[Samba] XP Client can't log on PDC/LDAP configuration
Doug Smith
dougs at urbitter.com
Wed Jun 23 11:33:48 GMT 2004
Hello,
I have Samba 3.0.4, OpenLDAP 2.0.27 (whatever comes with RH 9.0)
configured as a PDC with LDAP as the password database. I can log on
to the PDC box, ldap seems to be working fine with PAM. Password
changes take affect etc.
I can get passthru security working fine. I log into windows xp
machine, browse home/profile shares, no problem. But I can't log on
from the client xp machine to the domain represented by the PDC. I
get "Make sure your password is correct.." I've turned off the PDC
box and tried the same client log on and I get "domain controller not
available" so I know it's going to the right box. I was able to join
the client to the PDC domain.
I've looked at the samba logs and the user I'm logging on to the
windows xp machine seems to authenticate fine, atleast that's what the
log says. I do have a line in there saying []\[]@[computer] can't
authenticate user, but I don't know what that is so I don't know how
to debug that problem.
Anyway, I want to debug the problem, but I don't know how since I
don't see an obvious problem in the log (other then the []\[] user
problem and I don't know what that means or how to fix it)
I've included my configuration files if anybody has a clue I would
appreciate the help, TIA
dougw
pdbedit -v of the user I'm trying to log in as
Unix username: testu
NT username: testu
Account Flags: [U ]
User SID: S-1-5-21-2381800297-159120370-3622294204-31000
Primary Group SID: S-1-5-21-2381800297-159120370-3622294204-2028
Full Name: Test W. User
Home Directory: \\norgay\nhome\testu
HomeDir Drive: H:
Logon Script: startup.bat
Profile Path: \\norgay\profiles\testu
Domain: EFOS
Account desc: Test W. User
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT
Password last set: Tue, 22 Jun 2004 07:40:49 GMT
Password can change: 0
Password must change: Wed, 22 Jun 2005 07:40:49 GMT
Last bad password : 0
Bad password count : 0
==================================================
smb.conf=======================
[global]
server string = EFOS PDC
passdb backend = ldapsam:ldap://127.0.0.1
username map = /etc/samba/smbusers
log file = /var/log/samba/smbd.log
log level = 1 winbind:10
# max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
ldap suffix = dc=efos
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap admin dn = cn=Manager,dc=efos
ldap ssl = no
ldap passwd sync = Yes
hosts allow = 192.168.1., 127.
workgroup = EFOS
netbios name = norgay
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\nhome\%U
time server = yes
encrypt passwords = yes
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
local master = Yes
security = user
logon script = startup.bat
[homes]
comment = Home Directories
path = /nhome/%U
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogin
admin users = root, administrator
guest ok = No
browseable = No
[profiles]
comment = Profile share
path = /profiles/%U
read only = No
profile acls = Yes
=====================
ldap.conf===========
HOST 127.0.0.1
BASE dc=efos
rootbindn cn=Manager,dc=efos
=======================
slapd.conf============
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema
database ldbm
suffix "dc=efos"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager,dc=efos"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SHA}gwKxLMfOiNDllNqV/AW81UF9OS8=
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
#index objectClass,uid,uidNumber,gidNumber,memberUid eq
#index cn,mail,surname,givenname eq,subinitial
# index the directory, taken from the SAMBA-HowTo
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
=============================
net groupmap list
Domain Users (S-1-5-21-2381800297-159120370-3622294204-2027) -> Domain
Users
users (S-1-5-21-2381800297-159120370-3622294204-2028) -> users
Domain Admins (S-1-5-21-2381800297-159120370-3622294204-2029) ->
Domain Admins
=============================
ldapsearch for testu=========
dn: uid=testu,ou=People,dc=efos
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: Douglas W. Worthington
sn: testu
uid: testu
uidNumber: 15000
gidNumber: 100
homeDirectory: /nhome/testu
loginShell: /bin/bash
gecos: Test W. User
description: Test W. User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: Test W. User
sambaSID: S-1-5-21-2381800297-159120370-3622294204-31000
sambaPrimaryGroupSID: S-1-5-21-2381800297-159120370-3622294204-2028
sambaHomeDrive: H:
sambaProfilePath: \\norgay\profiles\testu
sambaHomePath: \\norgay\nhome\testu
sambaLogonScript: startup.bat
sambaLMPassword: 62A4F180CC15E1EDAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 0F9510F9E4C95542E8F6C77B4F09560B
sambaPwdLastSet: 1087904449
sambaPwdMustChange: 1119440449
userPassword:: e1NTSEF9d05FaXJTQk5qbENKcDlVaGE0akRTd3RsaUxXRTE5c3U=
================================================
More information about the samba
mailing list