password_check: Checking LM password
[2004/06/07 02:20:15, 4] auth/auth_sam.c:sam_account_ok(82)
sam_account_ok: Checking SMB password for user Administrator
[2004/06/07 02:20:15, 1] auth/auth_util.c:make_server_info_sam(822)
User Administrator in passdb, but getpwnam() fails!
[2004/06/07 02:20:15, 0] auth/auth_sam.c:check_sam_security(260)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2004/06/07 02:20:15, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [EDIR] was
for this SAM.
[2004/06/07 02:20:15, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [ADMINISTRATOR] ->
[ADMINISTRATOR] FAILED with error NT_STATUS_NO_SUCH_USER
[2004/06/07 02:20:15, 3] smbd/error.c:error_packet(94)
error string = No such file or directory
[2004/06/07 02:20:15, 3] smbd/error.c:error_packet(134)
error packet at smbd/sesssetup.c(881) cmd=115 (SMBsesssetupX) eclass=1
ecode=5
[2004/06/07 02:20:16, 3] smbd/process.c:timeout_processing(1121)
timeout_processing: End of file from client (client has disconnected).
[2004/06/07 02:20:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/07 02:20:16, 2] smbd/server.c:exit_server(568)
Closing connections
[2004/06/07 02:20:16, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
Server exit (normal exit)
With incorrect password:
[2004/06/07 02:20:32, 3] smbd/sesssetup.c:reply_sesssetup_and_X(783)
Domain=[] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
PrimaryDomain=[null]
[2004/06/07 02:20:32, 2] smbd/sesssetup.c:setup_new_vc_session(602)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/06/07 02:20:32, 3] smbd/sesssetup.c:reply_sesssetup_and_X(798)
sesssetupX:name=[]\[ADMINISTRATOR]@[notebook]
[2004/06/07 02:20:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/07 02:20:32, 3] smbd/uid.c:push_conn_ctx(351)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/07 02:20:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/07 02:20:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/07 02:20:32, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[]\[ADMINISTRATOR]@[notebook] with the new password interface
[2004/06/07 02:20:32, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EDIR]\[ADMINISTRATOR]@[notebook]
[2004/06/07 02:20:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/07 02:20:32, 3] smbd/uid.c:push_conn_ctx(351)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/07 02:20:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/07 02:20:32, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483)
init_sam_from_ldap: Entry found for user: Administrator
[2004/06/07 02:20:32, 4] lib/substitute.c:automount_server(323)
Home server: slss
[2004/06/07 02:20:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/07 02:20:32, 4] libsmb/ntlm_check.c:ntlm_password_check(369)
ntlm_password_check: Checking LM password
[2004/06/07 02:20:32, 4] libsmb/ntlm_check.c:ntlm_password_check(395)
ntlm_password_check: Checking LMv2 password with domain
[2004/06/07 02:20:32, 4] libsmb/ntlm_check.c:ntlm_password_check(405)
ntlm_password_check: Checking LMv2 password with upper-cased version
of domain
[2004/06/07 02:20:32, 4] libsmb/ntlm_check.c:ntlm_password_check(415)
ntlm_password_check: Checking LMv2 password without a domain
[2004/06/07 02:20:32, 4] libsmb/ntlm_check.c:ntlm_password_check(428)
ntlm_password_check: Checking NT MD4 password in LM field
[2004/06/07 02:20:32, 3] libsmb/ntlm_check.c:ntlm_password_check(451)
ntlm_password_check: LM password, NT MD4 password in LM field and LMv2
failed for user Administrator
[2004/06/07 02:20:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/07 02:20:32, 3] smbd/uid.c:push_conn_ctx(351)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/07 02:20:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/07 02:20:32, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1485)
ldapsam_update_sam_account: user Administrator to be modified has dn:
uid=Administrator,o=it-trans
[2004/06/07 02:20:32, 2] passdb/pdb_ldap.c:init_ldap_from_sam(812)
init_ldap_from_sam: Setting entry for user: Administrator
[2004/06/07 02:20:32, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1498)
ldapsam_update_sam_account: mods is empty: nothing to update for user:
Administrator
[2004/06/07 02:20:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/07 02:20:32, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [EDIR] was
for this SAM.
[2004/06/07 02:20:32, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [ADMINISTRATOR] ->
[ADMINISTRATOR] FAILED with error NT_STATUS_WRONG_PASSWORD
[2004/06/07 02:20:32, 3] smbd/error.c:error_packet(134)
error packet at smbd/sesssetup.c(881) cmd=115 (SMBsesssetupX) eclass=1
ecode=5
[2004/06/07 02:20:33, 3] smbd/process.c:timeout_processing(1121)
timeout_processing: End of file from client (client has disconnected).
[2004/06/07 02:20:33, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/07 02:20:33, 2] smbd/server.c:exit_server(568)
Closing connections
[2004/06/07 02:20:33, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2004/06/07 02:20:33, 3] smbd/server.c:exit_server(611)
Server exit (normal exit)
SMB.CONF
[global]
workgroup = edir
netbios name = SLSS
server string = Samba Server %v, Powered by Linux
security = user
domain master = Yes
encrypt passwords = No
passwd program = /usr/local/sbin/smbldap-passwd %u
os level = 2
log level = 4
syslog = 0
time server = Yes
#unix extensions = Yes
encrypt passwords = Yes
# map to guest = Bad User
map to guest = Never
mangling method = hash2
printing = CUPS
printcap name = CUPS
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
wins support = No
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
domain logons = Yes
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap suffix = o=it-trans
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,o=it-trans
#ldap port = 389
#ldap server = 127.0.0.1
ldap ssl = no
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
More information about the samba
mailing list